src/lib-http/test-http-header-parser.c

/* Copyright (c) 2013-2018 Dovecot authors, see the included COPYING file */

#include "test-lib.h"
#include "str-sanitize.h"
#include "istream.h"
#include "test-common.h"
#include "http-response.h"
#include "http-header-parser.h"

#include <time.h>

struct http_header_parse_result {
    const char *name;
    const char *value;
};

struct http_header_parse_test {
    const char *header;
    struct http_header_limits limits;
    enum http_header_parse_flags flags;
    const struct http_header_parse_result *fields;
};

/* Valid header tests */

static const struct http_header_parse_result valid_header_parse_result1[] = {
    { "Date", "Sat, 06 Oct 2012 16:01:44 GMT" },
    { "Server", "Apache/2.2.16 (Debian)" },
    { "Last-Modified", "Mon, 30 Jul 2012 11:09:28 GMT" },
    { "Etag", "\"3d24677-3261-4c60a1863aa00\"" },
    { "Accept-Ranges", "bytes" },
    { "Vary", "Accept-Encoding" },
    { "Content-Encoding", "gzip" },
    { "Content-Length", "4092" },
    { "Keep-Alive", "timeout=15, max=100" },
    { "Connection", "Keep-Alive" },
    { "Content-Type", "text/html" },
    { NULL, NULL }
};

static const struct http_header_parse_result valid_header_parse_result2[] = {
    { "Host", "p5-lrqzb4yavu4l7nagydw-428649-i2-v6exp3-ds.metric.example.com" },
    { "User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0)" },
    { "Accept", "image/png,image/*;q=0.8,*/*;q=0.5" },
    { "Accept-Language", "en-us,en;q=0.5" },
    { "Accept-Encoding", "gzip, deflate" },
    { "DNT", "1" },
    { "Connection", "keep-alive" },
    { "Referer", "http://www.example.nl/" },
    { NULL, NULL }
};

static const struct http_header_parse_result valid_header_parse_result3[] = {
    { "Date", "Sat, 06 Oct 2012 17:12:37 GMT" },
    { "Server", "Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze14 with"
        " Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.6"
        " mod_ssl/2.2.16 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1" },
    { "WWW-Authenticate", "Basic realm=\"Munin\"" },
    { "Vary", "Accept-Encoding" },
    { "Content-Encoding", "gzip" },
    { "Content-Length", "445" },
    { "Keep-Alive", "timeout=15, max=98" },
    { "Connection", "Keep-Alive" },
    { "Content-Type", "text/html; charset=iso-8859-1" },
    { NULL, NULL }
};

static const struct http_header_parse_result valid_header_parse_result4[] = {
    { "Age", "58" },
    { "Date", "Sun, 04 Aug 2013 09:33:09 GMT" },
    { "Expires", "Sun, 04 Aug 2013 09:34:08 GMT" },
    { "Cache-Control", "max-age=60" },
    { "Content-Length", "17336" },
    { "Connection", "Keep-Alive" },
    { "Via", "NS-CACHE-9.3" },
    { "Server", "Apache" },
    { "Vary", "Host" },
    { "Last-Modified", "Sun, 04 Aug 2013 09:33:07 GMT" },
    { "Content-Type", "text/html; charset=utf-8" },
    { "Content-Encoding", "gzip" },
    { NULL, NULL }
};

static const struct http_header_parse_result valid_header_parse_result5[] = {
    { NULL, NULL }
};

static const struct http_header_parse_result valid_header_parse_result6[] = {
    { "X-Frop", "This text\x80 contains obs-text\x81 characters" },
    { NULL, NULL }
};

static const struct http_header_parse_result valid_header_parse_result7[] = {
    { "X-Frop", "This text contains invalid characters" },
    { NULL, NULL }
};

