From: Willy Tarreau <w@1wt.eu>
Date: Tue, 8 Aug 2023 17:53:51 +0000 (+0200)
Subject: REGTESTS: http-rules: verify that we block '#' by default for normalize-uri
X-Git-Tag: archive/raspbian/2.6.12-1+rpi1+deb12u1^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b694c5472f6d2d0c43204508701649551d336787;p=haproxy.git

REGTESTS: http-rules: verify that we block '#' by default for normalize-uri

Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=b6b330eb117d520a890e5b3cd623eaa73479db1b

Since we now block fragments by default, let's add an extra test there
to confirm that it's blocked even when stripping it.

(cherry picked from commit 4d0175b54b2b4eeb01aa6e31282b0a5b0d7d8ace)
 [ad: backported to test conformance of BUG/MINOR: h1: do not accept '#'
  as part of the URI component]
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit b3f26043df74c661155566a0abd56103e8116078)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 41d161ccbbfa846b4b17ed0166ff08f6bf0c3ea1)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>

Gbp-Pq: Name REGTESTS-http-rules-verify-that-we-block-by-default-.patch
---

diff --git a/reg-tests/http-rules/normalize_uri.vtc b/reg-tests/http-rules/normalize_uri.vtc
index 34905ea..ad7b44a 100644
--- a/reg-tests/http-rules/normalize_uri.vtc
+++ b/reg-tests/http-rules/normalize_uri.vtc
@@ -151,6 +151,11 @@ haproxy h1 -conf {
 
         default_backend be
 
+    frontend fe_fragment_block
+        bind "fd@${fe_fragment_block}"
+        http-request normalize-uri fragment-strip
+        default_backend be
+
     backend be
         server s1 ${s1_addr}:${s1_port}
 
@@ -536,3 +541,9 @@ client c10 -connect ${h1_fe_fragment_encode_sock} {
     expect resp.http.before == "*"
     expect resp.http.after == "*"
 } -run
+
+client c11 -connect ${h1_fe_fragment_block_sock} {
+    txreq -url "/#foo"
+    rxresp
+    expect resp.status == 400
+} -run