search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k stars 283 forks source link

Wrong Content-Length if request contains a body #846

Open cyrusste opened 5 months ago

cyrusste commented 5 months ago

Description

Restler gives a wrong Content-Length if the request contains a body.

Related codes can be seen: https://github.com/microsoft/restler-fuzzer/blob/main/restler/engine/transport_layer/messaging.py, line 192.

        if "Content-Length: " not in message:
            try:
                contentlen = len(message[_get_start_of_body(message):])
                message = _append_to_header(message, f"Content-Length: {contentlen}")
        def _get_end_of_header(message):
            return message.index(DELIM)

        def _get_start_of_body(message):
            return _get_end_of_header(message) + len(DELIM)

For example, a request message with payload would be: <...>\r\n\r\n<payload>\r\n

Last 2 chars in message is "\r\n", which should not be counted into Content-Length.

Something like this would sovle the problem..?

start_of_body =_get_start_of_body(message)
if start_of_body == len(message):
  contentlen = 0
else:
  contentlen = len(message[start_of_body:-2])

Steps to reproduce

Just demo_server can reproduce the problem.

PUT "/api/blog/posts/{postId}" has a requestBody. By compiling and testing, and checking network.testing.xxx, you could reproduce the problem.

Expected results

No response

Actual results

No response

Environment details

No response