| // Copyright 2014 The Crashpad Authors. All rights reserved. |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| #include "util/net/http_multipart_builder.h" |
| |
| #include <sys/types.h> |
| |
| #include <vector> |
| |
| #include "gtest/gtest.h" |
| #include "test/gtest_death.h" |
| #include "test/test_paths.h" |
| #include "util/net/http_body.h" |
| #include "util/net/http_body_test_util.h" |
| |
| namespace crashpad { |
| namespace test { |
| namespace { |
| |
| std::vector<std::string> SplitCRLF(const std::string& string) { |
| std::vector<std::string> lines; |
| size_t last_line = 0; |
| for (size_t i = 0; i < string.length(); ++i) { |
| if (string[i] == '\r' && i+1 < string.length() && string[i+1] == '\n') { |
| lines.push_back(string.substr(last_line, i - last_line)); |
| last_line = i + 2; |
| ++i; |
| } |
| } |
| // Append any remainder. |
| if (last_line < string.length()) { |
| lines.push_back(string.substr(last_line)); |
| } |
| return lines; |
| } |
| |
| // In the tests below, the form data pairs don’t appear in the order they were |
| // added. The current implementation uses a std::map which sorts keys, so the |
| // entires appear in alphabetical order. However, this is an implementation |
| // detail, and it’s OK if the writer stops sorting in this order. Testing for |
| // a specific order is just the easiest way to write this test while the writer |
| // will output things in a known order. |
| |
| TEST(HTTPMultipartBuilder, ThreeStringFields) { |
| HTTPMultipartBuilder builder; |
| |
| static constexpr char kKey1[] = "key1"; |
| static constexpr char kValue1[] = "test"; |
| builder.SetFormData(kKey1, kValue1); |
| |
| static constexpr char kKey2[] = "key2"; |
| static constexpr char kValue2[] = "This is another test."; |
| builder.SetFormData(kKey2, kValue2); |
| |
| static constexpr char kKey3[] = "key-three"; |
| static constexpr char kValue3[] = "More tests"; |
| builder.SetFormData(kKey3, kValue3); |
| |
| std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream()); |
| ASSERT_TRUE(body.get()); |
| std::string contents = ReadStreamToString(body.get()); |
| auto lines = SplitCRLF(contents); |
| ASSERT_EQ(lines.size(), 13u); |
| auto lines_it = lines.begin(); |
| |
| // The first line is the boundary. All subsequent boundaries must match this. |
| const std::string& boundary = *lines_it++; |
| EXPECT_GE(boundary.length(), 1u); |
| EXPECT_LE(boundary.length(), 70u); |
| |
| EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"key-three\""); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kValue3); |
| |
| EXPECT_EQ(*lines_it++, boundary); |
| EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"key1\""); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kValue1); |
| |
| EXPECT_EQ(*lines_it++, boundary); |
| EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"key2\""); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kValue2); |
| |
| EXPECT_EQ(*lines_it++, boundary + "--"); |
| |
| EXPECT_EQ(lines_it, lines.end()); |
| } |
| |
| TEST(HTTPMultipartBuilder, ThreeFileAttachments) { |
| HTTPMultipartBuilder builder; |
| base::FilePath ascii_http_body_path = TestPaths::TestDataRoot().Append( |
| FILE_PATH_LITERAL("util/net/testdata/ascii_http_body.txt")); |
| |
| FileReader reader1; |
| ASSERT_TRUE(reader1.Open(ascii_http_body_path)); |
| builder.SetFileAttachment("first", "minidump.dmp", &reader1, ""); |
| |
| FileReader reader2; |
