mirror of https://github.com/golang/go.git
545 lines
14 KiB
Go
545 lines
14 KiB
Go
// Copyright 2011 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package multipart
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"io"
|
|
"math"
|
|
"net/textproto"
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestReadForm(t *testing.T) {
|
|
b := strings.NewReader(strings.ReplaceAll(message, "\n", "\r\n"))
|
|
r := NewReader(b, boundary)
|
|
f, err := r.ReadForm(25)
|
|
if err != nil {
|
|
t.Fatal("ReadForm:", err)
|
|
}
|
|
defer f.RemoveAll()
|
|
if g, e := f.Value["texta"][0], textaValue; g != e {
|
|
t.Errorf("texta value = %q, want %q", g, e)
|
|
}
|
|
if g, e := f.Value["textb"][0], textbValue; g != e {
|
|
t.Errorf("texta value = %q, want %q", g, e)
|
|
}
|
|
fd := testFile(t, f.File["filea"][0], "filea.txt", fileaContents)
|
|
if _, ok := fd.(*os.File); ok {
|
|
t.Error("file is *os.File, should not be")
|
|
}
|
|
fd.Close()
|
|
fd = testFile(t, f.File["fileb"][0], "fileb.txt", filebContents)
|
|
if _, ok := fd.(*os.File); !ok {
|
|
t.Errorf("file has unexpected underlying type %T", fd)
|
|
}
|
|
fd.Close()
|
|
}
|
|
|
|
func TestReadFormWithNamelessFile(t *testing.T) {
|
|
b := strings.NewReader(strings.ReplaceAll(messageWithFileWithoutName, "\n", "\r\n"))
|
|
r := NewReader(b, boundary)
|
|
f, err := r.ReadForm(25)
|
|
if err != nil {
|
|
t.Fatal("ReadForm:", err)
|
|
}
|
|
defer f.RemoveAll()
|
|
|
|
if g, e := f.Value["hiddenfile"][0], filebContents; g != e {
|
|
t.Errorf("hiddenfile value = %q, want %q", g, e)
|
|
}
|
|
}
|
|
|
|
// Issue 58384: Handle ReadForm(math.MaxInt64)
|
|
func TestReadFormWitFileNameMaxMemoryOverflow(t *testing.T) {
|
|
b := strings.NewReader(strings.ReplaceAll(messageWithFileName, "\n", "\r\n"))
|
|
r := NewReader(b, boundary)
|
|
f, err := r.ReadForm(math.MaxInt64)
|
|
if err != nil {
|
|
t.Fatalf("ReadForm(MaxInt64): %v", err)
|
|
}
|
|
defer f.RemoveAll()
|
|
|
|
fd := testFile(t, f.File["filea"][0], "filea.txt", fileaContents)
|
|
if _, ok := fd.(*os.File); ok {
|
|
t.Error("file is *os.File, should not be")
|
|
}
|
|
fd.Close()
|
|
}
|
|
|
|
// Issue 40430: Handle ReadForm(math.MaxInt64)
|
|
func TestReadFormMaxMemoryOverflow(t *testing.T) {
|
|
b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n"))
|
|
r := NewReader(b, boundary)
|
|
f, err := r.ReadForm(math.MaxInt64)
|
|
if err != nil {
|
|
t.Fatalf("ReadForm(MaxInt64): %v", err)
|
|
}
|
|
if f == nil {
|
|
t.Fatal("ReadForm(MaxInt64): missing form")
|
|
}
|
|
defer f.RemoveAll()
|
|
|
|
if g, e := f.Value["texta"][0], textaValue; g != e {
|
|
t.Errorf("texta value = %q, want %q", g, e)
|
|
}
|
|
}
|
|
|
|
func TestReadFormWithTextContentType(t *testing.T) {
|
|
// From https://github.com/golang/go/issues/24041
|
|
b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n"))
|
|
r := NewReader(b, boundary)
|
|
f, err := r.ReadForm(25)
|
|
if err != nil {
|
|
t.Fatal("ReadForm:", err)
|
|
}
|
|
defer f.RemoveAll()
|
|
|
|
if g, e := f.Value["texta"][0], textaValue; g != e {
|
|
t.Errorf("texta value = %q, want %q", g, e)
|
|
}
|
|
}
|
|
|
|
func testFile(t *testing.T, fh *FileHeader, efn, econtent string) File {
|
|
if fh.Filename != efn {
|
|
t.Errorf("filename = %q, want %q", fh.Filename, efn)
|
|
}
|
|
if fh.Size != int64(len(econtent)) {
|
|
t.Errorf("size = %d, want %d", fh.Size, len(econtent))
|
|
}
|
|
f, err := fh.Open()
|
|
if err != nil {
|
|
t.Fatal("opening file:", err)
|
|
}
|
|
b := new(strings.Builder)
|
|
_, err = io.Copy(b, f)
|
|
if err != nil {
|
|
t.Fatal("copying contents:", err)
|
|
}
|
|
if g := b.String(); g != econtent {
|
|
t.Errorf("contents = %q, want %q", g, econtent)
|
|
}
|
|
return f
|
|
}
|
|
|
|
const (
|
|
fileaContents = "This is a test file."