static const struct http_header_parse_test valid_header_parse_tests[] = {
    { .header =
            "Date: Sat, 06 Oct 2012 16:01:44 GMT\r\n"
            "Server: Apache/2.2.16 (Debian)\r\n"
            "Last-Modified: Mon, 30 Jul 2012 11:09:28 GMT\r\n"
            "Etag: \"3d24677-3261-4c60a1863aa00\"\r\n"
            "Accept-Ranges: bytes\r\n"
            "Vary: Accept-Encoding\r\n"
            "Content-Encoding: gzip\r\n"
            "Content-Length: 4092\r\n"
            "Keep-Alive: timeout=15, max=100\r\n"
            "Connection: Keep-Alive\r\n"
            "Content-Type: text/html\r\n"
            "\r\n",
        .fields = valid_header_parse_result1
    },{
        .header =
            "Host: p5-lrqzb4yavu4l7nagydw-428649-i2-v6exp3-ds.metric.example.com\n"
            "User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0)\n"
            "Accept:\t\timage/png,image/*;q=0.8,*/*;q=0.5\n"
            "Accept-Language:\ten-us,en;q=0.5\n"
            "Accept-Encoding: \t\tgzip, deflate\n"
            "DNT:   1\n"
            "Connection: \t\tkeep-alive\n"
            "Referer:   http://www.example.nl/\n"
            "\n",
        .fields = valid_header_parse_result2
    },{
        .header =
            "Date: Sat, 06 Oct 2012 17:12:37 GMT\r\n"
            "Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze14 with\r\n"
            " Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.6\r\n"
            " mod_ssl/2.2.16 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1\r\n"
            "WWW-Authenticate: Basic realm=\"Munin\"\r\n"
            "Vary: Accept-Encoding\r\n"
            "Content-Encoding: gzip\r\n"
            "Content-Length: 445\r\n"
            "Keep-Alive: timeout=15, max=98\r\n"
            "Connection: Keep-Alive\r\n"
            "Content-Type: text/html; charset=iso-8859-1\r\n"
            "\r\n",
        .fields = valid_header_parse_result3
    },{
        .header =
            "Age: 58        \r\n"
            "Date: Sun, 04 Aug 2013 09:33:09 GMT\r\n"
            "Expires: Sun, 04 Aug 2013 09:34:08 GMT\r\n"
            "Cache-Control: max-age=60        \r\n"
            "Content-Length: 17336     \r\n"
            "Connection: Keep-Alive\r\n"
            "Via: NS-CACHE-9.3\r\n"
            "Server: Apache\r\n"
            "Vary: Host\r\n"
            "Last-Modified: Sun, 04 Aug 2013 09:33:07 GMT\r\n"
            "Content-Type: text/html; charset=utf-8\r\n"
            "Content-Encoding: gzip\r\n"
            "\r\n",
        .fields = valid_header_parse_result4,
        .limits = {
            .max_size = 340,
            .max_field_size = 46,
            .max_fields = 12
        }
    },{
        .header =
            "\r\n",
        .fields = valid_header_parse_result5
    },{
        .header =
            "X-Frop: This text\x80 contains obs-text\x81 characters\r\n"
            "\r\n",
        .fields = valid_header_parse_result6
    },{
        .header =
            "X-Frop: This text\x01 contains invalid\x7f characters\r\n"
            "\r\n",
        .fields = valid_header_parse_result7
    }
};

static const unsigned int valid_header_parse_test_count = N_ELEMENTS(valid_header_parse_tests);

static void test_http_header_parse_valid(void)
{
    unsigned int i;

    for (i = 0; i < valid_header_parse_test_count; i++) T_BEGIN {
        struct istream *input;
        struct http_header_parser *parser;
        const struct http_header_limits *limits;
        const char *header, *field_name, *error = NULL;
        const unsigned char *field_data;
        size_t field_size;
        int ret;
        unsigned int j, pos, header_len;

        header = valid_header_parse_tests[i].header;
        header_len = strlen(header);
        limits = &valid_header_parse_tests[i].limits;
        input = test_istream_create_data(header, header_len);
        parser = http_header_parser_init(input, limits,
            valid_header_parse_tests[i].flags);

        test_begin(t_strdup_printf("http header valid [%d]", i));

        j = 0; pos = 0; test_istream_set_size(input, 0);
        while ((ret=http_header_parse_next_field
            (parser, &field_name, &field_data, &field_size, &error)) >= 0) {
            const struct http_header_parse_result *result;
            const char *field_value;

            if (ret == 0) {
                if (pos == header_len)
                    break;
                test_istream_set_size(input, ++pos);
                continue;
            }

            if (field_name == NULL) break;

            result = &valid_header_parse_tests[i].fields[j];
            field_value = t_strndup(field_data, field_size);

            if (result->name == NULL) {
                test_out_reason("valid", FALSE, t_strdup_printf
                    ("%s: %s", field_name, str_sanitize(field_value, 100)));
                break;
            }

            test_out_reason("valid",
                strcmp(result->name, field_name) == 0 &&
                    strcmp(result->value, field_value) == 0,
                t_strdup_printf("%s: %s", field_name,
                    str_sanitize(field_value, 100)));
            j++;
        }

        test_out_reason("parse success", ret > 0, error);
        test_end();
        i_stream_unref(&input);
        http_header_parser_deinit(&parser);
    } T_END;
}

