RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k
stars
283
forks
source link
Wrong Content-Length if request contains a body #846
Restler gives a wrong Content-Length if the request contains a body.
Related codes can be seen: https://github.com/microsoft/restler-fuzzer/blob/main/restler/engine/transport_layer/messaging.py, line 192.
if "Content-Length: " not in message:
try:
contentlen = len(message[_get_start_of_body(message):])
message = _append_to_header(message, f"Content-Length: {contentlen}")
Description
Restler gives a wrong
Content-Length
if the request contains a body.Related codes can be seen:
https://github.com/microsoft/restler-fuzzer/blob/main/restler/engine/transport_layer/messaging.py
, line 192.For example, a request message with payload would be:
<...>\r\n\r\n<payload>\r\n
Last 2 chars in message is "\r\n", which should not be counted into
Content-Length
.Something like this would sovle the problem..?
Steps to reproduce
Just demo_server can reproduce the problem.
PUT "/api/blog/posts/{postId}" has a requestBody. By compiling and testing, and checking network.testing.xxx, you could reproduce the problem.
Expected results
No response
Actual results
No response
Environment details
No response