def test_etag_override():
# Test that we can forcibly ignore ETags
http = httplib2.Http(cache=tests.get_cache_path())
response_kwargs = dict(
add_date=True,
add_etag=True,
)
with tests.server_reflect(request_count=3, **response_kwargs) as uri:
response, _ = http.request(uri, 'GET', headers={'accept-encoding': 'identity'})
assert response.status == 200
assert response['etag'] != ''
response, content = http.request(
uri, 'GET',
headers={'accept-encoding': 'identity', 'cache-control': 'max-age=0'},
)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get('if-none-match')
assert reflected.headers.get('if-none-match') != 'fred'
response, content = http.request(
uri, 'GET',
headers={'accept-encoding': 'identity', 'cache-control': 'max-age=0', 'if-none-match': 'fred'},
)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get('if-none-match') == 'fred'
def test_etag_ignore():
# Test that we can forcibly ignore ETags
http = httplib2.Http(cache=tests.get_cache_path())
response_kwargs = dict(add_date=True, add_etag=True)
with tests.server_reflect(request_count=3, **response_kwargs) as uri:
response, content = http.request(
uri, "GET", headers={"accept-encoding": "identity"})
assert response.status == 200
assert response["etag"] != ""
response, content = http.request(
uri,
"GET",
headers={
"accept-encoding": "identity",
"cache-control": "max-age=0"
},
)
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get("if-none-match")
http.ignore_etag = True
response, content = http.request(
uri,
"GET",
headers={
"accept-encoding": "identity",
"cache-control": "max-age=0"
},
)
assert not response.fromcache
reflected = tests.HttpRequest.from_bytes(content)
assert not reflected.headers.get("if-none-match")
def test_etag_override():
# Test that we can forcibly ignore ETags
http = httplib2.Http(cache=tests.get_cache_path())
response_kwargs = dict(add_date=True, add_etag=True)
with tests.server_reflect(request_count=3, **response_kwargs) as uri:
response, _ = http.request(uri, "GET", headers={"accept-encoding": "identity"})
assert response.status == 200
assert response["etag"] != ""
response, content = http.request(
uri,
"GET",
headers={"accept-encoding": "identity", "cache-control": "max-age=0"},
)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get("if-none-match")
assert reflected.headers.get("if-none-match") != "fred"
response, content = http.request(
uri,
"GET",
headers={
"accept-encoding": "identity",
"cache-control": "max-age=0",
"if-none-match": "fred",
},
)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get("if-none-match") == "fred"
def test_get_is_default_method():
# Test that GET is the default method
http = httplib2.Http()
with tests.server_reflect() as uri:
response, content = http.request(uri)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.method == 'GET'
def test_get_iri():
http = httplib2.Http()
query = u'?a=\N{CYRILLIC CAPITAL LETTER DJE}'
with tests.server_reflect() as uri:
response, content = http.request(uri + query, 'GET')
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.uri == '/?a=%D0%82'
def test_user_agent_non_default():
# Test that the default user-agent can be over-ridden
http = httplib2.Http()
with tests.server_reflect() as uri:
response, content = http.request(uri, 'GET', headers={'User-Agent': 'fred/1.0'})
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get('user-agent') == 'fred/1.0'
def test_get_iri():
http = httplib2.Http()
query = u"?a=\N{CYRILLIC CAPITAL LETTER DJE}"
with tests.server_reflect() as uri:
response, content = http.request(uri + query, "GET")
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.uri == "/?a=%D0%82"
def test_get_is_default_method():
# Test that GET is the default method
http = httplib2.Http()
with tests.server_reflect() as uri:
response, content = http.request(uri)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.method == "GET"
def test_user_agent():
# Test that we provide a default user-agent
http = httplib2.Http()
with tests.server_reflect() as uri:
response, content = http.request(uri, "GET")
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get("user-agent", "").startswith("Python-httplib2/")
def test_user_agent_non_default():
# Test that the default user-agent can be over-ridden
http = httplib2.Http()