| ASSERT_TRUE(reader2.Open(ascii_http_body_path)); |
| builder.SetFileAttachment("second", "minidump.dmp", &reader2, "text/plain"); |
| |
| FileReader reader3; |
| ASSERT_TRUE(reader3.Open(ascii_http_body_path)); |
| builder.SetFileAttachment( |
| "\"third 50% silly\"", "test%foo.txt", &reader3, "text/plain"); |
| |
| static constexpr char kFileContents[] = "This is a test.\n"; |
| |
| std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream()); |
| ASSERT_TRUE(body.get()); |
| std::string contents = ReadStreamToString(body.get()); |
| auto lines = SplitCRLF(contents); |
| ASSERT_EQ(lines.size(), 16u); |
| auto lines_it = lines.begin(); |
| |
| const std::string& boundary = *lines_it++; |
| EXPECT_GE(boundary.length(), 1u); |
| EXPECT_LE(boundary.length(), 70u); |
| |
| EXPECT_EQ(*lines_it++, |
| "Content-Disposition: form-data; " |
| "name=\"%22third 50%25 silly%22\"; filename=\"test%25foo.txt\""); |
| EXPECT_EQ(*lines_it++, "Content-Type: text/plain"); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kFileContents); |
| |
| EXPECT_EQ(*lines_it++, boundary); |
| EXPECT_EQ(*lines_it++, |
| "Content-Disposition: form-data; " |
| "name=\"first\"; filename=\"minidump.dmp\""); |
| EXPECT_EQ(*lines_it++, "Content-Type: application/octet-stream"); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kFileContents); |
| |
| EXPECT_EQ(*lines_it++, boundary); |
| EXPECT_EQ(*lines_it++, |
| "Content-Disposition: form-data; " |
| "name=\"second\"; filename=\"minidump.dmp\""); |
| EXPECT_EQ(*lines_it++, "Content-Type: text/plain"); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kFileContents); |
| |
| EXPECT_EQ(*lines_it++, boundary + "--"); |
| |
| EXPECT_EQ(lines_it, lines.end()); |
| } |
| |
| TEST(HTTPMultipartBuilder, OverwriteFormDataWithEscapedKey) { |
| HTTPMultipartBuilder builder; |
| static constexpr char kKey[] = "a 100% \"silly\"\r\ntest"; |
| builder.SetFormData(kKey, "some dummy value"); |
| builder.SetFormData(kKey, "overwrite"); |
| std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream()); |
| ASSERT_TRUE(body.get()); |
| std::string contents = ReadStreamToString(body.get()); |
| auto lines = SplitCRLF(contents); |
| ASSERT_EQ(lines.size(), 5u); |
| auto lines_it = lines.begin(); |
| |
| const std::string& boundary = *lines_it++; |
| EXPECT_GE(boundary.length(), 1u); |
| EXPECT_LE(boundary.length(), 70u); |
| |
| EXPECT_EQ(*lines_it++, |
| "Content-Disposition: form-data; name=\"a 100%25 " |
| "%22silly%22%0d%0atest\""); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, "overwrite"); |
| EXPECT_EQ(*lines_it++, boundary + "--"); |
| EXPECT_EQ(lines_it, lines.end()); |
| } |
| |
| TEST(HTTPMultipartBuilder, OverwriteFileAttachment) { |
| HTTPMultipartBuilder builder; |
| static constexpr char kValue[] = "1 2 3 test"; |
| builder.SetFormData("a key", kValue); |
| base::FilePath testdata_path = |
| TestPaths::TestDataRoot().Append(FILE_PATH_LITERAL("util/net/testdata")); |
| |
| FileReader reader1; |
| ASSERT_TRUE(reader1.Open( |
| testdata_path.Append(FILE_PATH_LITERAL("binary_http_body.dat")))); |
| builder.SetFileAttachment("minidump", "minidump.dmp", &reader1, ""); |
| |
| FileReader reader2; |
| ASSERT_TRUE(reader2.Open( |
| testdata_path.Append(FILE_PATH_LITERAL("binary_http_body.dat")))); |
| builder.SetFileAttachment("minidump2", "minidump.dmp", &reader2, ""); |
| |
| FileReader reader3; |
| ASSERT_TRUE(reader3.Open( |
| testdata_path.Append(FILE_PATH_LITERAL("ascii_http_body.txt")))); |
