test/test_http11.rb in mongrel-0.3.12 vs test/test_http11.rb in mongrel-0.3.12.1

@@ -1,9 +1,10 @@
 require 'test/unit'
 require 'http11'
 require 'mongrel'
 require 'benchmark'
+require 'digest/sha1'
 
 include Mongrel
 
 class HttpParserTest < Test::Unit::TestCase
     
@@ -36,19 +37,87 @@
     assert error, "failed to throw exception"
     assert !parser.finished?, "Parser shouldn't be finished"
     assert parser.error?, "Parser SHOULD have error"
   end
 
-  def test_query_parse
-    puts HttpRequest.query_parse("zed=1&frank=2").inspect
-    puts HttpRequest.query_parse("zed=1&zed=2&zed=3&frank=11;zed=45").inspect
+  # lame random garbage maker
+  def rand_data(min, max, readable=true)
+    count = min + ((rand(max)+1) *10).to_i
+    res = count.to_s + "/"
+    
+    if readable
+      res << Digest::SHA1.hexdigest(rand(count * 1000).to_s) * (count / 40)
+    else
+      res << Digest::SHA1.digest(rand(count * 1000).to_s) * (count / 20)
+    end
 
-    puts Benchmark.measure {
-      10000.times do |i|
-        g = HttpRequest.query_parse("zed=1&zed=2&zed=3&frank=11").inspect
+    return res
+  end
+  
+
+  def test_horrible_queries
+    parser = HttpParser.new
+
+    # first verify that large random get requests fail
+    100.times do |c| 
+      get = "GET /#{rand_data(1024, 1024+(c*1024))} HTTP/1.1\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
       end
-    }        
+    end
+
+    # then that large header names are caught
+    100.times do |c|
+      get = "GET /#{rand_data(10,120)} HTTP/1.1\r\nX-#{rand_data(1024, 1024+(c*1024))}: Test\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
+      end
+    end
+
+    # then that large mangled field values are caught
+    100.times do |c|
+      get = "GET /#{rand_data(10,120)} HTTP/1.1\r\nX-Test: #{rand_data(1024, 1024+(c*1024), false)}\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
+      end
+    end
+
+    # then large headers are rejected too
+    get = "GET /#{rand_data(10,120)} HTTP/1.1\r\n"
+    get << "X-Test: test\r\n" * (80 * 1024)
+    assert_raises Mongrel::HttpParserError do
+      parser.execute({}, get)
+      parser.reset
+    end
+
+    # finally just that random garbage gets blocked all the time
+    10.times do |c|
+      get = "GET #{rand_data(1024, 1024+(c*1024), false)} #{rand_data(1024, 1024+(c*1024), false)}\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get)
+        parser.reset
+      end
+    end
+
   end
 
 
+
+  def test_query_parse
+    res = HttpRequest.query_parse("zed=1&frank=2")
+    assert res["zed"], "didn't get the request right"
+    assert res["frank"], "no frank"
+    assert_equal "1", res["zed"], "wrong result"
+    assert_equal "2", res["frank"], "wrong result"
+
+    res = HttpRequest.query_parse("zed=1&zed=2&zed=3&frank=11;zed=45")
+    assert res["zed"], "didn't get the request right"
+    assert res["frank"], "no frank"
+    assert_equal 4,res["zed"].length, "wrong number for zed"
+    assert_equal "11",res["frank"], "wrong number for frank"
+  end
+  
 end