From 9b92ae2499922c0de254544b210ee0e40c9592f8 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Wed, 25 Aug 2021 18:07:25 +0200
Subject: [PATCH] http: add regression test for smuggling content length

PR-URL: https://github.com/nodejs-private/node-private/pull/285
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
---
 ...t-http-request-smuggling-content-length.js | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 test/parallel/test-http-request-smuggling-content-length.js

diff --git a/test/parallel/test-http-request-smuggling-content-length.js b/test/parallel/test-http-request-smuggling-content-length.js
new file mode 100644
index 00000000000000..4ae39b93f4aa99
--- /dev/null
+++ b/test/parallel/test-http-request-smuggling-content-length.js
@@ -0,0 +1,31 @@
+'use strict';
+
+const common = require('../common');
+const http = require('http');
+const net = require('net');
+const assert = require('assert');
+
+// Verify that a request with a space before the content length will result
+// in a 400 Bad Request.
+
+const server = http.createServer(common.mustNotCall());
+
+server.listen(0, common.mustCall(start));
+
+function start() {
+  const sock = net.connect(server.address().port);
+
+  sock.write('GET / HTTP/1.1\r\nHost: localhost:5000\r\n' +
+    'Content-Length : 5\r\n\r\nhello');
+
+  let body = '';
+  sock.setEncoding('utf8');
+  sock.on('data', (chunk) => {
+    body += chunk;
+  });
+  sock.on('end', common.mustCall(function() {
+    assert.strictEqual(body, 'HTTP/1.1 400 Bad Request\r\n' +
+      'Connection: close\r\n\r\n');
+    server.close();
+  }));
+}