rpc: disallow PUT and DELETE on HTTP (#15501)

Fixes #15493
2017-11-17 04:07:11 -08:00
parent b0190189a3
commit c5b8569707
2 changed files with 68 additions and 15 deletions
--- a/rpc/http_test.go
+++ b/rpc/http_test.go
@ -0,0 +1,40 @@
+package rpc
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func TestHTTPErrorResponseWithDelete(t *testing.T) {
+	httpErrorResponseTest(t, "DELETE", contentType, "", http.StatusMethodNotAllowed)
+}
+
+func TestHTTPErrorResponseWithPut(t *testing.T) {
+	httpErrorResponseTest(t, "PUT", contentType, "", http.StatusMethodNotAllowed)
+}
+
+func TestHTTPErrorResponseWithMaxContentLength(t *testing.T) {
+	body := make([]rune, maxHTTPRequestContentLength+1, maxHTTPRequestContentLength+1)
+	httpErrorResponseTest(t,
+		"POST", contentType, string(body), http.StatusRequestEntityTooLarge)
+}
+
+func TestHTTPErrorResponseWithEmptyContentType(t *testing.T) {
+	httpErrorResponseTest(t, "POST", "", "", http.StatusUnsupportedMediaType)
+}
+
+func TestHTTPErrorResponseWithValidRequest(t *testing.T) {
+	httpErrorResponseTest(t, "POST", contentType, "", 0)
+}
+
+func httpErrorResponseTest(t *testing.T,
+	method, contentType, body string, expectedResponse int) {
+
+	request := httptest.NewRequest(method, "http://url.com", strings.NewReader(body))
+	request.Header.Set("content-type", contentType)
+	if response, _ := httpErrorResponse(request); response != expectedResponse {
+		t.Fatalf("response code should be %d not %d", expectedResponse, response)
+	}
+}