Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(209)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_util_unittest.cc

Issue 2134083003: Reject line terminators in HttpUtil::IsValidHeaderValue() (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Changes from mmenke Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_util.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <algorithm> 5 #include <algorithm>
6 6
7 #include "base/strings/string_util.h" 7 #include "base/strings/string_util.h"
8 #include "net/http/http_util.h" 8 #include "net/http/http_util.h"
9 #include "testing/gtest/include/gtest/gtest.h" 9 #include "testing/gtest/include/gtest/gtest.h"
10 10
(...skipping 1349 matching lines...) Expand 10 before | Expand all | Expand 10 after
1360 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagStrong, kLastModified)); 1360 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagStrong, kLastModified));
1361 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagWeak, kLastModified)); 1361 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagWeak, kLastModified));
1362 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagEmpty, kLastModified)); 1362 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagEmpty, kLastModified));
1363 1363
1364 EXPECT_FALSE(HttpUtil::HasValidators(v1_1, kMissing, kLastModifiedInvalid)); 1364 EXPECT_FALSE(HttpUtil::HasValidators(v1_1, kMissing, kLastModifiedInvalid));
1365 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagStrong, kLastModifiedInvalid)); 1365 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagStrong, kLastModifiedInvalid));
1366 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagWeak, kLastModifiedInvalid)); 1366 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagWeak, kLastModifiedInvalid));
1367 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagEmpty, kLastModifiedInvalid)); 1367 EXPECT_TRUE(HttpUtil::HasValidators(v1_1, kEtagEmpty, kLastModifiedInvalid));
1368 } 1368 }
1369 1369
1370 TEST(HttpUtilTest, IsValidHeaderValue) {
1371 const char* const invalid_values[] = {
1372 "X-Requested-With: chrome${NUL}Sec-Unsafe: injected",
1373 "X-Requested-With: chrome\r\nSec-Unsafe: injected",
1374 "X-Requested-With: chrome\nSec-Unsafe: injected",
1375 "X-Requested-With: chrome\rSec-Unsafe: injected",
1376 };
1377 for (const std::string& value : invalid_values) {
1378 std::string replaced = value;
1379 base::ReplaceSubstringsAfterOffset(&replaced, 0, "${NUL}",
1380 std::string(1, '\0'));
1381 EXPECT_FALSE(HttpUtil::IsValidHeaderValue(replaced)) << replaced;
1382 }
1383
1384 // Check that all characters permitted by RFC7230 3.2.6 are allowed.
1385 std::string allowed = "\t";
1386 for (char c = '\x20'; c < '\x7F'; ++c) {
1387 allowed.append(1, c);
1388 }
1389 for (int c = 0x80; c <= 0xFF; ++c) {
1390 allowed.append(1, static_cast<char>(c));
1391 }
1392 EXPECT_TRUE(HttpUtil::IsValidHeaderValue(allowed));
1393 }
1394
1370 } // namespace net 1395 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_util.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698