Software / code / prosody
Annotate
spec/net_websocket_frames_spec.lua @ 13854:0b01f40df0f9 13.0
mod_http_file_share: Add media-src 'self' to Content-Security-Policy header
This allows certain media files to be loaded when navigated to directly in a
web browser.
Note that in some browsers (Chrome), the media gets transformed
internally into a HTML page with some basic styles, but these are blocked due
to our default-src policy of 'none' Although this could be unblocked with
style-src unsafe-inline, it is not our plan to fix this, because this would
have negative security implications.
The reason for our CSP is to prevent the file share service from being used to
host malicious HTML/CSS/JS. Yes, CSS can be malicious.
Our file share service is for uploading and downloading files, it is not a
substitute for website/content hosting.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 18 Apr 2025 12:25:06 +0100 |
| parent | 11166:51e5149ed0ad |
| rev | line source |
|---|---|
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 describe("net.websocket.frames", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local nwf = require "net.websocket.frames"; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local test_frames = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 simple_empty = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 ["opcode"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 ["length"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 ["data"] = ""; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 ["FIN"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 ["MASK"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 ["RSV1"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 ["RSV2"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 ["RSV3"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 }; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 simple_data = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 ["opcode"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 ["length"] = 5; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 ["data"] = "hello"; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 ["FIN"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 ["MASK"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 ["RSV1"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 ["RSV2"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 ["RSV3"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 }; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 simple_fin = { |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 ["opcode"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 ["length"] = 0; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 ["data"] = ""; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 ["FIN"] = true; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 ["MASK"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 ["RSV1"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 ["RSV2"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 ["RSV3"] = false; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 }; |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
35 with_mask = { |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
36 ["opcode"] = 0; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
37 ["length"] = 5; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
38 ["data"] = "hello"; |
|
11164
4e5a2af9dd19
net.websocket.frames: Use C string XOR implementation
Kim Alvefur <zash@zash.se>
parents:
11162
diff
changeset
|
39 ["key"] = " \0 \0"; |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
40 ["FIN"] = true; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
41 ["MASK"] = true; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
42 ["RSV1"] = false; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
43 ["RSV2"] = false; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
44 ["RSV3"] = false; |
|
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
45 }; |
|
11165
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
46 empty_with_mask = { |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
47 ["opcode"] = 0; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
48 ["key"] = " \0 \0"; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
49 ["FIN"] = true; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
50 ["MASK"] = true; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
51 ["RSV1"] = false; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
52 ["RSV2"] = false; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
53 ["RSV3"] = false; |
|
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
54 }; |
|
10584
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
55 ping = { |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
56 ["opcode"] = 0x9; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
57 ["length"] = 4; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
58 ["data"] = "ping"; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
59 ["FIN"] = true; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
60 ["MASK"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
61 ["RSV1"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
62 ["RSV2"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
63 ["RSV3"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
64 }; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
65 pong = { |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
66 ["opcode"] = 0xa; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
67 ["length"] = 4; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
68 ["data"] = "pong"; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
69 ["FIN"] = true; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
70 ["MASK"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
71 ["RSV1"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
72 ["RSV2"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
73 ["RSV3"] = false; |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
74 }; |
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 } |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 describe("build", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 local build = nwf.build; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 it("works", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 assert.equal("\0\0", build(test_frames.simple_empty)); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 assert.equal("\0\5hello", build(test_frames.simple_data)); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 assert.equal("\128\0", build(test_frames.simple_fin)); |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
83 assert.equal("\128\133 \0 \0HeLlO", build(test_frames.with_mask)) |
|
11165
eae8046d51fc
net.websocket.frames: Add test for empty frame with MASK and key set
Matthew Wild <mwild1@gmail.com>
parents:
11164
diff
changeset
|
84 assert.equal("\128\128 \0 \0", build(test_frames.empty_with_mask)) |
|
10584
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
85 assert.equal("\137\4ping", build(test_frames.ping)); |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
86 assert.equal("\138\4pong", build(test_frames.pong)); |
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 describe("parse", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 local parse = nwf.parse; |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 it("works", function () |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 assert.same(test_frames.simple_empty, parse("\0\0")); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 assert.same(test_frames.simple_data, parse("\0\5hello")); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 assert.same(test_frames.simple_fin, parse("\128\0")); |
|
11162
ee399a0522cc
net.websocket.frames: Add small test covering xor-masking
Kim Alvefur <zash@zash.se>
parents:
9660
diff
changeset
|
96 assert.same(test_frames.with_mask, parse("\128\133 \0 \0HeLlO")); |
|
10584
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
97 assert.same(test_frames.ping, parse("\137\4ping")); |
|
0c464bb7eb03
net.websocket.frames: Add ping and pong test cases
Kim Alvefur <zash@zash.se>
parents:
10583
diff
changeset
|
98 assert.same(test_frames.pong, parse("\138\4pong")); |
|
9660
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 end); |
|
7e75c348095b
net.websocket.frames: Add some brief tests
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
