From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 0952223F8D for ; Fri, 21 Dec 2018 13:18:48 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EDFv0PM8kskG for ; Fri, 21 Dec 2018 13:18:47 -0500 (EST) Received: from smtp53.i.mail.ru (smtp53.i.mail.ru [94.100.177.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 5B50023F14 for ; Fri, 21 Dec 2018 13:18:47 -0500 (EST) From: Roman Khabibov Subject: [tarantool-patches] [PATCH] httpc: add checking of headers in httpc:request Date: Fri, 21 Dec 2018 21:18:44 +0300 Message-Id: <20181221181844.4417-1-roman.habibov@tarantool.org> Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: alexander.turenko@tarantool.org Add function that checks the value of each header. It must be 'string' or 'table' with '__tostring' metamethod. Closes #3679 --- Branch: https://github.com/tarantool/tarantool/tree/romanhabibov/gh-3679-httpc-request Issue: https://github.com/tarantool/tarantool/issues/3679 src/lua/httpc.lua | 23 +++++++++++++++++++++++ test/app-tap/http_client.test.lua | 17 +++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/src/lua/httpc.lua b/src/lua/httpc.lua index cd44b6054..ede976a3a 100644 --- a/src/lua/httpc.lua +++ b/src/lua/httpc.lua @@ -216,6 +216,28 @@ local function process_cookies(cookies) return result end +local function check_headers(opts) + if opts ~= nil then + local headers = opts["headers"] + if headers ~= nil then + for header, value in pairs(headers) do + if type(value) ~= 'string' then + if type(value) ~= 'table' then + error('Usage: httpc:request bad \''..header..'\' value') + end + local mt = getmetatable(value) + if mt == nil then + error('Usage: httpc:request \''..header..'\' has not \'__tostring\'') + end + if mt["__tostring"] ~= nil then + headers[header] = tostring(value) + end + end + end + end + end +end + local function process_headers(headers) for header, value in pairs(headers) do if type(value) == 'table' then @@ -296,6 +318,7 @@ curl_mt = { if not method or not url then error('request(method, url [, options]])') end + check_headers(opts) local resp = self.curl:request(method, url, body, opts or {}) if resp and resp.headers then if resp.headers['set-cookie'] ~= nil then diff --git a/test/app-tap/http_client.test.lua b/test/app-tap/http_client.test.lua index 10a3728f8..d7e01d60f 100755 --- a/test/app-tap/http_client.test.lua +++ b/test/app-tap/http_client.test.lua @@ -205,6 +205,23 @@ local function test_errors(test) test:is(r.status, 595, "GET: response on bad url") end +--gh-3679 Check that client check that the httpc:request doesn't modify headers. + +local function test_request_headers(test) + test:plan(5) + httpc = require('http.client').new() + test:ok(not pcall(httpc:request('GET', 'localhost:4444', nil, {headers = {aaa = true}})), + 'expected error about bad value') + test:ok(not pcall(httpc:request('GET', 'localhost:4444', nil, {headers = {aaa = 10}})), + 'expected error about bad value') + test:ok(not pcall(httpc:request('GET', 'localhost:4444', nil, {headers = {aaa = box.NULL}})), + 'expected error about bad value') + test:ok(not pcall(httpc:request('GET', 'localhost:4444', nil, {headers = {aaa = 10ULL}})), + 'expected error about bad value') + test:ok(not pcall(httpc:request('GET', 'localhost:4444', nil, {headers = {aaa = {}}})), + 'expected error with no \'__tostring\'') +end + local function test_headers(test, url, opts) test:plan(19) local http = client:new() -- 2.17.1