about summary refs log tree commit homepage
path: root/test/test_http11.rb
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_http11.rb')
-rw-r--r--test/test_http11.rb70
1 files changed, 68 insertions, 2 deletions
diff --git a/test/test_http11.rb b/test/test_http11.rb
index 9c8975c..e100d2b 100644
--- a/test/test_http11.rb
+++ b/test/test_http11.rb
@@ -2,6 +2,7 @@ require 'test/unit'
 require 'http11'
 require 'mongrel'
 require 'benchmark'
+require 'digest/sha1'
 
 include Mongrel
 
@@ -38,6 +39,72 @@ class HttpParserTest < Test::Unit::TestCase
     assert parser.error?, "Parser SHOULD have error"
   end
 
+  # lame random garbage maker
+  def rand_data(min, max, readable=true)
+    count = min + ((rand(max)+1) *10).to_i
+    res = count.to_s + "/"
+    
+    if readable
+      res << Digest::SHA1.hexdigest(rand(count * 1000).to_s) * (count / 40)
+    else
+      res << Digest::SHA1.digest(rand(count * 1000).to_s) * (count / 20)
+    end
+
+    return res
+  end
+  
+
+  def test_horrible_queries
+    parser = HttpParser.new
+
+    # first verify that large random get requests fail
+    100.times do |c|
+      get = "GET /#{rand_data(1024, 1024+(c*1024))} HTTP/1.1\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
+      end
+    end
+
+    # then that large header names are caught
+    100.times do |c|
+      get = "GET /#{rand_data(10,120)} HTTP/1.1\r\nX-#{rand_data(1024, 1024+(c*1024))}: Test\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
+      end
+    end
+
+    # then that large mangled field values are caught
+    100.times do |c|
+      get = "GET /#{rand_data(10,120)} HTTP/1.1\r\nX-Test: #{rand_data(1024, 1024+(c*1024), false)}\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
+      end
+    end
+
+    # then large headers are rejected too
+    get = "GET /#{rand_data(10,120)} HTTP/1.1\r\n"
+    get << "X-Test: test\r\n" * (80 * 1024)
+    assert_raises Mongrel::HttpParserError do
+      parser.execute({}, get)
+      parser.reset
+    end
+
+    # finally just that random garbage gets blocked all the time
+    10.times do |c|
+      get = "GET #{rand_data(1024, 1024+(c*1024), false)} #{rand_data(1024, 1024+(c*1024), false)}\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
+      end
+    end
+
+  end
+
+
+
   def test_query_parse
     res = HttpRequest.query_parse("zed=1&frank=2")
     assert res["zed"], "didn't get the request right"
@@ -51,7 +118,6 @@ class HttpParserTest < Test::Unit::TestCase
     assert_equal 4,res["zed"].length, "wrong number for zed"
     assert_equal "11",res["frank"], "wrong number for frank"
   end
-
-
+  
 end