static const struct http_header_parse_test invalid_header_parse_tests[] = {
    {
        .header =
            "Date: Sat, 06 Oct 2012 16:01:44 GMT\r\n"
            "Server : Apache/2.2.16 (Debian)\r\n"
            "Last-Modified: Mon, 30 Jul 2012 11:09:28 GMT\r\n"
            "\r\n"
    },{
        .header =
            "Date: Sat, 06 Oct 2012 17:18:22 GMT\r\n"
            "Server: Apache/2.2.3 (CentOS)\r\n"
            "X Powered By: PHP/5.3.6\r\n"
            "\r\n"
    },{
        .header =
            "Host: www.example.com\n\r"
            "Accept: image/png,image/*;q=0.8,*/*;q=0.5\n\r"
            "Accept-Language: en-us,en;q=0.5\n\r"
            "Accept-Encoding: gzip, deflate\n\r"
            "\n\r"
    },{
        .header =
            "Host: p5-lrqzb4yavu4l7nagydw-428649-i2-v6exp3-ds.metric.example.com\n"
            "User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0)\n"
            "Accept:\t\timage/png,image/*;q=0.8,*/\1;q=0.5\n"
            "\n",
        .flags = HTTP_HEADER_PARSE_FLAG_STRICT
    },{
        .header =
            "Date: Sat, 06 Oct 2012 17:18:22 GMT\r\n"
            "Server: Apache/2.2.3\177 (CentOS)\r\n"
            "\r\n",
        .flags = HTTP_HEADER_PARSE_FLAG_STRICT
    },{
        .header =
            "Date: Sat, 06 Oct 2012 17:12:37 GMT\r\n"
            "Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze14 with\r\n"
            "Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.6\r\n"
            "mod_ssl/2.2.16 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1\r\n"
            "\r\n"
    },{
        .header =
            "Date: Sat, 06 Oct 2012 17:12:37 GMT\r\n"
    },{
        .header =
            "Age: 58        \r\n"
            "Date: Sun, 04 Aug 2013 09:33:09 GMT\r\n"
            "Expires: Sun, 04 Aug 2013 09:34:08 GMT\r\n"
            "Cache-Control: max-age=60        \r\n"
            "Content-Length: 17336     \r\n"
            "Connection: Keep-Alive\r\n"
            "Via: NS-CACHE-9.3\r\n"
            "Server: Apache\r\n"
            "Vary: Host\r\n"
            "Last-Modified: Sun, 04 Aug 2013 09:33:07 GMT\r\n"
            "Content-Type: text/html; charset=utf-8\r\n"
            "Content-Encoding: gzip\r\n"
            "\r\n",
        .limits = { .max_size = 339 }
    },{
        .header =
            "Age: 58        \r\n"
            "Date: Sun, 04 Aug 2013 09:33:09 GMT\r\n"
            "Expires: Sun, 04 Aug 2013 09:34:08 GMT\r\n"
            "Cache-Control: max-age=60        \r\n"
            "Content-Length: 17336     \r\n"
            "Connection: Keep-Alive\r\n"
            "Via: NS-CACHE-9.3\r\n"
            "Server: Apache\r\n"
            "Vary: Host\r\n"
            "Last-Modified: Sun, 04 Aug 2013 09:33:07 GMT\r\n"
            "Content-Type: text/html; charset=utf-8\r\n"
            "Content-Encoding: gzip\r\n"
            "\r\n",
        .fields = valid_header_parse_result4,
        .limits = { .max_field_size = 45 }
    },{
        .header =
            "Age: 58        \r\n"
            "Date: Sun, 04 Aug 2013 09:33:09 GMT\r\n"
            "Expires: Sun, 04 Aug 2013 09:34:08 GMT\r\n"
            "Cache-Control: max-age=60        \r\n"
            "Content-Length: 17336     \r\n"
            "Connection: Keep-Alive\r\n"
            "Via: NS-CACHE-9.3\r\n"
            "Server: Apache\r\n"
            "Vary: Host\r\n"
            "Last-Modified: Sun, 04 Aug 2013 09:33:07 GMT\r\n"
            "Content-Type: text/html; charset=utf-8\r\n"
            "Content-Encoding: gzip\r\n"
            "\r\n",
        .fields = valid_header_parse_result4,
        .limits = { .max_fields = 11 }
    }
};

static const unsigned int invalid_header_parse_test_count = N_ELEMENTS(invalid_header_parse_tests);

static void test_http_header_parse_invalid(void)
{
    unsigned int i;

    for (i = 0; i < invalid_header_parse_test_count; i++) T_BEGIN {
        struct istream *input;
        struct http_header_parser *parser;
        const struct http_header_limits *limits;
        const char *header, *field_name, *error = NULL;
        const unsigned char *field_data;
        size_t field_size;
        int ret;

        header = invalid_header_parse_tests[i].header;
        limits = &invalid_header_parse_tests[i].limits;
        input = i_stream_create_from_data(header, strlen(header));
        parser = http_header_parser_init(input, limits,
            invalid_header_parse_tests[i].flags);

        test_begin(t_strdup_printf("http header invalid [%d]", i));

        while ((ret=http_header_parse_next_field
            (parser, &field_name, &field_data, &field_size, &error)) > 0) {
            if (field_name == NULL) break;
        }

        test_out_reason("parse failure", ret < 0, error);
        test_end();
        i_stream_unref(&input);
        http_header_parser_deinit(&parser);
    } T_END;
}

int main(void)
{
    static void (*const test_functions[])(void) = {
        test_http_header_parse_valid,
        test_http_header_parse_invalid,
        NULL
    };
    return test_run(test_functions);
}