aboutsummaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)Author
2020-05-20204 and 304 responses must not include a bodyLoïc Hoguin
When calling cowboy_req:reply/4 with a body a crash will occur resulting in a 500 response. When calling cowboy_req:stream_reply/2,3 and then attempting to send a body a crash will occur.
2020-05-20Increase the default max_keepalive HTTP option to 1000Loïc Hoguin
100 is very low for current deployments. 1000 is more appropriate as a default value.
2020-05-20Don't stop listeners that don't exist in static_handler_SUITELoïc Hoguin
2020-04-08Increase the timetrap timeout in req_SUITE on WindowsLoïc Hoguin
Still seeing intermittent failures on Windows due to timetrap so let's see if doubling the timeout again helps.
2020-04-08Get rid of timeouts in metrics_SUITELoïc Hoguin
Again to avoid intermittent issues.
2020-04-07Allow {error, enotconn} as test success in security_SUITELoïc Hoguin
This happens from time to time on Windows and is partially due to how the test is written.
2020-04-06Rely on timetrap timeouts for tracer_SUITELoïc Hoguin
2020-04-06NO_PARALLEL=1 will disable (most) parallel testingLoïc Hoguin
This is to make up for very slow or low resource environments, like the FreeBSD CI environment currently.
2020-04-06Increase the req_SUITE timetrap timeout on WindowsLoïc Hoguin
The local network is much slower so the tests take longer there.
2020-04-05Reduce the pipeline test body sizes to avoid filling send buffersLoïc Hoguin
This causes the test to get stuck because both the client and server end up waiting in Transport:send for the other side to read data from the socket.
2020-04-02Disable ws_SUITE:unlimited_connections on WindowsLoïc Hoguin
2020-04-02Skip ws_SUITE:unlimited_connections when ulimit -n is too lowLoïc Hoguin
2020-04-02Make req_SUITE:read*_body_urlencoded_too_long tests reliableLoïc Hoguin
2020-04-02Use infinity timeout for gun:await* calls in req_SUITELoïc Hoguin
2020-04-02Rework the req_SUITE:read_body_period testLoïc Hoguin
To avoid intermittent test failures. We only want to make sure the function eventually returns so we don't need to use timeouts in the test itself, or check exactly what was read.
2020-04-01Change a few flaky tests to use timetrap and infinity timeoutsLoïc Hoguin
The experiment was successful in Gun, let's see if it helps with Cowboy as well.
2020-04-01Fix h2spec "invalid preface sequence" testLoïc Hoguin
Introduce a currently undocumented option to allow disabling cowboy_http when using a clear listener.
2020-03-30Fix the req_SUITE:parse_cookie testLoïc Hoguin
We now allow spaces in cookie names.
2020-03-29Increase the default max_received_frame_rateLoïc Hoguin
Allow 10000 frames every 10 seconds instead of just 1000, as the limit was too quickly reached in some deployments.
2020-02-07Fix HTTP/1.1 bug when a flow command is returned after finLoïc Hoguin
This resulted in a badarith error due to the current flow being set to infinity when the body has been fully read. A test case has been added reproducing the issue.
2020-02-05Add a test confirming push requests have no bodyLoïc Hoguin
2020-01-17Fix bugs related to HTTP/1.1 pipeliningLoïc Hoguin
The flow control is now only set to infinity when we are skipping the request body of the stream that is being terminated. This fixes a bug where it was set to infinity while reading a subsequent request's body, leading to a crash. The timeout is no longer reset on stream termination. Timeout handling is already done when receiving data from the socket and doing a reset on stream termination was leading to the wrong timeout being set or the right timeout being reset needlessly.
2019-12-31Ignore malformed accept-encoding headers in cowboy_compress_hMarcos Ferreira
2019-12-31Test trailers bug when there are data frames in queueTony Han
2019-10-10Use /long_polling for rfc7540 tests that reset the stream2.7.0Loïc Hoguin
2019-10-10Add shutdown_reason Websocket commandLoïc Hoguin
This allows changing the normal exit reason of Websocket processes, providing a way to signal other processes of why the exit occurred.
2019-10-07Add cowboy_req:cast/2Loïc Hoguin
Better than sending messages manually.
2019-10-07Fix an intermittent test issueLoïc Hoguin
2019-10-06Document the commands based Websocket interfaceLoïc Hoguin
The old interface with ok|reply|stop tuples is deprecated.