|
|
filebContents = "Another test file."
|
|
textaValue = "foo"
|
|
textbValue = "bar"
|
|
boundary = `MyBoundary`
|
|
)
|
|
|
|
const messageWithFileWithoutName = `
|
|
--MyBoundary
|
|
Content-Disposition: form-data; name="hiddenfile"; filename=""
|
|
Content-Type: text/plain
|
|
|
|
` + filebContents + `
|
|
--MyBoundary--
|
|
`
|
|
|
|
const messageWithFileName = `
|
|
--MyBoundary
|
|
Content-Disposition: form-data; name="filea"; filename="filea.txt"
|
|
Content-Type: text/plain
|
|
|
|
` + fileaContents + `
|
|
--MyBoundary--
|
|
`
|
|
|
|
const messageWithTextContentType = `
|
|
--MyBoundary
|
|
Content-Disposition: form-data; name="texta"
|
|
Content-Type: text/plain
|
|
|
|
` + textaValue + `
|
|
--MyBoundary
|
|
`
|
|
|
|
const message = `
|
|
--MyBoundary
|
|
Content-Disposition: form-data; name="filea"; filename="filea.txt"
|
|
Content-Type: text/plain
|
|
|
|
` + fileaContents + `
|
|
--MyBoundary
|
|
Content-Disposition: form-data; name="fileb"; filename="fileb.txt"
|
|
Content-Type: text/plain
|
|
|
|
` + filebContents + `
|
|
--MyBoundary
|
|
Content-Disposition: form-data; name="texta"
|
|
|
|
` + textaValue + `
|
|
--MyBoundary
|
|
Content-Disposition: form-data; name="textb"
|
|
|
|
` + textbValue + `
|
|
--MyBoundary--
|
|
`
|
|
|
|
func TestReadForm_NoReadAfterEOF(t *testing.T) {
|
|
maxMemory := int64(32) << 20
|
|
boundary := `---------------------------8d345eef0d38dc9`
|
|
body := `
|
|
-----------------------------8d345eef0d38dc9
|
|
Content-Disposition: form-data; name="version"
|
|
|
|
171
|
|
-----------------------------8d345eef0d38dc9--`
|
|
|
|
mr := NewReader(&failOnReadAfterErrorReader{t: t, r: strings.NewReader(body)}, boundary)
|
|
|
|
f, err := mr.ReadForm(maxMemory)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
t.Logf("Got: %#v", f)
|
|
}
|
|
|
|
// failOnReadAfterErrorReader is an io.Reader wrapping r.
|
|
// It fails t if any Read is called after a failing Read.
|
|
type failOnReadAfterErrorReader struct {
|
|
t *testing.T
|
|
r io.Reader
|
|
sawErr error
|
|
}
|
|
|
|
func (r *failOnReadAfterErrorReader) Read(p []byte) (n int, err error) {
|
|
if r.sawErr != nil {
|
|
r.t.Fatalf("unexpected Read on Reader after previous read saw error %v", r.sawErr)
|
|
}
|
|
n, err = r.r.Read(p)
|
|
r.sawErr = err
|
|
return
|
|
}
|
|
|
|
// TestReadForm_NonFileMaxMemory asserts that the ReadForm maxMemory limit is applied
|
|
// while processing non-file form data as well as file form data.
