TUN-2152: Requests with a query in the URL are erroneously escaped

This commit is contained in:
Areg Harutyunyan 2019-08-06 16:42:37 -05:00
parent 1d73c2752e
commit f6c7f8a96c
2 changed files with 110 additions and 9 deletions

View File

@ -45,16 +45,13 @@ func H2RequestHeadersToH1Request(h2 []h2mux.Header, h1 *http.Request) error {
// Otherwise the host header will be based on the origin URL // Otherwise the host header will be based on the origin URL
h1.Host = header.Value h1.Host = header.Value
case ":path": case ":path":
u, err := url.Parse(header.Value) // Separate the path and the (optional) query from each other
if err != nil { chunks := strings.SplitN(header.Value, "?", 2)
return fmt.Errorf("unparseable path")
h1.URL.Path = chunks[0]
if len(chunks) > 1 {
h1.URL.RawQuery = chunks[1]
} }
resolved := h1.URL.ResolveReference(u)
// prevent escaping base URL
if !strings.HasPrefix(resolved.String(), h1.URL.String()) {
return fmt.Errorf("invalid path")
}
h1.URL = resolved
case "content-length": case "content-length":
contentLength, err := strconv.ParseInt(header.Value, 10, 64) contentLength, err := strconv.ParseInt(header.Value, 10, 64)
if err != nil { if err != nil {

View File

@ -0,0 +1,104 @@
package streamhandler
import (
"net/http"
"testing"
"github.com/cloudflare/cloudflared/h2mux"
"github.com/stretchr/testify/assert"
)
func TestH2RequestHeadersToH1Request_RegularHeaders(t *testing.T) {
request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
assert.NoError(t, err)
headersConversionErr := H2RequestHeadersToH1Request(
[]h2mux.Header{
h2mux.Header{
Name: "Mock header 1",
Value: "Mock value 1",
},
h2mux.Header{
Name: "Mock header 2",
Value: "Mock value 2",
},
},
request,
)
assert.Equal(t, http.Header{
"Mock header 1": []string{"Mock value 1"},
"Mock header 2": []string{"Mock value 2"},
}, request.Header)
assert.NoError(t, headersConversionErr)
}
func TestH2RequestHeadersToH1Request_NoHeaders(t *testing.T) {
request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
assert.NoError(t, err)
headersConversionErr := H2RequestHeadersToH1Request(
[]h2mux.Header{},
request,
)
assert.Equal(t, http.Header{}, request.Header)
assert.NoError(t, headersConversionErr)
}
func TestH2RequestHeadersToH1Request_InvalidHostPath(t *testing.T) {
request, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
assert.NoError(t, err)
headersConversionErr := H2RequestHeadersToH1Request(
[]h2mux.Header{
h2mux.Header{
Name: ":path",
Value: "//bad_path/",
},
h2mux.Header{
Name: "Mock header",
Value: "Mock value",
},
},
request,
)
assert.Equal(t, http.Header{
"Mock header": []string{"Mock value"},
}, request.Header)
assert.Equal(t, "http://example.com//bad_path/", request.URL.String())
assert.NoError(t, headersConversionErr)
}
func TestH2RequestHeadersToH1Request_HostPathWithQuery(t *testing.T) {
request, err := http.NewRequest(http.MethodGet, "http://example.com/", nil)
assert.NoError(t, err)
headersConversionErr := H2RequestHeadersToH1Request(
[]h2mux.Header{
h2mux.Header{
Name: ":path",
Value: "/?query",
},
h2mux.Header{
Name: "Mock header",
Value: "Mock value",
},
},
request,
)
assert.Equal(t, http.Header{
"Mock header": []string{"Mock value"},
}, request.Header)
assert.Equal(t, "http://example.com/?query", request.URL.String())
assert.NoError(t, headersConversionErr)
}