| builder.SetFileAttachment("minidump", "minidump.dmp", &reader3, "text/plain"); |
| |
| std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream()); |
| ASSERT_TRUE(body.get()); |
| std::string contents = ReadStreamToString(body.get()); |
| auto lines = SplitCRLF(contents); |
| ASSERT_EQ(lines.size(), 15u); |
| auto lines_it = lines.begin(); |
| |
| const std::string& boundary = *lines_it++; |
| EXPECT_GE(boundary.length(), 1u); |
| EXPECT_LE(boundary.length(), 70u); |
| |
| EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"a key\""); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kValue); |
| |
| EXPECT_EQ(*lines_it++, boundary); |
| EXPECT_EQ(*lines_it++, |
| "Content-Disposition: form-data; " |
| "name=\"minidump\"; filename=\"minidump.dmp\""); |
| EXPECT_EQ(*lines_it++, "Content-Type: text/plain"); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, "This is a test.\n"); |
| |
| EXPECT_EQ(*lines_it++, boundary); |
| EXPECT_EQ(*lines_it++, |
| "Content-Disposition: form-data; " |
| "name=\"minidump2\"; filename=\"minidump.dmp\""); |
| EXPECT_EQ(*lines_it++, "Content-Type: application/octet-stream"); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, "\xFE\xED\xFA\xCE\xA1\x1A\x15"); |
| |
| EXPECT_EQ(*lines_it++, boundary + "--"); |
| |
| EXPECT_EQ(lines_it, lines.end()); |
| } |
| |
| TEST(HTTPMultipartBuilder, SharedFormDataAndAttachmentKeyNamespace) { |
| HTTPMultipartBuilder builder; |
| static constexpr char kValue1[] = "11111"; |
| builder.SetFormData("one", kValue1); |
| base::FilePath ascii_http_body_path = TestPaths::TestDataRoot().Append( |
| FILE_PATH_LITERAL("util/net/testdata/ascii_http_body.txt")); |
| |
| FileReader reader; |
| ASSERT_TRUE(reader.Open(ascii_http_body_path)); |
| builder.SetFileAttachment("minidump", "minidump.dmp", &reader, ""); |
| static constexpr char kValue2[] = "this is not a file"; |
| builder.SetFormData("minidump", kValue2); |
| |
| std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream()); |
| ASSERT_TRUE(body.get()); |
| std::string contents = ReadStreamToString(body.get()); |
| auto lines = SplitCRLF(contents); |
| ASSERT_EQ(lines.size(), 9u); |
| auto lines_it = lines.begin(); |
| |
| const std::string& boundary = *lines_it++; |
| EXPECT_GE(boundary.length(), 1u); |
| EXPECT_LE(boundary.length(), 70u); |
| |
| EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"minidump\""); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kValue2); |
| |
| EXPECT_EQ(*lines_it++, boundary); |
| EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"one\""); |
| EXPECT_EQ(*lines_it++, ""); |
| EXPECT_EQ(*lines_it++, kValue1); |
| |
| EXPECT_EQ(*lines_it++, boundary + "--"); |
| |
| EXPECT_EQ(lines_it, lines.end()); |
| } |
| |
| TEST(HTTPMultipartBuilderDeathTest, AssertUnsafeMIMEType) { |
| HTTPMultipartBuilder builder; |
| FileReader reader; |
| // Invalid and potentially dangerous: |
| ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "\r\n"), ""); |
| ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "\""), ""); |
| ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "\x12"), ""); |
| ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "<>"), ""); |
| // Invalid but safe: |
| builder.SetFileAttachment("", "", &reader, "0/totally/-invalid.pdf"); |
| // Valid and safe: |
| builder.SetFileAttachment("", "", &reader, "application/xml+xhtml"); |
| } |
| |
| } // namespace |
| } // namespace test |
| } // namespace crashpad |