go/web
Code Issues Pull Requests Activity

Added a check for malformed request paths

Browse Source
This commit is contained in:
Eduard Urbach
2025-03-18 22:12:46 +01:00
parent 2fd0d4f64f
commit 065b181530
3 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -69,6 +69,7 @@ PASS: TestRun
PASS: TestBadRequest PASS: TestBadRequest
PASS: TestBadRequestHeader PASS: TestBadRequestHeader
PASS: TestBadRequestMethod PASS: TestBadRequestMethod
PASS: TestBadRequestPath
PASS: TestBadRequestProtocol PASS: TestBadRequestProtocol
PASS: TestConnectionClose PASS: TestConnectionClose
PASS: TestEarlyClose PASS: TestEarlyClose

9
Server.go
View File

@ -157,7 +157,14 @@ func (s *server) handleConnection(conn net.Conn) {
lastSpace = len(message) - len("\r\n") lastSpace = len(message) - len("\r\n")
} }
url = message[space+1 : lastSpace] space += 1
if space > lastSpace {
io.WriteString(conn, "HTTP/1.1 400 Bad Request\r\n\r\n")
return
}
url = message[space:lastSpace]
// Add headers until we meet an empty line // Add headers until we meet an empty line
for { for {

21
Server_test.go
View File

@ -110,6 +110,27 @@ func TestBadRequestMethod(t *testing.T) {
s.Run(":8080") s.Run(":8080")
} }
func TestBadRequestPath(t *testing.T) {
s := web.NewServer()
go func() {
defer syscall.Kill(syscall.Getpid(), syscall.SIGTERM)
conn, err := net.Dial("tcp", ":8080")
assert.Nil(t, err)
defer conn.Close()
_, err = io.WriteString(conn, "GET \n")
assert.Nil(t, err)
response, err := io.ReadAll(conn)
assert.Nil(t, err)
assert.Equal(t, string(response), "HTTP/1.1 400 Bad Request\r\n\r\n")
}()
s.Run(":8080")
}
func TestBadRequestProtocol(t *testing.T) { func TestBadRequestProtocol(t *testing.T) {
s := web.NewServer() s := web.NewServer()