diff --git a/websocket/http.cpp b/websocket/http.cpp index fb897a8d01f92832b10806a1691744b870045a94..888e40b910d69f586e4f91fa6b85319ec3d27af0 100644 --- a/websocket/http.cpp +++ b/websocket/http.cpp @@ -62,6 +62,10 @@ bool HttpRequest::Decode(const std::string& request, HttpRequest& parsed) return false; } + if (request.find(ORIGIN) != std::string::npos) { + return false; + } + parsed.version = DecodeVersion(request, pos); parsed.connection = DecodeHeader(request, CONNECTION); parsed.upgrade = DecodeHeader(request, UPGRADE); diff --git a/websocket/http.h b/websocket/http.h index 8955404fa8eaf6daddc449761053fae3759eaf65..04efd2d4a23214c6d33a5ed719764efd6c4e1009 100644 --- a/websocket/http.h +++ b/websocket/http.h @@ -24,6 +24,7 @@ struct HttpBase { static constexpr std::string_view GET = "GET"; static constexpr std::string_view CONNECTION = "Connection: "; static constexpr std::string_view UPGRADE = "Upgrade: "; + static constexpr std::string_view ORIGIN = "Origin: "; static constexpr std::string_view SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept: "; static constexpr std::string_view SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key: "; diff --git a/websocket/test/http_decoder_test.cpp b/websocket/test/http_decoder_test.cpp index 55472dbe4b91ba94248ab5660bf0476ba6791f55..ac111ee64c8a6ccced2949028bca2d0826401417 100644 --- a/websocket/test/http_decoder_test.cpp +++ b/websocket/test/http_decoder_test.cpp @@ -23,7 +23,7 @@ using namespace OHOS::ArkCompiler::Toolchain; namespace panda::test { class HttpDecoderTest : public testing::Test { public: - static constexpr std::string_view REQUEST_HEADERS = "GET / HTTP/1.1\r\n" + static constexpr std::string_view REQUEST_ORIGIN_HEADERS = "GET / HTTP/1.1\r\n" "Host: 127.0.0.1:19015\r\n" "Connection: Upgrade\r\n" "Pragma: no-cache\r\n" @@ -36,6 +36,20 @@ public: "Accept-Language: en-US,en;q=0.9\r\n" "Sec-WebSocket-Key: AyuTxzyBTJJdViDskomT0Q==\r\n" "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits\r\n\r\n"; + std::string originRequestHeaders = std::string(REQUEST_ORIGIN_HEADERS); + + static constexpr std::string_view REQUEST_HEADERS = "GET / HTTP/1.1\r\n" + "Host: 127.0.0.1:19015\r\n" + "Connection: Upgrade\r\n" + "Pragma: no-cache\r\n" + "Cache-Control: no-cache\r\n" + "User-Agent: Mozilla/5.0 (X11; Linux x86_64) Chrome/117.0.0.0 Safari/537.36\r\n" + "Upgrade: websocket\r\n" + "Sec-WebSocket-Version: 13\r\n" + "Accept-Encoding: gzip, deflate, br\r\n" + "Accept-Language: en-US,en;q=0.9\r\n" + "Sec-WebSocket-Key: AyuTxzyBTJJdViDskomT0Q==\r\n" + "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits\r\n\r\n"; std::string requestHeaders = std::string(REQUEST_HEADERS); static constexpr std::string_view ERR_REQUEST_HEADERS = "GEY\r\n"; @@ -63,7 +77,7 @@ public: static constexpr std::string_view EXPECTED_SEC_WEBSOCKET_KEY = "AyuTxzyBTJJdViDskomT0Q=="; }; -HWTEST_F(HttpDecoderTest, TestRequestDecode, testing::ext::TestSize.Level0) +HWTEST_F(HttpDecoderTest, TestRequestDecode_1, testing::ext::TestSize.Level0) { HttpRequest parsed; auto succeeded = HttpRequest::Decode(requestHeaders, parsed); @@ -75,6 +89,14 @@ HWTEST_F(HttpDecoderTest, TestRequestDecode, testing::ext::TestSize.Level0) ASSERT_EQ(parsed.secWebSocketKey, EXPECTED_SEC_WEBSOCKET_KEY); } +HWTEST_F(HttpDecoderTest, TestRequestDecode_2, testing::ext::TestSize.Level0) +{ + HttpRequest parsed; + auto succeeded = HttpRequest::Decode(originRequestHeaders, parsed); + + ASSERT_FALSE(succeeded); +} + HWTEST_F(HttpDecoderTest, TestAbnormalRequestDecode, testing::ext::TestSize.Level0) { HttpRequest parsed;