From 7835e0c2c7be0e45262a06b5e2ec2399ae019977 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 3 Mar 2013 14:56:56 +1300 Subject: Begin some simple fuzzing with pathod. Finally doing what I started writing pathod for in the first place... --- test/test_fuzzing.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 test/test_fuzzing.py (limited to 'test/test_fuzzing.py') diff --git a/test/test_fuzzing.py b/test/test_fuzzing.py new file mode 100644 index 00000000..4b4253d8 --- /dev/null +++ b/test/test_fuzzing.py @@ -0,0 +1,12 @@ +import tservers + +""" + A collection of errors turned up by fuzzing. +""" + +class TestFuzzy(tservers.HTTPProxTest): + def test_idna_err(self): + req = r'get:"http://localhost:%s":i10,"\xc6"' + p = self.pathoc() + assert p.request(req%self.server.port).status_code == 400 + -- cgit v1.2.3 From 8216801728ea2af82614025ca309a3b5db2ad982 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 3 Mar 2013 15:14:49 +1300 Subject: Three more errors turned up with fuzzing. These are fixed in netlib, regression tests added here. --- test/test_fuzzing.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'test/test_fuzzing.py') diff --git a/test/test_fuzzing.py b/test/test_fuzzing.py index 4b4253d8..857a2b10 100644 --- a/test/test_fuzzing.py +++ b/test/test_fuzzing.py @@ -1,7 +1,8 @@ import tservers """ - A collection of errors turned up by fuzzing. + A collection of errors turned up by fuzzing. Errors are integrated here + after being fixed to check for regressions. """ class TestFuzzy(tservers.HTTPProxTest): @@ -10,3 +11,17 @@ class TestFuzzy(tservers.HTTPProxTest): p = self.pathoc() assert p.request(req%self.server.port).status_code == 400 + def test_nullbytes(self): + req = r'get:"http://localhost:%s":i19,"\x00"' + p = self.pathoc() + assert p.request(req%self.server.port).status_code == 400 + + def test_invalid_ports(self): + req = 'get:"http://localhost:999999"' + p = self.pathoc() + assert p.request(req).status_code == 400 + + def test_invalid_ipv6_url(self): + req = 'get:"http://localhost:%s":i13,"["' + p = self.pathoc() + assert p.request(req%self.server.port).status_code == 400 -- cgit v1.2.3 From cde66cd58470cd68a76a9d8b1022a45e99a5cd8d Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 3 Mar 2013 22:03:27 +1300 Subject: Fuzzing, and fixes for errors found with fuzzing. --- test/test_fuzzing.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'test/test_fuzzing.py') diff --git a/test/test_fuzzing.py b/test/test_fuzzing.py index 857a2b10..ba7b751c 100644 --- a/test/test_fuzzing.py +++ b/test/test_fuzzing.py @@ -25,3 +25,15 @@ class TestFuzzy(tservers.HTTPProxTest): req = 'get:"http://localhost:%s":i13,"["' p = self.pathoc() assert p.request(req%self.server.port).status_code == 400 + + def test_invalid_upstream(self): + req = r"get:'http://localhost:%s/p/200:i10,\'+\''" + p = self.pathoc() + assert p.request(req%self.server.port).status_code == 502 + + def test_upstream_disconnect(self): + req = r'200:d0:h"Date"="Sun, 03 Mar 2013 04:00:00 GMT"' + p = self.pathod(req) + assert p.status_code == 400 + + -- cgit v1.2.3