summaryrefslogtreecommitdiffstats
path: root/src/http.rs
diff options
context:
space:
mode:
authorJesse Luehrs <doy@tozt.net>2015-03-19 23:30:00 -0400
committerJesse Luehrs <doy@tozt.net>2015-03-19 23:30:59 -0400
commit1d465be4f8f3998c0ae315177456e5b4b86e13b8 (patch)
treed815f29fa4cf540e02cf1414f5314a422d26c445 /src/http.rs
parent425bfded4175663c632d27db1496e3e0b5b158e6 (diff)
downloadmatasano-1d465be4f8f3998c0ae315177456e5b4b86e13b8.tar.gz
matasano-1d465be4f8f3998c0ae315177456e5b4b86e13b8.zip
and also implement the inverse
Diffstat (limited to 'src/http.rs')
-rw-r--r--src/http.rs48
1 files changed, 48 insertions, 0 deletions
diff --git a/src/http.rs b/src/http.rs
index bfc65ed..2763636 100644
--- a/src/http.rs
+++ b/src/http.rs
@@ -24,6 +24,21 @@ pub fn parse_query_string (string: &str) -> HashMap<&str, &str> {
return map;
}
+pub fn create_query_string (params: HashMap<&str, &str>) -> String {
+ fn escape (s: &str) -> String {
+ s.replace("%", "%25").replace("&", "%26").replace("=", "%3D")
+ }
+
+ let mut parts = vec![];
+ for (k, v) in params {
+ let mut part = escape(k);
+ part.push_str("=");
+ part.push_str(&escape(v)[..]);
+ parts.push(part);
+ }
+ return parts.connect("&");
+}
+
#[test]
fn test_parse_query_string () {
let got = parse_query_string("foo=bar&baz=qux&zap=zazzle");
@@ -33,3 +48,36 @@ fn test_parse_query_string () {
expected.insert("zap", "zazzle");
assert_eq!(got, expected);
}
+
+#[test]
+fn test_create_query_string () {
+ let mut params = HashMap::new();
+ params.insert("foo", "bar");
+ params.insert("baz", "qux");
+ params.insert("zap", "zazzle");
+ let got = create_query_string(params);
+ let expected1 = "foo=bar&baz=qux&zap=zazzle";
+ let expected2 = "foo=bar&zap=zazzle&baz=qux";
+ let expected3 = "baz=qux&foo=bar&zap=zazzle";
+ let expected4 = "baz=qux&zap=zazzle&foo=bar";
+ let expected5 = "zap=zazzle&foo=bar&baz=qux";
+ let expected6 = "zap=zazzle&baz=qux&foo=bar";
+ assert!(
+ got == expected1 ||
+ got == expected2 ||
+ got == expected3 ||
+ got == expected4 ||
+ got == expected5 ||
+ got == expected6,
+ "didn't parse query string correctly: {}", got
+ );
+}
+
+#[test]
+fn test_create_query_string_malicious () {
+ let mut params = HashMap::new();
+ params.insert("email", "foo@bar.com&role=admin");
+ let got = create_query_string(params);
+ let expected = "email=foo@bar.com%26role%3Dadmin";
+ assert_eq!(got, expected);
+}