Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backport: v7.x: #10654 #10889

Merged
merged 6 commits into from
Jan 25, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions benchmark/http/create-clientrequest.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
'use strict';

var common = require('../common.js');
var ClientRequest = require('http').ClientRequest;

var bench = common.createBenchmark(main, {
pathlen: [1, 8, 16, 32, 64, 128],
n: [1e6]
});

function main(conf) {
var pathlen = +conf.pathlen;
var n = +conf.n;

var path = '/'.repeat(pathlen);
var opts = { path: path, createConnection: function() {} };

bench.start();
for (var i = 0; i < n; i++) {
new ClientRequest(opts);
}
bench.end(n);
}
79 changes: 61 additions & 18 deletions lib/_http_client.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,34 @@ const Agent = require('_http_agent');
const Buffer = require('buffer').Buffer;


// The actual list of disallowed characters in regexp form is more like:
// /[^A-Za-z0-9\-._~!$&'()*+,;=/:@]/
// with an additional rule for ignoring percentage-escaped characters, but
// that's a) hard to capture in a regular expression that performs well, and
// b) possibly too restrictive for real-world usage. So instead we restrict the
// filter to just control characters and spaces.
//
// This function is used in the case of small paths, where manual character code
// checks can greatly outperform the equivalent regexp (tested in V8 5.4).
function isInvalidPath(s) {
var i = 0;
if (s.charCodeAt(0) <= 32) return true;
if (++i >= s.length) return false;
if (s.charCodeAt(1) <= 32) return true;
if (++i >= s.length) return false;
if (s.charCodeAt(2) <= 32) return true;
if (++i >= s.length) return false;
if (s.charCodeAt(3) <= 32) return true;
if (++i >= s.length) return false;
if (s.charCodeAt(4) <= 32) return true;
if (++i >= s.length) return false;
if (s.charCodeAt(5) <= 32) return true;
++i;
for (; i < s.length; ++i)
if (s.charCodeAt(i) <= 32) return true;
return false;
}

function ClientRequest(options, cb) {
var self = this;
OutgoingMessage.call(self);
Expand Down Expand Up @@ -43,14 +71,20 @@ function ClientRequest(options, cb) {
if (self.agent && self.agent.protocol)
expectedProtocol = self.agent.protocol;

if (options.path && /[\u0000-\u0020]/.test(options.path)) {
// The actual regex is more like /[^A-Za-z0-9\-._~!$&'()*+,;=/:@]/
// with an additional rule for ignoring percentage-escaped characters
// but that's a) hard to capture in a regular expression that performs
// well, and b) possibly too restrictive for real-world usage.
// Restrict the filter to control characters and spaces.
throw new TypeError('Request path contains unescaped characters');
} else if (protocol !== expectedProtocol) {
var path;
if (options.path) {
path = '' + options.path;
var invalidPath;
if (path.length <= 39) { // Determined experimentally in V8 5.4
invalidPath = isInvalidPath(path);
} else {
invalidPath = /[\u0000-\u0020]/.test(path);
}
if (invalidPath)
throw new TypeError('Request path contains unescaped characters');
}

if (protocol !== expectedProtocol) {
throw new Error('Protocol "' + protocol + '" not supported. ' +
'Expected "' + expectedProtocol + '"');
}
Expand All @@ -61,26 +95,36 @@ function ClientRequest(options, cb) {
var port = options.port = options.port || defaultPort || 80;
var host = options.host = options.hostname || options.host || 'localhost';

if (options.setHost === undefined) {
var setHost = true;
}
var setHost = (options.setHost === undefined);

self.socketPath = options.socketPath;
self.timeout = options.timeout;

var method = self.method = (options.method || 'GET').toUpperCase();
if (!common._checkIsHttpToken(method)) {
throw new TypeError('Method must be a valid HTTP token');
var method = options.method;
var methodIsString = (typeof method === 'string');
if (method != null && !methodIsString) {
throw new TypeError('Method must be a string');
}

if (methodIsString && method) {
if (!common._checkIsHttpToken(method)) {
throw new TypeError('Method must be a valid HTTP token');
}
method = self.method = method.toUpperCase();
} else {
method = self.method = 'GET';
}

self.path = options.path || '/';
if (cb) {
self.once('response', cb);
}

if (!Array.isArray(options.headers)) {
var headersArray = Array.isArray(options.headers);
if (!headersArray) {
if (options.headers) {
var keys = Object.keys(options.headers);
for (var i = 0, l = keys.length; i < l; i++) {
for (var i = 0; i < keys.length; i++) {
var key = keys[i];
self.setHeader(key, options.headers[key]);
}
Expand All @@ -106,7 +150,6 @@ function ClientRequest(options, cb) {
}

