mirror of
https://github.com/golang/go.git
synced 2025-12-08 06:10:04 +00:00
net/http/httptest: panic on non-3 digit (XXX) status code in Recorder.WriteHeader
This change conforms Recorder with net/http servers, to panic when a handler writes a non-3 digit XXX status code. Fixes #45353 Change-Id: Id5ed4af652e8c150ae86bf50402b800d935e2203 Reviewed-on: https://go-review.googlesource.com/c/go/+/308950 Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com> TryBot-Result: Go Bot <gobot@golang.org> Trust: Michael Knyszek <mknyszek@google.com>
This commit is contained in:
ian woolf
Emmanuel Odeke
parent
cbf9caaf22
commit
c3931ab1b7
2 changed files with 44 additions and 0 deletions
|
|
@ -122,11 +122,30 @@ func (rw *ResponseRecorder) WriteString(str string) (int, error) {
|
||||||
return len(str), nil
|
return len(str), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func checkWriteHeaderCode(code int) {
|
||||||
|
// Issue 22880: require valid WriteHeader status codes.
|
||||||
|
// For now we only enforce that it's three digits.
|
||||||
|
// In the future we might block things over 599 (600 and above aren't defined
|
||||||
|
// at https://httpwg.org/specs/rfc7231.html#status.codes)
|
||||||
|
// and we might block under 200 (once we have more mature 1xx support).
|
||||||
|
// But for now any three digits.
|
||||||
|
//
|
||||||
|
// We used to send "HTTP/1.1 000 0" on the wire in responses but there's
|
||||||
|
// no equivalent bogus thing we can realistically send in HTTP/2,
|
||||||
|
// so we'll consistently panic instead and help people find their bugs
|
||||||
|
// early. (We can't return an error from WriteHeader even if we wanted to.)
|
||||||
|
if code < 100 || code > 999 {
|
||||||
|
panic(fmt.Sprintf("invalid WriteHeader code %v", code))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// WriteHeader implements http.ResponseWriter.
|
// WriteHeader implements http.ResponseWriter.
|
||||||
func (rw *ResponseRecorder) WriteHeader(code int) {
|
func (rw *ResponseRecorder) WriteHeader(code int) {
|
||||||
if rw.wroteHeader {
|
if rw.wroteHeader {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
checkWriteHeaderCode(code)
|
||||||
rw.Code = code
|
rw.Code = code
|
||||||
rw.wroteHeader = true
|
rw.wroteHeader = true
|
||||||
if rw.HeaderMap == nil {
|
if rw.HeaderMap == nil {
|
||||||
|
|
|
||||||
|
|
@ -345,3 +345,28 @@ func TestParseContentLength(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ensure that httptest.Recorder panics when given a non-3 digit (XXX)
|
||||||
|
// status HTTP code. See https://golang.org/issues/45353
|
||||||
|
func TestRecorderPanicsOnNonXXXStatusCode(t *testing.T) {
|
||||||
|
badCodes := []int{
|
||||||
|
-100, 0, 99, 1000, 20000,
|
||||||
|
}
|
||||||
|
for _, badCode := range badCodes {
|
||||||
|
badCode := badCode
|
||||||
|
t.Run(fmt.Sprintf("Code=%d", badCode), func(t *testing.T) {
|
||||||
|
defer func() {
|
||||||
|
if r := recover(); r == nil {
|
||||||
|
t.Fatal("Expected a panic")
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
handler := func(rw http.ResponseWriter, _ *http.Request) {
|
||||||
|
rw.WriteHeader(badCode)
|
||||||
|
}
|
||||||
|
r, _ := http.NewRequest("GET", "http://example.org/", nil)
|
||||||
|
rw := NewRecorder()
|
||||||
|
handler(rw, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue