|
@@ -0,0 +1,222 @@
|
|
1
|
+// Some clients refuse to send payloads that don't match the Content-Type. In
|
|
2
|
+// other words, trying to send "%BOLD hw" or "\x02 hw", as written, wouldn't
|
|
3
|
+// be allowed for Content-Type "application/x-www-form-urlencoded" without
|
|
4
|
+// first being encoded. But irccat by default doesn't do any decoding. Thus,
|
|
5
|
+// when faced with one of these problematic clients, specify config option
|
|
6
|
+// http.listeners.generic.strict to get the behavior shown here:
|
|
7
|
+//
|
|
8
|
+// mismatch
|
|
9
|
+//
|
|
10
|
+// $ echo "%BOLDhw" | curl -d @- http://localhost/send
|
|
11
|
+// 400 Bad Request
|
|
12
|
+//
|
|
13
|
+// urlencoded
|
|
14
|
+//
|
|
15
|
+// $ echo "%BOLDhw" | curl --data-urlencode @- http://localhost/send
|
|
16
|
+// 200 OK
|
|
17
|
+//
|
|
18
|
+// urlencoded non-printable
|
|
19
|
+//
|
|
20
|
+// $ printf "\x02hw" | curl --data-urlencode @- http://localhost/send
|
|
21
|
+// 200 OK
|
|
22
|
+//
|
|
23
|
+// octetstream
|
|
24
|
+//
|
|
25
|
+// $ echo "%BOLDhw" | curl --data-binary @- \
|
|
26
|
+// -H 'Content-Type: application/octet-stream' http://localhost/send
|
|
27
|
+// 200 OK
|
|
28
|
+//
|
|
29
|
+// multipart quoted-printable
|
|
30
|
+//
|
|
31
|
+// $ echo '%BOLDhw' | curl -F 'foo=@-;encoder=quoted-printable' \
|
|
32
|
+// http://localhost/send
|
|
33
|
+// 200 OK
|
|
34
|
+//
|
|
35
|
+// multipart 8bit
|
|
36
|
+//
|
|
37
|
+// $ echo '%BOLDhw' | curl -F 'foo=@-;encoder=8bit' http://localhost/send
|
|
38
|
+// 200 OK
|
|
39
|
+//
|
|
40
|
+// multipart base64
|
|
41
|
+//
|
|
42
|
+// $ echo '%BOLDhw' | curl -F 'foo=@-;encoder=base64' http://localhost/send
|
|
43
|
+// 200 OK
|
|
44
|
+//
|
|
45
|
+// The gist is that when strict mode is active, popular encodings will work
|
|
46
|
+// while mismatches won't, even though they may still appear to at times.
|
|
47
|
+//
|
|
48
|
+package httplistener
|
|
49
|
+
|
|
50
|
+import (
|
|
51
|
+ "context"
|
|
52
|
+ "io"
|
|
53
|
+ "net"
|
|
54
|
+ "net/http"
|
|
55
|
+ "os"
|
|
56
|
+ "path"
|
|
57
|
+ "strings"
|
|
58
|
+ "testing"
|
|
59
|
+ "time"
|
|
60
|
+
|
|
61
|
+ "github.com/juju/loggo"
|
|
62
|
+ "github.com/spf13/viper"
|
|
63
|
+ irc "github.com/thoj/go-ircevent"
|
|
64
|
+)
|
|
65
|
+
|
|
66
|
+var genericTestListen = "localhost:18045"
|
|
67
|
+
|
|
68
|
+func genericTestStartHTTPServer(t *testing.T, endpoint string) {
|
|
69
|
+ hl := HTTPListener{
|
|
70
|
+ http: http.Server{Addr: genericTestListen},
|
|
71
|
+ }
|
|
72
|
+
|
|
73
|
+ http.HandleFunc(endpoint, hl.genericHandler)
|
|
74
|
+ go hl.http.ListenAndServe()
|
|
75
|
+ t.Cleanup(func() {hl.http.Shutdown(context.Background());})
|
|
76
|
+ time.Sleep(time.Millisecond)
|
|
77
|
+}
|
|
78
|
+
|
|
79
|
+func genericTestSendOutput(message []byte) ([]byte, error) {
|
|
80
|
+ conn, err := net.Dial("tcp", genericTestListen)
|
|
81
|
+ if err != nil {
|
|
82
|
+ return nil, err
|
|
83
|
+ }
|
|
84
|
+ _, err = conn.Write(message)
|
|
85
|
+ if err != nil {
|
|
86
|
+ return nil, err
|
|
87
|
+ }
|
|
88
|
+ b := make([]byte, 1024)
|
|
89
|
+ _ , err = io.ReadAtLeast(conn, b, 24)
|
|
90
|
+ if err != nil {
|
|
91
|
+ return nil, err
|
|
92
|
+ }
|
|
93
|
+ return b, nil
|
|
94
|
+}
|
|
95
|
+
|
|
96
|
+func runGeneric(t *testing.T, reqFileName string) (string, string) {
|
|
97
|
+ var message string
|
|
98
|
+ origSender := genericSender
|
|
99
|
+ genericSender = func(_ *irc.Connection, m string, _ loggo.Logger, _ string) {
|
|
100
|
+ message = m
|
|
101
|
+ }
|
|
102
|
+ t.Cleanup(func(){genericSender = origSender})
|
|
103
|
+
|
|
104
|
+ src, err := os.ReadFile(path.Join("testdata", reqFileName))
|
|
105
|
+ if err != nil {
|
|
106
|
+ t.Fatal(err)
|
|
107
|
+ }
|
|
108
|
+ resp, err := genericTestSendOutput(src)
|
|
109
|
+ if err != nil {
|
|
110
|
+ t.Fatal(err)
|
|
111
|
+ }
|
|
112
|
+ return message, string(resp)
|
|
113
|
+}
|
|
114
|
+
|
|
115
|
+// Non-strict
|
|
116
|
+
|
|
117
|
+func testGenericBaseline(t *testing.T) {
|
|
118
|
+ message, resp := runGeneric(t, "mismatch")
|
|
119
|
+ if message != "%BOLDhw" {
|
|
120
|
