mirror of
https://github.com/chromium/crashpad.git
synced 2025-01-15 01:57:58 +08:00
6278690abe
sed -i '' -E -e 's/Copyright (.+) The Crashpad Authors\. All rights reserved\.$/Copyright \1 The Crashpad Authors/' $(git grep -El 'Copyright (.+) The Crashpad Authors\. All rights reserved\.$') Bug: chromium:1098010 Change-Id: I8d6138469ddbe3d281a5d83f64cf918ec2491611 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3878262 Reviewed-by: Joshua Peraza <jperaza@chromium.org> Commit-Queue: Mark Mentovai <mark@chromium.org>
298 lines
10 KiB
C++
298 lines
10 KiB
C++
// Copyright 2014 The Crashpad Authors
|
||
//
|
||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||
// you may not use this file except in compliance with the License.
|
||
// You may obtain a copy of the License at
|
||
//
|
||
// http://www.apache.org/licenses/LICENSE-2.0
|
||
//
|
||
// Unless required by applicable law or agreed to in writing, software
|
||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
// See the License for the specific language governing permissions and
|
||
// limitations under the License.
|
||
|
||
#include "util/net/http_multipart_builder.h"
|
||
|
||
#include <sys/types.h>
|
||
|
||
#include <vector>
|
||
|
||
#include "gtest/gtest.h"
|
||
#include "test/gtest_death.h"
|
||
#include "test/test_paths.h"
|
||
#include "util/net/http_body.h"
|
||
#include "util/net/http_body_test_util.h"
|
||
|
||
namespace crashpad {
|
||
namespace test {
|
||
namespace {
|
||
|
||
std::vector<std::string> SplitCRLF(const std::string& string) {
|
||
std::vector<std::string> lines;
|
||
size_t last_line = 0;
|
||
for (size_t i = 0; i < string.length(); ++i) {
|
||
if (string[i] == '\r' && i+1 < string.length() && string[i+1] == '\n') {
|
||
lines.push_back(string.substr(last_line, i - last_line));
|
||
last_line = i + 2;
|
||
++i;
|
||
}
|
||
}
|
||
// Append any remainder.
|
||
if (last_line < string.length()) {
|
||
lines.push_back(string.substr(last_line));
|
||
}
|
||
return lines;
|
||
}
|
||
|
||
// In the tests below, the form data pairs don’t appear in the order they were
|
||
// added. The current implementation uses a std::map which sorts keys, so the
|
||
// entires appear in alphabetical order. However, this is an implementation
|
||
// detail, and it’s OK if the writer stops sorting in this order. Testing for
|
||
// a specific order is just the easiest way to write this test while the writer
|
||
// will output things in a known order.
|
||
|
||
TEST(HTTPMultipartBuilder, ThreeStringFields) {
|
||
HTTPMultipartBuilder builder;
|
||
|
||
static constexpr char kKey1[] = "key1";
|
||
static constexpr char kValue1[] = "test";
|
||
builder.SetFormData(kKey1, kValue1);
|
||
|
||
static constexpr char kKey2[] = "key2";
|
||
static constexpr char kValue2[] = "This is another test.";
|
||
builder.SetFormData(kKey2, kValue2);
|
||
|
||
static constexpr char kKey3[] = "key-three";
|
||
static constexpr char kValue3[] = "More tests";
|
||
builder.SetFormData(kKey3, kValue3);
|
||
|
||
std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream());
|
||
ASSERT_TRUE(body.get());
|
||
std::string contents = ReadStreamToString(body.get());
|
||
auto lines = SplitCRLF(contents);
|
||
ASSERT_EQ(lines.size(), 13u);
|
||
auto lines_it = lines.begin();
|
||
|
||
// The first line is the boundary. All subsequent boundaries must match this.
