From d4a7bccd3c4e7e1339782dd1591bad968e6158be Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 10 Feb 2016 20:10:28 -0500 Subject: [PATCH] tests: update tests for Node.js security behavior change --- test/json.js | 29 +++++++++++------------------ test/raw.js | 19 +++++++++++-------- test/text.js | 17 ++++++++++------- test/urlencoded.js | 21 +++++++++++++-------- 4 files changed, 45 insertions(+), 41 deletions(-) diff --git a/test/json.js b/test/json.js index 01477035..2040c1c1 100644 --- a/test/json.js +++ b/test/json.js @@ -67,14 +67,17 @@ describe('bodyParser.json()', function(){ }) it('should 400 when invalid content-length', function(done){ - var server = createServer({ limit: '1kb' }) - - var test = request(server).post('/') - test.set('Content-Type', 'application/json') - test.set('Content-Length', '20') - test.set('Transfer-Encoding', 'chunked') - test.write('{"str":') - test.expect(400, /content length/, done) + var jsonParser = bodyParser.json() + var server = createServer(function (req, res, next) { + req.headers['content-length'] = '20' // bad length + jsonParser(req, res, next) + }) + + request(server) + .post('/') + .set('Content-Type', 'application/json') + .send('{"str":') + .expect(400, /content length/, done) }) it('should handle duplicated middleware', function (done) { @@ -473,16 +476,6 @@ describe('bodyParser.json()', function(){ test.expect(200, '{"name":"论"}', done) }) - it('should check content-length correctly', function(done){ - var test = request(server).post('/') - test.set('Content-Encoding', 'gzip') - test.set('Content-Length', '49') - test.set('Content-Type', 'application/json') - test.set('Transfer-Encoding', 'chunked') - test.write(new Buffer('1f8b080000000000000bab56ca4bcc4d55b2527ab16e97522d00515be1cc0e000000', 'hex')) - test.expect(200, '{"name":"论"}', done) - }) - it('should 415 on unknown encoding', function(done){ var test = request(server).post('/') test.set('Content-Encoding', 'nulls') diff --git a/test/raw.js b/test/raw.js index 5627443e..4b0935a0 100644 --- a/test/raw.js +++ b/test/raw.js @@ -20,14 +20,17 @@ describe('bodyParser.raw()', function(){ }) it('should 400 when invalid content-length', function(done){ - var server = createServer({ limit: '1kb' }) - - var test = request(server).post('/') - test.set('Content-Type', 'application/octet-stream') - test.set('Content-Length', '20') - test.set('Transfer-Encoding', 'chunked') - test.write('stuff') - test.expect(400, /content length/, done) + var rawParser = bodyParser.raw() + var server = createServer(function (req, res, next) { + req.headers['content-length'] = '20' // bad length + rawParser(req, res, next) + }) + + request(server) + .post('/') + .set('Content-Type', 'application/octet-stream') + .send('stuff') + .expect(400, /content length/, done) }) it('should handle Content-Length: 0', function(done){ diff --git a/test/text.js b/test/text.js index e0ea57fb..33d58853 100644 --- a/test/text.js +++ b/test/text.js @@ -20,14 +20,17 @@ describe('bodyParser.text()', function(){ }) it('should 400 when invalid content-length', function(done){ - var server = createServer({ limit: '1kb' }) + var textParser = bodyParser.text() + var server = createServer(function (req, res, next) { + req.headers['content-length'] = '20' // bad length + textParser(req, res, next) + }) - var test = request(server).post('/') - test.set('Content-Type', 'text/plain') - test.set('Content-Length', '20') - test.set('Transfer-Encoding', 'chunked') - test.write('user') - test.expect(400, /content length/, done) + request(server) + .post('/') + .set('Content-Type', 'text/plain') + .send('user') + .expect(400, /content length/, done) }) it('should handle Content-Length: 0', function(done){ diff --git a/test/urlencoded.js b/test/urlencoded.js index 3268df0f..c7771aab 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -20,14 +20,17 @@ describe('bodyParser.urlencoded()', function(){ }) it('should 400 when invalid content-length', function(done){ - var server = createServer({ limit: '1kb' }) + var urlencodedParser = bodyParser.urlencoded() + var server = createServer(function (req, res, next) { + req.headers['content-length'] = '20' // bad length + urlencodedParser(req, res, next) + }) - var test = request(server).post('/') - test.set('Content-Type', 'application/x-www-form-urlencoded') - test.set('Content-Length', '20') - test.set('Transfer-Encoding', 'chunked') - test.write('str=') - test.expect(400, /content length/, done) + request(server) + .post('/') + .set('Content-Type', 'application/x-www-form-urlencoded') + .send('str=') + .expect(400, /content length/, done) }) it('should handle Content-Length: 0', function(done){ @@ -651,7 +654,9 @@ function createManyParams(count) { } function createServer(opts){ - var _bodyParser = bodyParser.urlencoded(opts) + var _bodyParser = typeof opts !== 'function' + ? bodyParser.urlencoded(opts) + : opts return http.createServer(function(req, res){ _bodyParser(req, res, function(err){