|
|
func TestReadForm_NonFileMaxMemory(t *testing.T) {
|
|
if testing.Short() {
|
|
t.Skip("skipping in -short mode")
|
|
}
|
|
n := 10 << 20
|
|
largeTextValue := strings.Repeat("1", n)
|
|
message := `--MyBoundary
|
|
Content-Disposition: form-data; name="largetext"
|
|
|
|
` + largeTextValue + `
|
|
--MyBoundary--
|
|
`
|
|
testBody := strings.ReplaceAll(message, "\n", "\r\n")
|
|
// Try parsing the form with increasing maxMemory values.
|
|
// Changes in how we account for non-file form data may cause the exact point
|
|
// where we change from rejecting the form as too large to accepting it to vary,
|
|
// but we should see both successes and failures.
|
|
const failWhenMaxMemoryLessThan = 128
|
|
for maxMemory := int64(0); maxMemory < failWhenMaxMemoryLessThan*2; maxMemory += 16 {
|
|
b := strings.NewReader(testBody)
|
|
r := NewReader(b, boundary)
|
|
f, err := r.ReadForm(maxMemory)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
if g := f.Value["largetext"][0]; g != largeTextValue {
|
|
t.Errorf("largetext mismatch: got size: %v, expected size: %v", len(g), len(largeTextValue))
|
|
}
|
|
f.RemoveAll()
|
|
if maxMemory < failWhenMaxMemoryLessThan {
|
|
t.Errorf("ReadForm(%v): no error, expect to hit memory limit when maxMemory < %v", maxMemory, failWhenMaxMemoryLessThan)
|
|
}
|
|
return
|
|
}
|
|
t.Errorf("ReadForm(x) failed for x < 1024, expect success")
|
|
}
|
|
|
|
// TestReadForm_MetadataTooLarge verifies that we account for the size of field names,
|
|
// MIME headers, and map entry overhead while limiting the memory consumption of parsed forms.
|
|
func TestReadForm_MetadataTooLarge(t *testing.T) {
|
|
for _, test := range []struct {
|
|
name string
|
|
f func(*Writer)
|
|
}{{
|
|
name: "large name",
|
|
f: func(fw *Writer) {
|
|
name := strings.Repeat("a", 10<<20)
|
|
w, _ := fw.CreateFormField(name)
|
|
w.Write([]byte("value"))
|
|
},
|
|
}, {
|
|
name: "large MIME header",
|
|
f: func(fw *Writer) {
|
|
h := make(textproto.MIMEHeader)
|
|
h.Set("Content-Disposition", `form-data; name="a"`)
|
|
h.Set("X-Foo", strings.Repeat("a", 10<<20))
|
|
w, _ := fw.CreatePart(h)
|
|
w.Write([]byte("value"))
|
|
},
|
|
}, {
|
|
name: "many parts",
|
|
f: func(fw *Writer) {
|
|
for i := 0; i < 110000; i++ {
|
|
w, _ := fw.CreateFormField("f")
|
|
w.Write([]byte("v"))
|
|
}
|
|
},
|
|
}} {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
var buf bytes.Buffer
|
|
fw := NewWriter(&buf)
|
|
test.f(fw)
|
|
if err := fw.Close(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
fr := NewReader(&buf, fw.Boundary())
|
|
_, err := fr.ReadForm(0)
|
|
if err != ErrMessageTooLarge {
|
|
t.Errorf("fr.ReadForm() = %v, want ErrMessageTooLarge", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
// TestReadForm_ManyFiles_Combined tests that a multipart form containing many files only
|
|
// results in a single on-disk file.
|
|
func TestReadForm_ManyFiles_Combined(t *testing.T) {
|
|
const distinct = false
|
|
testReadFormManyFiles(t, distinct)
|
|
}
|
|
|
|
// TestReadForm_ManyFiles_Distinct tests that setting GODEBUG=multipartfiles=distinct
|
|
// results in every file in a multipart form being placed in a distinct on-disk file.
