1'use strict'; 2 3const common = require('../common'); 4 5// Test https://hackerone.com/reports/735748 is fixed. 6 7const assert = require('assert'); 8const http = require('http'); 9const net = require('net'); 10 11const REQUEST_BB = `POST / HTTP/1.1 12Content-Type: text/plain; charset=utf-8 13Host: hacker.exploit.com 14Connection: keep-alive 15Content-Length: 10 16Transfer-Encoding: eee, chunked 17 18HELLOWORLDPOST / HTTP/1.1 19Content-Type: text/plain; charset=utf-8 20Host: hacker.exploit.com 21Connection: keep-alive 22Content-Length: 28 23 24I AM A SMUGGLED REQUEST!!! 25`; 26 27const server = http.createServer(common.mustNotCall()); 28 29server.on('clientError', common.mustCall((err) => { 30 assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH'); 31 server.close(); 32})); 33 34server.listen(0, common.mustCall(() => { 35 const client = net.connect( 36 server.address().port, 37 common.mustCall(() => { 38 client.end(REQUEST_BB.replace(/\n/g, '\r\n')); 39 })); 40})); 41