(t *testing.T)
| 2411 | } |
| 2412 | |
| 2413 | func TestTrailerValueControlBytesRejected(t *testing.T) { |
| 2414 | t.Parallel() |
| 2415 | |
| 2416 | // Trailer values carrying control bytes must be rejected, matching the |
| 2417 | // validation the regular header parsers apply to header values. Without |
| 2418 | // this an undeclared trailer is merged into the header set and re-emitted |
| 2419 | // verbatim, so a bare CR slips into the serialised header block. |
| 2420 | badTrailers := []string{ |
| 2421 | "X-Foo: a\rb\r\n\r\n", |
| 2422 | "X-Foo: a\x00b\r\n\r\n", |
| 2423 | "X-Foo: a\x01b\r\n\r\n", |
| 2424 | } |
| 2425 | |
| 2426 | for i, trailer := range badTrailers { |
| 2427 | t.Run("Request_"+strconv.Itoa(i), func(t *testing.T) { |
| 2428 | var h RequestHeader |
| 2429 | err := h.ReadTrailer(bufio.NewReader(bytes.NewBufferString(trailer))) |
| 2430 | if err == nil { |
| 2431 | t.Fatalf("expected error for trailer value with control byte: %q", trailer) |
| 2432 | } |
| 2433 | if !strings.Contains(err.Error(), "invalid trailer value") { |
| 2434 | t.Fatalf("expected 'invalid trailer value' error for %q, got: %v", trailer, err) |
| 2435 | } |
| 2436 | }) |
| 2437 | |
| 2438 | t.Run("Response_"+strconv.Itoa(i), func(t *testing.T) { |
| 2439 | var h ResponseHeader |
| 2440 | err := h.ReadTrailer(bufio.NewReader(bytes.NewBufferString(trailer))) |
| 2441 | if err == nil { |
| 2442 | t.Fatalf("expected error for trailer value with control byte: %q", trailer) |
| 2443 | } |
| 2444 | if !strings.Contains(err.Error(), "invalid trailer value") { |
| 2445 | t.Fatalf("expected 'invalid trailer value' error for %q, got: %v", trailer, err) |
| 2446 | } |
| 2447 | }) |
| 2448 | } |
| 2449 | |
| 2450 | // A normal trailer value is still accepted. |
| 2451 | var h RequestHeader |
| 2452 | if err := h.ReadTrailer(bufio.NewReader(bytes.NewBufferString("X-Foo: bar\r\n\r\n"))); err != nil && err != io.EOF { |
| 2453 | t.Fatalf("unexpected error for safe trailer value: %v", err) |
| 2454 | } |
| 2455 | } |
| 2456 | |
| 2457 | func TestResponseHeaderCookie(t *testing.T) { |
| 2458 | t.Parallel() |
nothing calls this directly
no test coverage detected
searching dependent graphs…