|
|
func TestReadForm_ManyFiles_Distinct(t *testing.T) {
|
|
t.Setenv("GODEBUG", "multipartfiles=distinct")
|
|
const distinct = true
|
|
testReadFormManyFiles(t, distinct)
|
|
}
|
|
|
|
func testReadFormManyFiles(t *testing.T, distinct bool) {
|
|
var buf bytes.Buffer
|
|
fw := NewWriter(&buf)
|
|
const numFiles = 10
|
|
for i := 0; i < numFiles; i++ {
|
|
name := fmt.Sprint(i)
|
|
w, err := fw.CreateFormFile(name, name)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
w.Write([]byte(name))
|
|
}
|
|
if err := fw.Close(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
fr := NewReader(&buf, fw.Boundary())
|
|
fr.tempDir = t.TempDir()
|
|
form, err := fr.ReadForm(0)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
for i := 0; i < numFiles; i++ {
|
|
name := fmt.Sprint(i)
|
|
if got := len(form.File[name]); got != 1 {
|
|
t.Fatalf("form.File[%q] has %v entries, want 1", name, got)
|
|
}
|
|
fh := form.File[name][0]
|
|
file, err := fh.Open()
|
|
if err != nil {
|
|
t.Fatalf("form.File[%q].Open() = %v", name, err)
|
|
}
|
|
if distinct {
|
|
if _, ok := file.(*os.File); !ok {
|
|
t.Fatalf("form.File[%q].Open: %T, want *os.File", name, file)
|
|
}
|
|
}
|
|
got, err := io.ReadAll(file)
|
|
file.Close()
|
|
if string(got) != name || err != nil {
|
|
t.Fatalf("read form.File[%q]: %q, %v; want %q, nil", name, string(got), err, name)
|
|
}
|
|
}
|
|
dir, err := os.Open(fr.tempDir)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer dir.Close()
|
|
names, err := dir.Readdirnames(0)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
wantNames := 1
|
|
if distinct {
|
|
wantNames = numFiles
|
|
}
|
|
if len(names) != wantNames {
|
|
t.Fatalf("temp dir contains %v files; want 1", len(names))
|
|
}
|
|
if err := form.RemoveAll(); err != nil {
|
|
t.Fatalf("form.RemoveAll() = %v", err)
|
|
}
|
|
names, err = dir.Readdirnames(0)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if len(names) != 0 {
|
|
t.Fatalf("temp dir contains %v files; want 0", len(names))
|
|
}
|
|
}
|
|
|
|
func TestReadFormLimits(t *testing.T) {
|
|
for _, test := range []struct {
|
|
values int
|
|
files int
|
|
extraKeysPerFile int
|
|
wantErr error
|
|
godebug string
|
|
}{
|
|
{values: 1000},
|
|
{values: 1001, wantErr: ErrMessageTooLarge},
|
|
{values: 500, files: 500},
|
|
{values: 501, files: 500, wantErr: ErrMessageTooLarge},
|
|
{files: 1000},
|
|
{files: 1001, wantErr: ErrMessageTooLarge},
|
|
{files: 1, extraKeysPerFile: 9998}, // plus Content-Disposition and Content-Type
|
|
{files: 1, extraKeysPerFile: 10000, wantErr: ErrMessageTooLarge},
|
|
{godebug: "multipartmaxparts=100", values: 100},
|
|
{godebug: "multipartmaxparts=100", values: 101, wantErr: ErrMessageTooLarge},
|
|
{godebug: "multipartmaxheaders=100", files: 2, extraKeysPerFile: 48},
|
|
{godebug: "multipartmaxheaders=100", files: 2, extraKeysPerFile: 50, wantErr: ErrMessageTooLarge},
|
|
} {
|
|
name := fmt.Sprintf("values=%v/files=%v/extraKeysPerFile=%v", test.values, test.files, test.extraKeysPerFile)
|
|
if test.godebug != "" {
|
|
name += fmt.Sprintf("/godebug=%v", test.godebug)
|
|
}
|
|
t.Run(name, func(t *testing.T) {
|
|
if test.godebug != "" {
|
|