+ t.Fatalf("Expected %q, got: %q", "%BOLDhw", message)
|
|
121
|
+ }
|
|
122
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 200 OK") {
|
|
123
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
124
|
+ }
|
|
125
|
+}
|
|
126
|
+
|
|
127
|
+// Strict
|
|
128
|
+
|
|
129
|
+func testGenericStrict(t *testing.T) {
|
|
130
|
+ message, resp := runGeneric(t, "mismatch")
|
|
131
|
+ if message != "" {
|
|
132
|
+ t.Fatalf("Expected %q, got: %q", "", message)
|
|
133
|
+ }
|
|
134
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 400 Bad Request") {
|
|
135
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
136
|
+ }
|
|
137
|
+}
|
|
138
|
+
|
|
139
|
+func testURLEncoded(t *testing.T) {
|
|
140
|
+ message, resp := runGeneric(t, "urlencoded")
|
|
141
|
+ if message != "%BOLDhw\n" { // Note the linefeed
|
|
142
|
+ t.Fatalf("Expected %q, got: %q", "%BOLDhw\n", message)
|
|
143
|
+ }
|
|
144
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 200 OK") {
|
|
145
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
146
|
+ }
|
|
147
|
+}
|
|
148
|
+
|
|
149
|
+func testURLEncodedNonPrintable(t *testing.T) {
|
|
150
|
+ message, resp := runGeneric(t, "urlencoded_npc")
|
|
151
|
+ if message != "\x02hw" {
|
|
152
|
+ t.Fatalf("Expected %q, got: %q", "\x02hw", message)
|
|
153
|
+ }
|
|
154
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 200 OK") {
|
|
155
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
156
|
+ }
|
|
157
|
+}
|
|
158
|
+
|
|
159
|
+func testOctetStream(t *testing.T) {
|
|
160
|
+ message, resp := runGeneric(t, "octetstream")
|
|
161
|
+ if message != "%BOLDhw\n" {
|
|
162
|
+ t.Fatalf("Expected %q, got: %q", "%BOLDhw\n", message)
|
|
163
|
+ }
|
|
164
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 200 OK") {
|
|
165
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
166
|
+ }
|
|
167
|
+}
|
|
168
|
+
|
|
169
|
+func testMultipartQP(t *testing.T) {
|
|
170
|
+ message, resp := runGeneric(t, "multipart_qp")
|
|
171
|
+ if message != "%BOLDhw\n" {
|
|
172
|
+ t.Fatalf("Expected %q, got: %q", "%BOLDhw\n", message)
|
|
173
|
+ }
|
|
174
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 200 OK") {
|
|
175
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
176
|
+ }
|
|
177
|
+}
|
|
178
|
+
|
|
179
|
+func testMultipart8bit(t *testing.T) {
|
|
180
|
+ message, resp := runGeneric(t, "multipart_8bit")
|
|
181
|
+ if message != "%BOLDhw\n" {
|
|
182
|
+ t.Fatalf("Expected %q, got: %q", "%BOLDhw\n", message)
|
|
183
|
+ }
|
|
184
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 200 OK") {
|
|
185
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
186
|
+ }
|
|
187
|
+}
|
|
188
|
+
|
|
189
|
+func testMultipartBase64(t *testing.T) {
|
|
190
|
+ message, resp := runGeneric(t, "multipart_base64")
|
|
191
|
+ if message != "%BOLDhw\n" {
|
|
192
|
+ t.Fatalf("Expected %q, got: %q", "%BOLDhw\n", message)
|
|
193
|
+ }
|
|
194
|
+ if !strings.HasPrefix(string(resp), "HTTP/1.1 200 OK") {
|
|
195
|
+ t.Fatalf("Unexpected message: %s", resp)
|
|
196
|
+ }
|
|
197
|
+}
|
|
198
|
+
|
|
199
|
+func TestAll(t *testing.T) {
|
|
200
|
+ writer, err := loggo.RemoveWriter("default")
|
|
201
|
+ if err != nil {
|
|
202
|
+ t.Error(err)
|
|
203
|
+ }
|
|
204
|
+ t.Cleanup(func() {loggo.DefaultContext().AddWriter("default", writer)})
|
|
205
|
+ genericTestStartHTTPServer(t, "/send")
|
|
206
|
+
|
|
207
|
+ t.Run("Baseline", testGenericBaseline)
|
|
208
|
+
|
|
209
|
+ // Turn on strict for the rest of these
|
|
210
|
+ viper.Set("http.listeners.generic.strict", true)
|
|
211
|
+
|
|
212
|
+ t.Run("Strict Mismatch", testGenericStrict)
|
|
213
|
+ t.Run("Strict URL Encoded", testURLEncoded)
|
|
214
|
+ t.Run("Strict URL Encoded Non-printable", testURLEncodedNonPrintable)
|
|
215
|
+ t.Run("Strict Octet Stream", testOctetStream)
|
|
216
|
+ t.Run("Strict Multipart Quoted Printable", testMultipartQP)
|
|
217
|
+ t.Run("Strict Multipart 8bit", testMultipart8bit)
|
|
218
|
+ t.Run("Strict Multipart Base 64", testMultipartBase64)
|
|
219
|
+
|
|
220
|
+ // Restore to zero value
|
|
221
|
+ viper.Set("http.listeners.generic.strict", false)
|
|
222
|
+}
|