forbid GET requests with body content

Signed-off-by: Luminita Voicu <[email protected]>

Author: luminitavoicu

src/request.rs

@@ -236,6 +236,9 @@ impl Request {
                         None
                     }
                     content_length => {
+                        if request_line.method == Method::Get {
+                            return Err(RequestError::InvalidRequest);
+                        }
                         // Multiplication is safe because `CRLF_LEN` is a small constant.
                         // Addition is also safe because `headers_end` started out as the result
                         // of `find(<something>, CRLFCRLF)`, then `CRLF_LEN` was subtracted from it.
@@ -456,6 +459,15 @@ mod tests {
             RequestError::InvalidRequest
         );
 
+        // Test for invalid Request (`GET` requests should have no body).
+        let request_bytes = b"GET /machine-config HTTP/1.1\r\n\
+                                        Content-Length: 13\r\n\
+                                        Content-Type: application/json\r\n\r\nwhatever body";
+        assert_eq!(
+            Request::try_from(request_bytes).unwrap_err(),
+            RequestError::InvalidRequest
+        );
+
         // Test for a request with the headers we are looking for.
         let request = Request::try_from(
             b"PATCH http://localhost/home HTTP/1.1\r\n\

src/server.rs

@@ -754,8 +754,7 @@ mod tests {
         second_socket
             .write_all(
                 b"GET /machine-config HTTP/1.1\r\n\
-                                Content-Length: 20\r\n\
-                                Content-Type: application/json\r\n\r\nwhatever second body",
+                                Content-Type: application/json\r\n\r\n",
             )
             .unwrap();
 
@@ -766,8 +765,7 @@ mod tests {
             second_server_request.request,
             Request::try_from(
                 b"GET /machine-config HTTP/1.1\r\n\
-            Content-Length: 20\r\n\
-            Content-Type: application/json\r\n\r\nwhatever second body"
+            Content-Type: application/json\r\n\r\n"
             )
             .unwrap()
         );
@@ -980,8 +978,7 @@ mod tests {
         second_socket
             .write_all(
                 b"GET /machine-config HTTP/1.1\r\n\
-                                Content-Length: 20\r\n\
-                                Content-Type: application/json\r\n\r\nwhatever second body",
+                                Content-Type: application/json\r\n\r\n",
             )
             .unwrap();
 
@@ -992,8 +989,7 @@ mod tests {
             second_server_request.request,
             Request::try_from(
                 b"GET /machine-config HTTP/1.1\r\n\
-            Content-Length: 20\r\n\
-            Content-Type: application/json\r\n\r\nwhatever second body"
+            Content-Type: application/json\r\n\r\n"
             )
             .unwrap()
         );