t.Setenv("GODEBUG", test.godebug)
|
|
}
|
|
var buf bytes.Buffer
|
|
fw := NewWriter(&buf)
|
|
for i := 0; i < test.values; i++ {
|
|
w, _ := fw.CreateFormField(fmt.Sprintf("field%v", i))
|
|
fmt.Fprintf(w, "value %v", i)
|
|
}
|
|
for i := 0; i < test.files; i++ {
|
|
h := make(textproto.MIMEHeader)
|
|
h.Set("Content-Disposition",
|
|
fmt.Sprintf(`form-data; name="file%v"; filename="file%v"`, i, i))
|
|
h.Set("Content-Type", "application/octet-stream")
|
|
for j := 0; j < test.extraKeysPerFile; j++ {
|
|
h.Set(fmt.Sprintf("k%v", j), "v")
|
|
}
|
|
w, _ := fw.CreatePart(h)
|
|
fmt.Fprintf(w, "value %v", i)
|
|
}
|
|
if err := fw.Close(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
fr := NewReader(bytes.NewReader(buf.Bytes()), fw.Boundary())
|
|
form, err := fr.ReadForm(1 << 10)
|
|
if err == nil {
|
|
defer form.RemoveAll()
|
|
}
|
|
if err != test.wantErr {
|
|
t.Errorf("ReadForm = %v, want %v", err, test.wantErr)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestReadFormEndlessHeaderLine(t *testing.T) {
|
|
for _, test := range []struct {
|
|
name string
|
|
prefix string
|
|
}{{
|
|
name: "name",
|
|
prefix: "X-",
|
|
}, {
|
|
name: "value",
|
|
prefix: "X-Header: ",
|
|
}, {
|
|
name: "continuation",
|
|
prefix: "X-Header: foo\r\n ",
|
|
}} {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
const eol = "\r\n"
|
|
s := `--boundary` + eol
|
|
s += `Content-Disposition: form-data; name="a"` + eol
|
|
s += `Content-Type: text/plain` + eol
|
|
s += test.prefix
|
|
fr := io.MultiReader(
|
|
strings.NewReader(s),
|
|
neverendingReader('X'),
|
|
)
|
|
r := NewReader(fr, "boundary")
|
|
_, err := r.ReadForm(1 << 20)
|
|
if err != ErrMessageTooLarge {
|
|
t.Fatalf("ReadForm(1 << 20): %v, want ErrMessageTooLarge", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
type neverendingReader byte
|
|
|
|
func (r neverendingReader) Read(p []byte) (n int, err error) {
|
|
for i := range p {
|
|
p[i] = byte(r)
|
|
}
|
|
return len(p), nil
|
|
}
|
|
|
|
func BenchmarkReadForm(b *testing.B) {
|
|
for _, test := range []struct {
|
|
name string
|
|
form func(fw *Writer, count int)
|
|
}{{
|
|
name: "fields",
|
|
form: func(fw *Writer, count int) {
|
|
for i := 0; i < count; i++ {
|
|
w, _ := fw.CreateFormField(fmt.Sprintf("field%v", i))
|
|
fmt.Fprintf(w, "value %v", i)
|
|
}
|
|
},
|
|
}, {
|
|
name: "files",
|
|
form: func(fw *Writer, count int) {
|
|
for i := 0; i < count; i++ {
|
|
w, _ := fw.CreateFormFile(fmt.Sprintf("field%v", i), fmt.Sprintf("file%v", i))
|
|
fmt.Fprintf(w, "value %v", i)
|
|
}
|
|
},
|
|
}} {
|
|
b.Run(test.name, func(b *testing.B) {
|
|
for _, maxMemory := range []int64{
|
|
0,
|
|
1 << 20,
|
|
} {
|
|
var buf bytes.Buffer
|
|
fw := NewWriter(&buf)
|
|
test.form(fw, 10)
|
|
if err := fw.Close(); err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
b.Run(fmt.Sprintf("maxMemory=%v", maxMemory), func(b *testing.B) {
|
|
b.ReportAllocs()
|
|
for i := 0; i < b.N; i++ {
|
|
fr := NewReader(bytes.NewReader(buf.Bytes()), fw.Boundary())
|
|
form, err := fr.ReadForm(maxMemory)
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
form.RemoveAll()
|
|
}
|
|
|
|
})
|
|
}
|
|
})
|
|
}
|
|
}
|