I have some parser for HTTP request headers which claims to adhere to RFC 2616/723[0-1]. This parser is used to parse application-visible headers appearing in the HTTP request, such as Accept.
I'd like to test the quality of this parser by running it against a corpus of known-good and known-bad sample input. It would be good if the corpus included edge-cases and any known attacks on parsers of those headers.
eg:
Accept: , text/html;q=0.5 // pass
Accept: "qdfa=;0.5 // fail
Accept: aaaaaaaaaaaaaaaaaaaaaaa // attempted ReDoS on O(n^2) regex?
Does a recognized test corpus exist for this purpose?
Aucun commentaire:
Enregistrer un commentaire