11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ci 31cb0ef41Sopenharmony_ciconst common = require('../common'); 41cb0ef41Sopenharmony_ciconst http = require('http'); 51cb0ef41Sopenharmony_ciconst net = require('net'); 61cb0ef41Sopenharmony_ciconst assert = require('assert'); 71cb0ef41Sopenharmony_ci 81cb0ef41Sopenharmony_ci// Verify that invalid chunk extensions cannot be used to perform HTTP request 91cb0ef41Sopenharmony_ci// smuggling attacks. 101cb0ef41Sopenharmony_ci 111cb0ef41Sopenharmony_ciconst server = http.createServer(common.mustCall((request, response) => { 121cb0ef41Sopenharmony_ci assert.notStrictEqual(request.url, '/admin'); 131cb0ef41Sopenharmony_ci response.end('hello world'); 141cb0ef41Sopenharmony_ci}), 1); 151cb0ef41Sopenharmony_ci 161cb0ef41Sopenharmony_ciserver.listen(0, common.mustCall(start)); 171cb0ef41Sopenharmony_ci 181cb0ef41Sopenharmony_cifunction start() { 191cb0ef41Sopenharmony_ci const sock = net.connect(server.address().port); 201cb0ef41Sopenharmony_ci 211cb0ef41Sopenharmony_ci sock.write('' + 221cb0ef41Sopenharmony_ci 'GET / HTTP/1.1\r\n' + 231cb0ef41Sopenharmony_ci 'Host: localhost:8080\r\n' + 241cb0ef41Sopenharmony_ci 'Transfer-Encoding: chunked\r\n' + 251cb0ef41Sopenharmony_ci '\r\n' + 261cb0ef41Sopenharmony_ci '2;\n' + 271cb0ef41Sopenharmony_ci 'xx\r\n' + 281cb0ef41Sopenharmony_ci '4c\r\n' + 291cb0ef41Sopenharmony_ci '0\r\n' + 301cb0ef41Sopenharmony_ci '\r\n' + 311cb0ef41Sopenharmony_ci 'GET /admin HTTP/1.1\r\n' + 321cb0ef41Sopenharmony_ci 'Host: localhost:8080\r\n' + 331cb0ef41Sopenharmony_ci 'Transfer-Encoding: chunked\r\n' + 341cb0ef41Sopenharmony_ci '\r\n' + 351cb0ef41Sopenharmony_ci '0\r\n' + 361cb0ef41Sopenharmony_ci '\r\n' 371cb0ef41Sopenharmony_ci ); 381cb0ef41Sopenharmony_ci 391cb0ef41Sopenharmony_ci sock.resume(); 401cb0ef41Sopenharmony_ci sock.on('end', common.mustCall(function() { 411cb0ef41Sopenharmony_ci server.close(); 421cb0ef41Sopenharmony_ci })); 431cb0ef41Sopenharmony_ci} 44