mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-23 16:12:01 +00:00
Add a test for #2719
This commit is contained in:
parent
ff0d3860d4
commit
61816ad076
18
tests/queries/0_stateless/01812_basic_auth_http_server.sh
Executable file
18
tests/queries/0_stateless/01812_basic_auth_http_server.sh
Executable file
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# In very old (e.g. 1.1.54385) versions of ClickHouse there was a bug in Poco HTTP library:
|
||||
# Basic HTTP authentication headers was not parsed if the size of URL is exactly 4077 + something bytes.
|
||||
# So, the user may get authentication error if valid credentials are passed.
|
||||
# This is a minor issue because it does not have security implications (at worse the user will be not allowed to access).
|
||||
|
||||
CUR_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
||||
# shellcheck source=../shell_config.sh
|
||||
. "$CUR_DIR"/../shell_config.sh
|
||||
|
||||
# In this test we do the opposite: passing the invalid credentials while server is accepting default user without a password.
|
||||
# And if the bug exists, they will be ignored (treat as empty credentials) and query succeed.
|
||||
|
||||
for i in {3950..4100}; do ${CLICKHOUSE_CURL} --user default:12345 "${CLICKHOUSE_URL}&query=SELECT+1"$(perl -e "print '+'x$i") | grep -v -F 'password' && echo 'Fail'; done
|
||||
|
||||
# You can check that the bug exists in old version by running the old server in Docker:
|
||||
# docker run --network host -it --rm yandex/clickhouse-server:1.1.54385
|
Loading…
Reference in New Issue
Block a user