Fix case problem for websocket upgrade

2024-11-06 09:56:04 +01:00 · 2024-11-06 09:56:04 +01:00 · f70949e3fa
commit f70949e3fa
parent 7f4ff359a2
3 changed files with 40 additions and 3 deletions
--- a/pkg/proxy/fast/proxy_websocket_test.go
+++ b/pkg/proxy/fast/proxy_websocket_test.go
@ -2,7 +2,9 @@ package fast

 import (
 	"bufio"
+	"crypto/sha1"
 	"crypto/tls"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"net"
@ -19,6 +21,34 @@ import (
 	"golang.org/x/net/websocket"
 )

+func TestWebSocketUpgradeCase(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		challengeKey := r.Header.Get("Sec-Websocket-Key")
+
+		hijacker, ok := w.(http.Hijacker)
+		require.True(t, ok)
+
+		c, _, err := hijacker.Hijack()
+		require.NoError(t, err)
+
+		// Force answer with "Connection: upgrade" in lowercase.
+		_, err = c.Write([]byte("HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: upgrade\r\nSec-WebSocket-Accept: " + computeAcceptKey(challengeKey) + "\r\n\n"))
+		require.NoError(t, err)
+	}))
+	defer srv.Close()
+
+	proxy := createProxyWithForwarder(t, srv.URL, createConnectionPool(srv.URL, nil))
+
+	proxyAddr := proxy.Listener.Addr().String()
+	_, conn, err := newWebsocketRequest(
+		withServer(proxyAddr),
+		withPath("/ws"),
+	).open()
+	require.NoError(t, err)
+
+	conn.Close()
+}
+
 func TestWebSocketTCPClose(t *testing.T) {
 	errChan := make(chan error, 1)
 	upgrader := gorillawebsocket.Upgrader{}
@ -691,3 +721,10 @@ func createProxyWithForwarder(t *testing.T, uri string, pool *connPool) *httptes

 	return srv
 }
+
+func computeAcceptKey(challengeKey string) string {
+	h := sha1.New() // #nosec G401 -- (CWE-326) https://datatracker.ietf.org/doc/html/rfc6455#page-54
+	h.Write([]byte(challengeKey))
+	h.Write([]byte("258EAFA5-E914-47DA-95CA-C5AB0DC85B11"))
+	return base64.StdEncoding.EncodeToString(h.Sum(nil))
+}