Regression test for http.cookiejar REDoS

bcaller · bcaller · commit 04a3c611563a · 2019-11-15T19:27:17.000Z
If we regress, this test will take a very long time.
diff --git a/Lib/test/test_http_cookiejar.py b/Lib/test/test_http_cookiejar.py
@@ -123,6 +123,13 @@ def test_http2time_garbage(self):
                               "http2time(%s) is not None\n"
                               "http2time(test) %s" % (test, http2time(test)))
 
+    def test_http2time_redos_regression_actually_completes(self):
+        # LOOSE_HTTP_DATE_RE was vulnerable to malicious input which caused catastrophic backtracking (REDoS).
+        # If we regress to cubic complexity, this test will take a very long time to succeed.
+        # If fixed, it should complete within a fraction of a second.
+        http2time("01 Jan 1970{}00:00:00 GMT!".format(" " * 10 ** 5))
+        http2time("01 Jan 1970 00:00:00{}GMT!".format(" " * 10 ** 5))
+
     def test_iso2time(self):
         def parse_date(text):
             return time.gmtime(iso2time(text))[:6]
