Closed Bug 1947459 Opened 1 year ago Closed 1 month ago

[wpt-sync] Sync PR 50629 - Tests for HTTP/1.1 Parsing (NUL, CR, LF, Colon and more)

Categories

(Core :: DOM: Networking, task, P4)

task

Tracking

()

RESOLVED FIXED
152 Branch
Tracking Status
firefox152 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(Blocks 1 open bug, )

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 50629 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/50629
Details from upstream follow.

Jannis Rautenstrauch <33023300+JannisBush@users.noreply.github.com> wrote:

Tests for HTTP/1.1 Parsing (NUL, CR, LF, Colon and more)

Parsing (invalid) HTTP/1.1 responses is not fully defined in HTTP and Fetch and browser behavior diverges from the specs and between different browsers and there are not many tests in WPT yet. The aim of this pull request is to document the current browser behavior for various edge cases and start standardizing edge case behavior.

This pull requests adds a bunch of tests for (invalid) HTTP/1.1 responses for various edge cases. The tests are marked as tentative.
The tests are about the general parsing of (invalid) HTTP/1.1 messages and are not about the parsing of individual (invalid) headers such as how browsers should handle invalid bytes in CSP headers (Pull Request for that here).

All tests use the following base response and inject various bytes in different places to test both status-line and header-line parsing.
There are two types of tests:

  • fetch tests: they fetch the resource and either fail (Network Error) or fetch the resource (Valid)
  • framing tests: they frame the resource in an IFrame. They can result in Network Error (browser renders an error frame), active-XFO (browser renders an error frame due to XFO), or render the iframe (no-XFO, either the value is invalid or the full header line containing XFO is ignored). Note that the tests currently do not distinguish between Network Error and active-XFO.
HTTP/1.1 200 OK
X-Frame-Options: DENY
Content-Length: 5

Test.

The following shows all the injection points and their names:

<first>HT<in-http>TP<before-slash>/<after-slash>1<before-dot>.<after-dot>1<after-ver> <before-num>200<after-num> <before-reason>OK<after-reason>
<leading>X-Frame<in-name>-Options<before-colon>:<after-colon>DE<in-value>NY<after-value>
Content-Length: 5

Test.

The following bytes are injected: LF, CR, HTAB, SP, NUL, COLON.

The expected behavior is described in a mapping:

let expected = {
    "SP": {
        "first": ["Network Error", "Network Error"],
        ...
        "in-value": ["Valid", "no-XFO"],
        "after-value": ["Valid", "active-XFO"]
    },
    ...
}

Currently, there are 102*2=204 tests. In the future, other characters could be injected or other tests can be added.
The initial expected mapping is strict and expects "Network Error" for almost everything that is not explicitly allowed.
The current results are (both on HTTP and HTTPS):

  • Chrome: 114 Pass, 90 Fail
  • Firefox: 61 Pass, 143 Fail
  • Safari: 92 Pass, 112 Fail

See also:

Component: web-platform-tests → DOM: Networking
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]

CI Results

Ran 8 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 20 tests and 16 subtests

Status Summary

Firefox

OK : 17[GitHub] 20[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-25h2-debug, Gecko-windows11-64-25h2-debug, Gecko-windows11-64-25h2-opt]
PASS: 64[GitHub] 85[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-25h2-debug, Gecko-windows11-64-25h2-debug, Gecko-windows11-64-25h2-opt]
FAIL: 140[GitHub] 149[Gecko-android-em-14-x86_64-debug-geckoview, Gecko-android-em-14-x86_64-lite-opt-geckoview, Gecko-android-em-14-x86_64-opt-geckoview, Gecko-linux2404-64-debug, Gecko-linux2404-64-opt, Gecko-windows11-32-25h2-debug, Gecko-windows11-64-25h2-debug, Gecko-windows11-64-25h2-opt]

