intercept: skip requests with zero length #21

ifad · May 23, 2021 · 2c73813 · 2c73813
1 parent 2031d7c
commit 2c73813
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/scan_interceptor.go b/scan_interceptor.go
@@ -32,16 +32,17 @@ type ScanInterceptor struct {
  */
 func (c *ScanInterceptor) Handle(w http.ResponseWriter, req *http.Request, body io.Reader) bool {
 	//
-	// Don't care unless it's a post
+	// Don't care unless we have some content. When the length is unknown, the length will be -1,
+	// but we attempt anyway to read the body.
 	//
-	if req.Method != "POST" && req.Method != "PUT" && req.Method != "PATCH" {
+	if req.ContentLength == 0 {
 		if ctx.Config.App.Debug {
-			ctx.Logger.Println("No need to handle method", req.Method)
+			ctx.Logger.Println("Not handling request with zero length")
 		}
 		return false
 	}
 
-	ctx.Logger.Printf("New request %s %s from %s (%s)\n", req.Method, req.URL.Path, req.RemoteAddr, req.Header.Get("X-Forwarded-For"))
+	ctx.Logger.Printf("New request %s %s len %d from %s (%s)\n", req.Method, req.URL.Path, req.ContentLength, req.RemoteAddr, req.Header.Get("X-Forwarded-For"))
 
 	//
 	// Find any attachments

diff --git a/scan_interceptor_test.go b/scan_interceptor_test.go
@@ -31,6 +31,18 @@ var scanInterceptor = ScanInterceptor{
 
 var handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { scanInterceptor.Handle(w, req, req.Body) })
 
+func TestNonMultipartRequest_EmptyBody(t *testing.T) {
+	setup()
+	req := newHTTPRequest("GET", "", nil)
+	rr := httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+
+	if status := rr.Code; status != 200 {
+		t.Errorf("handler returned wrong status code: got %v want %v",
+			status, 200)
+	}
+}
+
 func TestNonMultipartRequest_VirusFound_Without_ContentDisposition(t *testing.T) {
 	setup()
 	mockVirusFound = true
@@ -153,13 +165,16 @@ func setup() {
 		ShuttingDown: false,
 	}
 	ctx.Logger = log.New(os.Stdout, "", log.LstdFlags)
+	ctx.Config.App.Debug = true
 }
 
 func newHTTPRequest(method string, contentType string, body io.Reader) *http.Request {
 	req, _ := http.NewRequest(method, "http://clammit/scan", body)
 	req.Header = map[string][]string{
-		"Content-Type":    []string{contentType},
 		"X-Forwarded-For": []string{"kermit"},
 	}
+	if contentType != "" {
+		req.Header["Content-Type"] = []string{contentType}
+	}
 	return req
 }