http_test.go

     1  // Copyright 2014 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Tests of internal functions and things with no better homes.
     6  
     7  package http
     8  
     9  import (
    10  	"bytes"
    11  	"internal/testenv"
    12  	"io/fs"
    13  	"net/url"
    14  	"os"
    15  	"os/exec"
    16  	"reflect"
    17  	"regexp"
    18  	"strings"
    19  	"testing"
    20  )
    21  
    22  func TestForeachHeaderElement(t *testing.T) {
    23  	tests := []struct {
    24  		in   string
    25  		want []string
    26  	}{
    27  		{"Foo", []string{"Foo"}},
    28  		{" Foo", []string{"Foo"}},
    29  		{"Foo ", []string{"Foo"}},
    30  		{" Foo ", []string{"Foo"}},
    31  
    32  		{"foo", []string{"foo"}},
    33  		{"anY-cAsE", []string{"anY-cAsE"}},
    34  
    35  		{"", nil},
    36  		{",,,,  ,  ,,   ,,, ,", nil},
    37  
    38  		{" Foo,Bar, Baz,lower,,Quux ", []string{"Foo", "Bar", "Baz", "lower", "Quux"}},
    39  	}
    40  	for _, tt := range tests {
    41  		var got []string
    42  		foreachHeaderElement(tt.in, func(v string) {
    43  			got = append(got, v)
    44  		})
    45  		if !reflect.DeepEqual(got, tt.want) {
    46  			t.Errorf("foreachHeaderElement(%q) = %q; want %q", tt.in, got, tt.want)
    47  		}
    48  	}
    49  }
    50  
    51  func TestCleanHost(t *testing.T) {
    52  	tests := []struct {
    53  		in, want string
    54  	}{
    55  		{"www.google.com", "www.google.com"},
    56  		{"www.google.com foo", "www.google.com"},
    57  		{"www.google.com/foo", "www.google.com"},
    58  		{" first character is a space", ""},
    59  		{"[1::6]:8080", "[1::6]:8080"},
    60  
    61  		// Punycode:
    62  		{"гофер.рф/foo", "xn--c1ae0ajs.xn--p1ai"},
    63  		{"bücher.de", "xn--bcher-kva.de"},
    64  		{"bücher.de:8080", "xn--bcher-kva.de:8080"},
    65  		// Verify we convert to lowercase before punycode:
    66  		{"BÜCHER.de", "xn--bcher-kva.de"},
    67  		{"BÜCHER.de:8080", "xn--bcher-kva.de:8080"},
    68  		// Verify we normalize to NFC before punycode:
    69  		{"gophér.nfc", "xn--gophr-esa.nfc"},            // NFC input; no work needed
    70  		{"goph\u0065\u0301r.nfd", "xn--gophr-esa.nfd"}, // NFD input
    71  	}
    72  	for _, tt := range tests {
    73  		got := cleanHost(tt.in)
    74  		if tt.want != got {
    75  			t.Errorf("cleanHost(%q) = %q, want %q", tt.in, got, tt.want)
    76  		}
    77  	}
    78  }
    79  
    80  // Test that cmd/go doesn't link in the HTTP server.
    81  //
    82  // This catches accidental dependencies between the HTTP transport and
    83  // server code.
    84  func TestCmdGoNoHTTPServer(t *testing.T) {
    85  	t.Parallel()
    86  	goBin := testenv.GoToolPath(t)
    87  	out, err := exec.Command(goBin, "tool", "nm", goBin).CombinedOutput()
    88  	if err != nil {
    89  		t.Fatalf("go tool nm: %v: %s", err, out)
    90  	}
    91  	wantSym := map[string]bool{
    92  		// Verify these exist: (sanity checking this test)
    93  		"net/http.(*Client).do":           true,
    94  		"net/http.(*Transport).RoundTrip": true,
    95  
    96  		// Verify these don't exist:
    97  		"net/http.http2Server":           false,
    98  		"net/http.(*Server).Serve":       false,
    99  		"net/http.(*ServeMux).ServeHTTP": false,
   100  		"net/http.DefaultServeMux":       false,
   101  	}
   102  	for sym, want := range wantSym {
   103  		got := bytes.Contains(out, []byte(sym))
   104  		if !want && got {
   105  			t.Errorf("cmd/go unexpectedly links in HTTP server code; found symbol %q in cmd/go", sym)
   106  		}
   107  		if want && !got {
   108  			t.Errorf("expected to find symbol %q in cmd/go; not found", sym)
   109  		}
   110  	}
   111  }
   112  
   113  // Tests that the nethttpomithttp2 build tag doesn't rot too much,
   114  // even if there's not a regular builder on it.