with tests.server_reflect() as uri:
response, content = http.request(uri, "GET", headers={"User-Agent": "fred/1.0"})
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get("user-agent") == "fred/1.0"
def test_user_agent():
# Test that we provide a default user-agent
http = httplib2.Http()
with tests.server_reflect() as uri:
response, content = http.request(uri, 'GET')
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get('user-agent', '').startswith('Python-httplib2/')
def test_reflect():
http = httplib2.Http()
with tests.server_reflect() as uri:
response, content = http.request(uri + "?query", "METHOD")
assert response.status == 200
host = urllib.parse.urlparse(uri).netloc
assert content.startswith("""\
METHOD /?query HTTP/1.1\r\n\
Host: {host}\r\n""".format(host=host).encode()), content
def test_different_methods():
# Test that all methods can be used
http = httplib2.Http()
methods = ['GET', 'PUT', 'DELETE', 'POST', 'unknown']
with tests.server_reflect(request_count=len(methods)) as uri:
for method in methods:
response, content = http.request(uri, method, body=b" ")
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.method == method
def test_different_methods():
# Test that all methods can be used
http = httplib2.Http()
methods = ["GET", "PUT", "DELETE", "POST", "unknown"]
with tests.server_reflect(request_count=len(methods)) as uri:
for method in methods:
response, content = http.request(uri, method, body=b" ")
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.method == method
def test_inject_space():
# Injecting space into request line is precursor to CWE-93 and possibly other injections
http = httplib2.Http()
with tests.server_reflect() as uri:
# "\r\nignore-http:" suffix is nuance for current server implementation
# please only pay attention to space after "?q="
danger_url = urllib.parse.urljoin(uri, "?q= HTTP/1.1\r\nignore-http:")
response, content = http.request(danger_url, "GET")
assert response.status == 200
req = tests.HttpRequest.from_bytes(content)
assert req.uri == "/?q=%20HTTP/1.1%0D%0Aignore-http:"
def test_cwe93_inject_crlf():
# https://cwe.mitre.org/data/definitions/93.html
# GET /?q= HTTP/1.1 <- injected "HTTP/1.1" from attacker
# injected: attack
# ignore-http: HTTP/1.1 <- nominal "HTTP/1.1" from library
# Host: localhost:57285
http = httplib2.Http()
with tests.server_reflect() as uri:
danger_url = urllib.parse.urljoin(
uri, "?q= HTTP/1.1\r\ninjected: attack\r\nignore-http:")
response, content = http.request(danger_url, "GET")
assert response.status == 200
req = tests.HttpRequest.from_bytes(content)
assert req.headers.get("injected") is None
def test_inject_space():
# Injecting space into request line is precursor to CWE-93 and possibly other injections
http = httplib2.Http()
with tests.server_reflect() as uri:
# "\r\nignore-http:" suffix is nuance for current server implementation
# please only pay attention to space after "?q="
danger_url = urllib.parse.urljoin(uri, "?q= HTTP/1.1\r\nignore-http:")
response, content = http.request(danger_url, "GET")
assert response.status == 200
req = tests.HttpRequest.from_bytes(content)
expect = (
# new behavior after bpo-43882 fix
# https://github.com/httplib2/httplib2/issues/193
"/?q=%20HTTP/1.1ignore-http:",
# old behavior
"/?q=%20HTTP/1.1%0D%0Aignore-http:",
)
assert req.uri in expect
def test_etag_override():
# Test that we can forcibly ignore ETags
http = httplib2.Http(cache=tests.get_cache_path())
response_kwargs = dict(
add_date=True,
add_etag=True,
)
with tests.server_reflect(request_count=3, **response_kwargs) as uri:
response, _ = http.request(uri,
'GET',
headers={'accept-encoding': 'identity'})
assert response.status == 200
assert response['etag'] != ''
response, content = http.request(
uri,
'GET',
headers={
'accept-encoding': 'identity',
'cache-control': 'max-age=0'
},
)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get('if-none-match')
assert reflected.headers.get('if-none-match') != 'fred'
response, content = http.request(
uri,
'GET',
headers={
'accept-encoding': 'identity',
'cache-control': 'max-age=0',
'if-none-match': 'fred'
},
)
assert response.status == 200
reflected = tests.HttpRequest.from_bytes(content)
assert reflected.headers.get('if-none-match') == 'fred'