Skip to content

Commit

Permalink
feat(test): add jetty test for CVE-2023-40167 (tronprotocol#5600)
Browse files Browse the repository at this point in the history
Co-authored-by: morgan.peng <[email protected]>
  • Loading branch information
lurais and morgan.peng authored Nov 29, 2023
1 parent be07f5c commit a66316c
Showing 1 changed file with 63 additions and 0 deletions.
63 changes: 63 additions & 0 deletions framework/src/test/java/org/tron/common/jetty/JettyServerTest.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
package org.tron.common.jetty;

import java.net.URI;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

@Slf4j
public class JettyServerTest {
private static Server server;
private static URI serverUri;

@BeforeClass
public static void startJetty() throws Exception {
server = new Server();
ServerConnector connector = new ServerConnector(server);
connector.setPort(0);
server.addConnector(connector);

ServletContextHandler context = new ServletContextHandler();
ServletHolder defaultServ = new ServletHolder("default", DefaultServlet.class);
context.addServlet(defaultServ, "/");
server.setHandler(context);
server.start();
String host = connector.getHost();
if (host == null) {
host = "localhost";
}
int port = connector.getLocalPort();
serverUri = new URI(String.format("http://%s:%d/", host, port));
}

@AfterClass
public static void stopJetty() {
try {
server.stop();
} catch (Exception e) {
throw new RuntimeException(e);
}
}

@Test
public void testGet() throws Exception {
HttpClient client = new DefaultHttpClient();
HttpGet request = new HttpGet(serverUri.resolve("/"));
request.setHeader("Content-Length", "+450");
HttpResponse mockResponse = client.execute(request);
Assert.assertTrue(mockResponse.getStatusLine().toString().contains(
"400 Invalid Content-Length Value"));
}

}

0 comments on commit a66316c

Please sign in to comment.