|
||
const std::string& boundary = *lines_it++;
|
||
EXPECT_GE(boundary.length(), 1u);
|
||
EXPECT_LE(boundary.length(), 70u);
|
||
|
||
EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"key-three\"");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kValue3);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary);
|
||
EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"key1\"");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kValue1);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary);
|
||
EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"key2\"");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kValue2);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary + "--");
|
||
|
||
EXPECT_EQ(lines_it, lines.end());
|
||
}
|
||
|
||
TEST(HTTPMultipartBuilder, ThreeFileAttachments) {
|
||
HTTPMultipartBuilder builder;
|
||
base::FilePath ascii_http_body_path = TestPaths::TestDataRoot().Append(
|
||
FILE_PATH_LITERAL("util/net/testdata/ascii_http_body.txt"));
|
||
|
||
FileReader reader1;
|
||
ASSERT_TRUE(reader1.Open(ascii_http_body_path));
|
||
builder.SetFileAttachment("first", "minidump.dmp", &reader1, "");
|
||
|
||
FileReader reader2;
|
||
ASSERT_TRUE(reader2.Open(ascii_http_body_path));
|
||
builder.SetFileAttachment("second", "minidump.dmp", &reader2, "text/plain");
|
||
|
||
FileReader reader3;
|
||
ASSERT_TRUE(reader3.Open(ascii_http_body_path));
|
||
builder.SetFileAttachment(
|
||
"\"third 50% silly\"", "test%foo.txt", &reader3, "text/plain");
|
||
|
||
static constexpr char kFileContents[] = "This is a test.\n";
|
||
|
||
std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream());
|
||
ASSERT_TRUE(body.get());
|
||
std::string contents = ReadStreamToString(body.get());
|
||
auto lines = SplitCRLF(contents);
|
||
ASSERT_EQ(lines.size(), 16u);
|
||
auto lines_it = lines.begin();
|
||
|
||
const std::string& boundary = *lines_it++;
|
||
EXPECT_GE(boundary.length(), 1u);
|
||
EXPECT_LE(boundary.length(), 70u);
|
||
|
||
EXPECT_EQ(*lines_it++,
|
||
"Content-Disposition: form-data; "
|
||
"name=\"%22third 50%25 silly%22\"; filename=\"test%25foo.txt\"");
|
||
EXPECT_EQ(*lines_it++, "Content-Type: text/plain");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kFileContents);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary);
|
||
EXPECT_EQ(*lines_it++,
|
||
"Content-Disposition: form-data; "
|
||
"name=\"first\"; filename=\"minidump.dmp\"");
|
||
EXPECT_EQ(*lines_it++, "Content-Type: application/octet-stream");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kFileContents);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary);
|
||
EXPECT_EQ(*lines_it++,
|
||
"Content-Disposition: form-data; "
|
||
"name=\"second\"; filename=\"minidump.dmp\"");
|
||
EXPECT_EQ(*lines_it++, "Content-Type: text/plain");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kFileContents);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary + "--");
|
||
|
||
EXPECT_EQ(lines_it, lines.end());
|
||
}
|
||
|
||
TEST(HTTPMultipartBuilder, OverwriteFormDataWithEscapedKey) {
|
||
HTTPMultipartBuilder builder;
|
||
static constexpr char kKey[] = "a 100% \"silly\"\r\ntest";
|
||
builder.SetFormData(kKey, "some dummy value");
|
||
builder.SetFormData(kKey, "overwrite");
|
||
std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream());
|
||
ASSERT_TRUE(body.get());
|
||
std::string contents = ReadStreamToString(body.get());
|
||
auto lines = SplitCRLF(contents);
|
||
ASSERT_EQ(lines.size(), 5u);
|
||
auto lines_it = lines.begin();
|
||
|
||
const std::string& boundary = *lines_it++;
|
||
EXPECT_GE(boundary.length(), 1u);
|
||
EXPECT_LE(boundary.length(), 70u);
|
||
|
||
EXPECT_EQ(*lines_it++,
|
||
"Content-Disposition: form-data; name=\"a 100%25 "
|
||
"%22silly%22%0d%0atest\"");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, "overwrite");
|
||
EXPECT_EQ(*lines_it++, boundary + "--");
|
||
EXPECT_EQ(lines_it, lines.end());
|
||
}
|
||
|
||
TEST(HTTPMultipartBuilder, OverwriteFileAttachment) {
|
||
HTTPMultipartBuilder builder;
|
||
static constexpr char kValue[] = "1 2 3 test";
|
||
builder.SetFormData("a key", kValue);
|
||
base::FilePath testdata_path =
|
||
TestPaths::TestDataRoot().Append(FILE_PATH_LITERAL("util/net/testdata"));
|
||
|
||
FileReader reader1;
|
||
ASSERT_TRUE(reader1.Open(
|
||
testdata_path.Append(FILE_PATH_LITERAL("binary_http_body.dat"))));
|
||
builder.SetFileAttachment("minidump", "minidump.dmp", &reader1, "");
|
||
|
||
FileReader reader2;
|
||
ASSERT_TRUE(reader2.Open(
|
||
testdata_path.Append(FILE_PATH_LITERAL("binary_http_body.dat"))));
|
||
builder.SetFileAttachment("minidump2", "minidump.dmp", &reader2, "");
|
||
|
||
FileReader reader3;
|
||
ASSERT_TRUE(reader3.Open(
|
||
testdata_path.Append(FILE_PATH_LITERAL("ascii_http_body.txt"))));
|
||
builder.SetFileAttachment("minidump", "minidump.dmp", &reader3, "text/plain");
|
||
|
||
std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream());
|
||
ASSERT_TRUE(body.get());
|
||
std::string contents = ReadStreamToString(body.get());
|
||
auto lines = SplitCRLF(contents);
|
||
ASSERT_EQ(lines.size(), 15u);
|
||
auto lines_it = lines.begin();
|
||
|
||
const std::string& boundary = *lines_it++;
|
||
EXPECT_GE(boundary.length(), 1u);
|
||
EXPECT_LE(boundary.length(), 70u);
|
||
|
||
EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"a key\"");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kValue);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary);
|
||
EXPECT_EQ(*lines_it++,
|
||
"Content-Disposition: form-data; "
|
||
"name=\"minidump\"; filename=\"minidump.dmp\"");
|
||
EXPECT_EQ(*lines_it++, "Content-Type: text/plain");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, "This is a test.\n");
|
||
|
||
EXPECT_EQ(*lines_it++, boundary);
|
||
EXPECT_EQ(*lines_it++,
|
||
"Content-Disposition: form-data; "
|
||
"name=\"minidump2\"; filename=\"minidump.dmp\"");
|
||
EXPECT_EQ(*lines_it++, "Content-Type: application/octet-stream");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, "\xFE\xED\xFA\xCE\xA1\x1A\x15");
|
||
|
||
EXPECT_EQ(*lines_it++, boundary + "--");
|
||
|
||
EXPECT_EQ(lines_it, lines.end());
|
||
}
|
||
|
||
TEST(HTTPMultipartBuilder, SharedFormDataAndAttachmentKeyNamespace) {
|
||
HTTPMultipartBuilder builder;
|
||
static constexpr char kValue1[] = "11111";
|
||
builder.SetFormData("one", kValue1);
|
||
base::FilePath ascii_http_body_path = TestPaths::TestDataRoot().Append(
|
||
FILE_PATH_LITERAL("util/net/testdata/ascii_http_body.txt"));
|
||
|
||
FileReader reader;
|
||
ASSERT_TRUE(reader.Open(ascii_http_body_path));
|
||
builder.SetFileAttachment("minidump", "minidump.dmp", &reader, "");
|
||
static constexpr char kValue2[] = "this is not a file";
|
||
builder.SetFormData("minidump", kValue2);
|
||
|
||
std::unique_ptr<HTTPBodyStream> body(builder.GetBodyStream());
|
||
ASSERT_TRUE(body.get());
|
||
std::string contents = ReadStreamToString(body.get());
|
||
auto lines = SplitCRLF(contents);
|
||
ASSERT_EQ(lines.size(), 9u);
|
||
auto lines_it = lines.begin();
|
||
|
||
const std::string& boundary = *lines_it++;
|
||
EXPECT_GE(boundary.length(), 1u);
|
||
EXPECT_LE(boundary.length(), 70u);
|
||
|
||
EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"minidump\"");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kValue2);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary);
|
||
EXPECT_EQ(*lines_it++, "Content-Disposition: form-data; name=\"one\"");
|
||
EXPECT_EQ(*lines_it++, "");
|
||
EXPECT_EQ(*lines_it++, kValue1);
|
||
|
||
EXPECT_EQ(*lines_it++, boundary + "--");
|
||
|
||
EXPECT_EQ(lines_it, lines.end());
|
||
}
|
||
|
||
TEST(HTTPMultipartBuilderDeathTest, AssertUnsafeMIMEType) {
|
||
HTTPMultipartBuilder builder;
|
||
FileReader reader;
|
||
// Invalid and potentially dangerous:
|
||
ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "\r\n"), "");
|
||
ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "\""), "");
|
||
ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "\x12"), "");
|
||
ASSERT_DEATH_CHECK(builder.SetFileAttachment("", "", &reader, "<>"), "");
|
||
// Invalid but safe:
|
||
builder.SetFileAttachment("", "", &reader, "0/totally/-invalid.pdf");
|
||
// Valid and safe:
|
||
builder.SetFileAttachment("", "", &reader, "application/xml+xhtml");
|
||
}
|
||
|
||
} // namespace
|
||
} // namespace test
|
||
} // namespace crashpad
|