mirror of
https://github.com/tenrok/axios.git
synced 2026-06-02 16:04:10 +03:00
Dmitriy Mozgovoy
bdf493cf8b
* Added AxiosHeaders class; * Fixed README.md href; * Fixed a potential bug with headers normalization; * Fixed a potential bug with headers normalization; Refactored accessor building routine; Refactored default transforms; Removed `normalizeHeaderName` helper; * Added `Content-Length` accessor; Added missed `has` accessor to TS types; * Added `AxiosTransformStream` class; Added progress capturing ability for node.js environment; Added `maxRate` option to limit the data rate in node.js environment; Refactored event handled by `onUploadProgress` && `onDownloadProgress` listeners in browser environment; Added progress & data rate tests for the http adapter; Added response stream aborting test; Added a manual progress capture test for the browser; Updated TS types; Added TS tests; Refactored request abort logic for the http adapter; Added ability to abort the response stream; * Remove `stream/promises` & `timers/promises` modules usage in tests; * Use `abortcontroller-polyfill`; * Fixed AxiosTransformStream dead-lock in legacy node versions; Fixed CancelError emitting in streams; * Reworked AxiosTransformStream internal logic to optimize memory consumption; Added throwing an error if the request stream was silently destroying (without error) Refers to #3966; * Treat the destruction of the request stream as a cancellation of the request; Fixed tests; * Emit `progress` event in the next tick; * Initial refactoring; * Refactored Mocha tests to use ESM; * Refactored Karma tests to use rollup preprocessor & ESM; Replaced grunt with gulp; Improved dev scripts; Added Babel for rollup build; * Added default commonjs package export for Node build; Added automatic contributors list generator for package.json; Co-authored-by: Jay <jasonsaayman@gmail.com>
62 lines
1.6 KiB
JavaScript
62 lines
1.6 KiB
JavaScript
// https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
|
|
// https://github.com/axios/axios/issues/3407
|
|
// https://github.com/axios/axios/issues/3369
|
|
|
|
import axios from '../../../index.js';
|
|
import http from 'http';
|
|
import assert from 'assert';
|
|
|
|
const PROXY_PORT = 4777;
|
|
const EVIL_PORT = 4666;
|
|
|
|
|
|
describe('Server-Side Request Forgery (SSRF)', () => {
|
|
let fail = false;
|
|
let proxy;
|
|
let server;
|
|
let location;
|
|
beforeEach(() => {
|
|
server = http.createServer(function (req, res) {
|
|
fail = true;
|
|
res.end('rm -rf /');
|
|
}).listen(EVIL_PORT);
|
|
proxy = http.createServer(function (req, res) {
|
|
if (req.url === 'http://localhost:' + EVIL_PORT + '/') {
|
|
return res.end(JSON.stringify({
|
|
msg: 'Protected',
|
|
headers: req.headers,
|
|
}));
|
|
}
|
|
res.writeHead(302, { location })
|
|
res.end()
|
|
}).listen(PROXY_PORT);
|
|
});
|
|
afterEach(() => {
|
|
server.close();
|
|
proxy.close();
|
|
});
|
|
it('obeys proxy settings when following redirects', async () => {
|
|
location = 'http://localhost:' + EVIL_PORT;
|
|
let response = await axios({
|
|
method: "get",
|
|
url: "http://www.google.com/",
|
|
proxy: {
|
|
host: "localhost",
|
|
port: PROXY_PORT,
|
|
auth: {
|
|
username: 'sam',
|
|
password: 'password',
|
|
}
|
|
},
|
|
});
|
|
|
|
assert.strictEqual(fail, false);
|
|
assert.strictEqual(response.data.msg, 'Protected');
|
|
assert.strictEqual(response.data.headers.host, 'localhost:' + EVIL_PORT);
|
|
assert.strictEqual(response.data.headers['proxy-authorization'], 'Basic ' + Buffer.from('sam:password').toString('base64'));
|
|
|
|
return response;
|
|
|
|
});
|
|
});
|