Chrome

OK : 17
PASS: 114
FAIL: 90

Safari

OK : 17
PASS: 88
FAIL: 116

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

Firefox-only Failures

New Tests That Don't Pass

  • /fetch/h1-parsing/h1-parsing.tentative.html?include=after-ver [wpt.fyi]
    • LF at <after-ver> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • CR at <after-ver> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • HTAB at <after-ver> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <after-ver> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • NUL at <after-ver> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • COLON at <after-ver> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=before-dot [wpt.fyi]
    • LF at <before-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • LF at <before-dot> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • CR at <before-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • CR at <before-dot> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • HTAB at <before-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • HTAB at <before-dot> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • SP at <before-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <before-dot> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <before-dot> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • NUL at <before-dot> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <before-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • COLON at <before-dot> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=after-slash [wpt.fyi]
    • LF at <after-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • LF at <after-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • CR at <after-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • CR at <after-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • HTAB at <after-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • HTAB at <after-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • SP at <after-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <after-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <after-slash> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • NUL at <after-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <after-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • COLON at <after-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=after-reason [wpt.fyi]
    • LF at <after-reason> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • LF at <after-reason> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <after-reason> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • NUL at <after-reason> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <after-reason> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=before-slash [wpt.fyi]
    • LF at <before-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • LF at <before-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • CR at <before-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • CR at <before-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • HTAB at <before-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • HTAB at <before-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • SP at <before-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <before-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <before-slash> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • NUL at <before-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <before-slash> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • COLON at <before-slash> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=in-name [wpt.fyi]
    • LF at <in-name> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • LF at <in-name> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <in-name> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <in-name> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • HTAB at <in-name> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • HTAB at <in-name> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • SP at <in-name> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • SP at <in-name> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • NUL at <in-name> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <in-name> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <in-name> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <in-name> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=in-http [wpt.fyi]
    • LF at <in-http> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • LF at <in-http> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • CR at <in-http> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • CR at <in-http> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • HTAB at <in-http> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • HTAB at <in-http> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • SP at <in-http> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • SP at <in-http> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <in-http> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • NUL at <in-http> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <in-http> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • COLON at <in-http> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=before-num [wpt.fyi]
    • LF at <before-num> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • CR at <before-num> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • HTAB at <before-num> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <before-num> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • NUL at <before-num> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <before-num> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=after-dot [wpt.fyi]
    • LF at <after-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • CR at <after-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • HTAB at <after-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <after-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • NUL at <after-dot> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • COLON at <after-dot> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=before-reason [wpt.fyi]
    • LF at <before-reason> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <before-reason> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • NUL at <before-reason> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <before-reason> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=after-num [wpt.fyi]
    • LF at <after-num> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <after-num> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • HTAB at <after-num> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <after-num> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • NUL at <after-num> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <after-num> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=first [wpt.fyi]
    • LF at <first> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <first> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • HTAB at <first> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • SP at <first> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • NUL at <first> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: PASS)
    • COLON at <first> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=leading [wpt.fyi]
    • LF at <leading> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • LF at <leading> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <leading> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • CR at <leading> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • HTAB at <leading> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • HTAB at <leading> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • SP at <leading> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • SP at <leading> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • NUL at <leading> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <leading> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <leading> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <leading> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=after-colon [wpt.fyi]
    • LF at <after-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • LF at <after-colon> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <after-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <after-colon> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <after-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <after-colon> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=after-value [wpt.fyi]
    • LF at <after-value> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <after-value> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <after-value> should result in Network Error frame: FAIL (Chrome: PASS, Safari: PASS)
    • COLON at <after-value> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <after-value> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=before-colon [wpt.fyi]
    • LF at <before-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • LF at <before-colon> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <before-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <before-colon> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • HTAB at <before-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • HTAB at <before-colon> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • SP at <before-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • SP at <before-colon> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <before-colon> should result in Network Error (fetch): FAIL (Chrome: PASS, Safari: FAIL)
    • NUL at <before-colon> should result in Network Error frame: FAIL (Chrome: PASS, Safari: FAIL)
    • COLON at <before-colon> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <before-colon> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/h1-parsing.tentative.html?include=in-value [wpt.fyi]
    • LF at <in-value> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • LF at <in-value> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • CR at <in-value> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: PASS)
    • CR at <in-value> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <in-value> should result in Network Error (fetch): FAIL (Chrome: FAIL, Safari: FAIL)
    • COLON at <in-value> should result in Network Error frame: FAIL (Chrome: FAIL, Safari: FAIL)
  • /fetch/h1-parsing/lone-cr.window.html [wpt.fyi]
    • Parsing response with a lone CR before message-body (HTTP/1.1 200
      OK

BODY): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK

Header: Value

BODY): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK
    Header
    : Value

BODY): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK
    Header:
    Value

BODY): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK
    Header: Value

Body): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK
    Header: Value

BODY): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK
    Header: Value
    Header2: Value2

BODY): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK
    Header: Value

BODY): FAIL

  • Parsing response with a lone CR before message-body (HTTP/1.1 200 OK
    Header: Value

): FAIL

Status: NEW → RESOLVED
Closed: 1 month ago
Resolution: --- → FIXED
Target Milestone: --- → 152 Branch
You need to log in before you can comment on or make changes to this bug.