2019-10-05Add Websocket option validate_utf8Loïc Hoguin
This allows disabling the UTF-8 validation check for text and close frames.
2019-10-05Don't discard data following a Websocket upgrade requestLoïc Hoguin
While the protocol does not allow sending data before receiving a successful Websocket upgrade response, we do not want to discard that data if it does come in.
2019-10-05Add cowboy_req:filter_cookies/2Loïc Hoguin
2019-10-04Make cowboy_compress_h add vary: accept-encodingLoïc Hoguin
2019-10-04Improve some early_error testsLoïc Hoguin
2019-10-03Document media type wildcard in content_types_acceptedLoïc Hoguin
2019-10-03Make stream_error early_error reasons consistentLoïc Hoguin
Now both HTTP/1.1 and HTTP/2 follow the documented format. HTTP/1.1 was including an extra element containing the StreamID before, which was unnecessary because it is also given as argument to the callback. HTTP/2 early_error will now include headers in its PartialReq.
2019-10-03Add HTTP/2 tests with responses with HTTP/1.1 specific headersLoïc Hoguin
2019-10-02Ensure we can stream the response body from any processLoïc Hoguin
2019-10-02Ensure we can read the request body from any processLoïc Hoguin
2019-10-02Add {set_options, #{metrics_user_data := Map}}Loïc Hoguin
This allows giving custom metadata to the metrics stream handler. This can be useful to for example provide the name of the module handling the request which is only known after routing. But any user data is allowed. When called multiple times the user data maps are merged.
2019-10-02Add more HTTP/1.1 header parsing testsLoïc Hoguin
Fix a case where Cowboy was waiting for more data that simply did not come. Now Cowboy will generate an error immediately when a header line has no colon separator. These test cases come from known request smuggling attack vectors. Cowboy was not vulnerable to any of them.
2019-10-02Fix HTTP/2 CVEsLoïc Hoguin
A number of HTTP/2 CVEs were documented recently: https://www.kb.cert.org/vuls/id/605641/ This commit, along with a few changes and additions in Cowlib, fix or improve protection against all of them. For CVE-2019-9511, also known as Data Dribble, the new option stream_window_data_threshold can be used to control how little the DATA frames that Cowboy sends can get. For CVE-2019-9516, also known as 0-Length Headers Leak, Cowboy will now simply reject streams containing 0-length header names. For CVE-2019-9517, also known as Internal Data Buffering, the backpressure changes were already pretty good at preventing this issue, but a new option max_connection_buffer_size was added for even better control over how much memory we are willing to allocate. For CVE-2019-9512, also known as Ping Flood; CVE-2019-9515, also known as Settings Flood; CVE-2019-9518, also known as Empty Frame Flooding; and similar undocumented scenarios, a frame rate limiting mechanism was added. By default Cowboy will now allow 1000 frames every 10 seconds. This can be configured via max_received_frame_rate. For CVE-2019-9514, also known as Reset Flood, another rate limiting mechanism was added and can be configured via max_reset_stream_rate. By default Cowboy will do up to 10 stream resets every 10 seconds. Finally, nothing was done for CVE-2019-9513, also known as Resource Loop, because Cowboy does not currently implement the HTTP/2 priority mechanism (in parts because these issues were well known from the start). Tests were added for all cases except Internal Data Buffering, which I'm not sure how to test, and Resource Loop, which is not currently relevant.
2019-10-02Update gun_down messages in test suitesLoïc Hoguin
2019-09-28Add persistent_term support to the routerLoïc Hoguin
2019-09-16Fix closing of connection on response_body_too_smallLoïc Hoguin
2019-09-15Split up urlencoded tests to speed up req_SUITELoïc Hoguin
2019-09-15Skip req_SUITE:read_body_mtu on WindowsLoïc Hoguin
On Windows the loopback MTU seems to be set to 0xFFFFFFFF (basically no limit) which makes the test irrelevant.
2019-09-15Increase the period for req_SUITE:read_body_periodLoïc Hoguin
This should increase the likelihood of the test succeeding on slower systems when run over TLS.
2019-09-15Fix h2spec_SUITE init_per_suite return valuesLoïc Hoguin
2019-09-15Fix intermittent failures in sys_SUITELoïc Hoguin