if (options.auth && !this.getHeader('Authorization')) {
//basic auth
this.setHeader('Authorization', 'Basic ' +
Buffer.from(options.auth).toString('base64'));
}
Expand All @@ -121,7 +164,7 @@ function ClientRequest(options, cb) {
self.useChunkedEncodingByDefault = true;
}

if (Array.isArray(options.headers)) {
if (headersArray) {
self._storeHeader(self.method + ' ' + self.path + ' HTTP/1.1\r\n',
options.headers);
} else if (self.getHeader('expect')) {
Expand Down
2 changes: 0 additions & 2 deletions lib/_http_common.js
Original file line number Diff line number Diff line change
Expand Up @@ -265,8 +265,6 @@ var validTokens = [
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 // ... 255
];
function checkIsHttpToken(val) {
if (typeof val !== 'string' || val.length === 0)
return false;
if (!validTokens[val.charCodeAt(0)])
return false;
if (val.length < 2)
Expand Down
28 changes: 14 additions & 14 deletions lib/_http_outgoing.js
Original file line number Diff line number Diff line change
Expand Up @@ -319,18 +319,18 @@ function _storeHeader(firstLine, headers) {
if (state.sentExpect) this._send('');
}

function storeHeader(self, state, field, value) {
if (!checkIsHttpToken(field)) {
function storeHeader(self, state, key, value) {
if (typeof key !== 'string' || !key || !checkIsHttpToken(key)) {
throw new TypeError(
'Header name must be a valid HTTP Token ["' + field + '"]');
'Header name must be a valid HTTP Token ["' + key + '"]');
}
if (checkInvalidHeaderChar(value)) {
debug('Header "%s" contains invalid characters', field);
debug('Header "%s" contains invalid characters', key);
throw new TypeError('The header content contains invalid characters');
}
state.messageHeader += field + ': ' + escapeHeaderValue(value) + CRLF;
state.messageHeader += key + ': ' + escapeHeaderValue(value) + CRLF;

if (connectionExpression.test(field)) {
if (connectionExpression.test(key)) {
state.sentConnectionHeader = true;
if (connCloseExpression.test(value)) {
self._last = true;
Expand All @@ -339,26 +339,26 @@ function storeHeader(self, state, field, value) {
}
if (connUpgradeExpression.test(value))
state.sentConnectionUpgrade = true;
} else if (transferEncodingExpression.test(field)) {
} else if (transferEncodingExpression.test(key)) {
state.sentTransferEncodingHeader = true;
if (trfrEncChunkExpression.test(value)) self.chunkedEncoding = true;

} else if (contentLengthExpression.test(field)) {
} else if (contentLengthExpression.test(key)) {
state.sentContentLengthHeader = true;
} else if (dateExpression.test(field)) {
} else if (dateExpression.test(key)) {
state.sentDateHeader = true;
} else if (expectExpression.test(field)) {
} else if (expectExpression.test(key)) {
state.sentExpect = true;
} else if (trailerExpression.test(field)) {
} else if (trailerExpression.test(key)) {
state.sentTrailer = true;
} else if (upgradeExpression.test(field)) {
} else if (upgradeExpression.test(key)) {
state.sentUpgrade = true;
}
}


OutgoingMessage.prototype.setHeader = function setHeader(name, value) {
if (!checkIsHttpToken(name))
if (typeof name !== 'string' || !name || !checkIsHttpToken(name))
throw new TypeError(
'Header name must be a valid HTTP Token ["' + name + '"]');
if (value === undefined)
Expand Down Expand Up @@ -538,7 +538,7 @@ OutgoingMessage.prototype.addTrailers = function addTrailers(headers) {
field = key;
value = headers[key];
}
if (!checkIsHttpToken(field)) {
if (typeof field !== 'string' || !field || !checkIsHttpToken(field)) {
throw new TypeError(
'Trailer name must be a valid HTTP Token ["' + field + '"]');
}
Expand Down
24 changes: 24 additions & 0 deletions test/parallel/test-http-client-defaults.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
'use strict';
require('../common');
const assert = require('assert');
const ClientRequest = require('http').ClientRequest;

function noop() {}

{
const req = new ClientRequest({ createConnection: noop });
assert.strictEqual(req.path, '/');
assert.strictEqual(req.method, 'GET');
}

{
const req = new ClientRequest({ method: '', createConnection: noop });
assert.strictEqual(req.path, '/');
assert.strictEqual(req.method, 'GET');
}

{
const req = new ClientRequest({ path: '', createConnection: noop });
assert.strictEqual(req.path, '/');
assert.strictEqual(req.method, 'GET');
}