Merge pull request from GHSA-gv9r-qcjc-5hj7

* Filter JSONP callback function name. v5.0.210,v6.0.121 * Add utest. * Refine utest
2025-03-09 15:49:59 +00:00 · 2024-03-26 19:30:52 +08:00 · 2024-03-26 19:30:52 +08:00 · 244ce7bc01
commit 244ce7bc01
parent 08971e5905
8 changed files with 83 additions and 7 deletions
--- a/trunk/src/utest/srs_utest_protocol3.cpp
+++ b/trunk/src/utest/srs_utest_protocol3.cpp
@ -0,0 +1,39 @@
+//
+// Copyright (c) 2013-2024 The SRS Authors
+//
+// SPDX-License-Identifier: MIT
+//
+#include <srs_utest_protocol3.hpp>
+
+using namespace std;
+
+#include <srs_kernel_error.hpp>
+#include <srs_core_autofree.hpp>
+#include <srs_protocol_utility.hpp>
+#include <srs_protocol_rtmp_msg_array.hpp>
+#include <srs_protocol_rtmp_stack.hpp>
+#include <srs_kernel_utility.hpp>
+#include <srs_app_st.hpp>
+#include <srs_protocol_amf0.hpp>
+#include <srs_protocol_rtmp_stack.hpp>
+#include <srs_protocol_http_conn.hpp>
+#include <srs_protocol_protobuf.hpp>
+#include <srs_kernel_buffer.hpp>
+
+extern bool srs_is_valid_jsonp_callback(std::string callback);
+
+VOID TEST(ProtocolHttpTest, JsonpCallbackName)
+{
+    EXPECT_TRUE(srs_is_valid_jsonp_callback(""));
+    EXPECT_TRUE(srs_is_valid_jsonp_callback("callback"));
+    EXPECT_TRUE(srs_is_valid_jsonp_callback("Callback"));
+    EXPECT_TRUE(srs_is_valid_jsonp_callback("Callback1234567890"));
+    EXPECT_TRUE(srs_is_valid_jsonp_callback("Callback-1234567890"));
+    EXPECT_TRUE(srs_is_valid_jsonp_callback("Callback_1234567890"));
+    EXPECT_TRUE(srs_is_valid_jsonp_callback("Callback.1234567890"));
+    EXPECT_TRUE(srs_is_valid_jsonp_callback("Callback1234567890-_."));
+    EXPECT_FALSE(srs_is_valid_jsonp_callback("callback()//"));
+    EXPECT_FALSE(srs_is_valid_jsonp_callback("callback!"));
+    EXPECT_FALSE(srs_is_valid_jsonp_callback("callback;"));
+}
+