   115  func TestOmitHTTP2(t *testing.T) {
   116  	if testing.Short() {
   117  		t.Skip("skipping in short mode")
   118  	}
   119  	t.Parallel()
   120  	goTool := testenv.GoToolPath(t)
   121  	out, err := exec.Command(goTool, "test", "-short", "-tags=nethttpomithttp2", "net/http").CombinedOutput()
   122  	if err != nil {
   123  		t.Fatalf("go test -short failed: %v, %s", err, out)
   124  	}
   125  }
   126  
   127  // Tests that the nethttpomithttp2 build tag at least type checks
   128  // in short mode.
   129  // The TestOmitHTTP2 test above actually runs tests (in long mode).
   130  func TestOmitHTTP2Vet(t *testing.T) {
   131  	t.Parallel()
   132  	goTool := testenv.GoToolPath(t)
   133  	out, err := exec.Command(goTool, "vet", "-tags=nethttpomithttp2", "net/http").CombinedOutput()
   134  	if err != nil {
   135  		t.Fatalf("go vet failed: %v, %s", err, out)
   136  	}
   137  }
   138  
   139  var valuesCount int
   140  
   141  func BenchmarkCopyValues(b *testing.B) {
   142  	b.ReportAllocs()
   143  	src := url.Values{
   144  		"a": {"1", "2", "3", "4", "5"},
   145  		"b": {"2", "2", "3", "4", "5"},
   146  		"c": {"3", "2", "3", "4", "5"},
   147  		"d": {"4", "2", "3", "4", "5"},
   148  		"e": {"1", "1", "2", "3", "4", "5", "6", "7", "abcdef", "l", "a", "b", "c", "d", "z"},
   149  		"j": {"1", "2"},
   150  		"m": nil,
   151  	}
   152  	for i := 0; i < b.N; i++ {
   153  		dst := url.Values{"a": {"b"}, "b": {"2"}, "c": {"3"}, "d": {"4"}, "j": nil, "m": {"x"}}
   154  		copyValues(dst, src)
   155  		if valuesCount = len(dst["a"]); valuesCount != 6 {
   156  			b.Fatalf(`%d items in dst["a"] but expected 6`, valuesCount)
   157  		}
   158  	}
   159  	if valuesCount == 0 {
   160  		b.Fatal("Benchmark wasn't run")
   161  	}
   162  }
   163  
   164  var forbiddenStringsFunctions = map[string]bool{
   165  	// Functions that use Unicode-aware case folding.
   166  	"EqualFold":      true,
   167  	"Title":          true,
   168  	"ToLower":        true,
   169  	"ToLowerSpecial": true,
   170  	"ToTitle":        true,
   171  	"ToTitleSpecial": true,
   172  	"ToUpper":        true,
   173  	"ToUpperSpecial": true,
   174  
   175  	// Functions that use Unicode-aware spaces.
   176  	"Fields":    true,
   177  	"TrimSpace": true,
   178  }
   179  
   180  // TestNoUnicodeStrings checks that nothing in net/http uses the Unicode-aware
   181  // strings and bytes package functions. HTTP is mostly ASCII based, and doing
   182  // Unicode-aware case folding or space stripping can introduce vulnerabilities.
   183  func TestNoUnicodeStrings(t *testing.T) {
   184  	if !testenv.HasSrc() {
   185  		t.Skip("source code not available")
   186  	}
   187  
   188  	re := regexp.MustCompile(`(strings|bytes).([A-Za-z]+)`)
   189  	if err := fs.WalkDir(os.DirFS("."), ".", func(path string, d fs.DirEntry, err error) error {
   190  		if err != nil {
   191  			t.Fatal(err)
   192  		}
   193  
   194  		if path == "internal/ascii" {
   195  			return fs.SkipDir
   196  		}
   197  		if !strings.HasSuffix(path, ".go") ||
   198  			strings.HasSuffix(path, "_test.go") ||
   199  			path == "h2_bundle.go" || d.IsDir() {
   200  			return nil
   201  		}
   202  
   203  		contents, err := os.ReadFile(path)
   204  		if err != nil {
   205  			t.Fatal(err)
   206  		}
   207  		for lineNum, line := range strings.Split(string(contents), "\n") {
   208  			for _, match := range re.FindAllStringSubmatch(line, -1) {
   209  				if !forbiddenStringsFunctions[match[2]] {
   210  					continue
   211  				}
   212  				t.Errorf("disallowed call to %s at %s:%d", match[0], path, lineNum+1)
   213  			}
   214  		}
   215  
   216  		return nil
   217  	}); err != nil {
   218  		t.Fatal(err)
   219  	}
   220  }
   221
View as plain text