http2: simplify mapToHeaders, stricter validation

No longer check whether key is a symbol as Object.keys does not
return symbols. No longer convert key to string as it is always
a string. Validate that only one value is passed for each
pseudo-header.

Extend illegal connection header message to include the name of
the problematic header.

Extend tests to cover this behaviour.

PR-URL: #16575
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

Author: apapirovski

lib/internal/errors.js

@@ -184,7 +184,7 @@ E('ERR_HTTP2_INFO_HEADERS_AFTER_RESPOND',
 E('ERR_HTTP2_INFO_STATUS_NOT_ALLOWED',
   'Informational status codes cannot be used');
 E('ERR_HTTP2_INVALID_CONNECTION_HEADERS',
-  'HTTP/1 Connection specific headers are forbidden');
+  'HTTP/1 Connection specific headers are forbidden: "%s"');
 E('ERR_HTTP2_INVALID_HEADER_VALUE', 'Value must not be undefined or null');
 E('ERR_HTTP2_INVALID_INFO_STATUS',
   (code) => `Invalid informational status code: ${code}`);

lib/internal/http2/util.js

@@ -399,10 +399,10 @@ function mapToHeaders(map,
   for (var i = 0; i < keys.length; i++) {
     let key = keys[i];
     let value = map[key];
-    let val;
-    if (typeof key === 'symbol' || value === undefined || !key)
+    if (value === undefined || key === '')
       continue;
-    key = String(key).toLowerCase();
+    key = key.toLowerCase();
+    const isSingleValueHeader = kSingleValueHeaders.has(key);
     let isArray = Array.isArray(value);
     if (isArray) {
       switch (value.length) {
@@ -413,34 +413,35 @@ function mapToHeaders(map,
           isArray = false;
           break;
         default:
-          if (kSingleValueHeaders.has(key))
+          if (isSingleValueHeader)
             return new errors.Error('ERR_HTTP2_HEADER_SINGLE_VALUE', key);
       }
+    } else {
+      value = String(value);
+    }
+    if (isSingleValueHeader) {
+      if (singles.has(key))
+        return new errors.Error('ERR_HTTP2_HEADER_SINGLE_VALUE', key);
+      singles.add(key);
     }
     if (key[0] === ':') {
       const err = assertValuePseudoHeader(key);
       if (err !== undefined)
         return err;
-      ret = `${key}\0${String(value)}\0${ret}`;
+      ret = `${key}\0${value}\0${ret}`;
       count++;
     } else {
-      if (kSingleValueHeaders.has(key)) {
-        if (singles.has(key))
-          return new errors.Error('ERR_HTTP2_HEADER_SINGLE_VALUE', key);
-        singles.add(key);
-      }
       if (isIllegalConnectionSpecificHeader(key, value)) {
-        return new errors.Error('ERR_HTTP2_INVALID_CONNECTION_HEADERS');
+        return new errors.Error('ERR_HTTP2_INVALID_CONNECTION_HEADERS', key);
       }
       if (isArray) {
         for (var k = 0; k < value.length; k++) {
-          val = String(value[k]);
+          const val = String(value[k]);
           ret += `${key}\0${val}\0`;
         }
         count += value.length;
       } else {
-        val = String(value);
-        ret += `${key}\0${val}\0`;
+        ret += `${key}\0${value}\0`;
         count++;
       }
     }

test/parallel/test-http2-server-push-stream-errors-args.js

@@ -32,7 +32,7 @@ server.on('stream', common.mustCall((stream, headers) => {
     () => stream.pushStream({ 'connection': 'test' }, {}, () => {}),
     {
       code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
-      message: 'HTTP/1 Connection specific headers are forbidden'
+      message: 'HTTP/1 Connection specific headers are forbidden: "connection"'
     }
   );
 

test/parallel/test-http2-util-headers-list.js

@@ -158,14 +158,28 @@ const {
   // Arrays containing a single set-cookie value are handled correctly
   // (https://github.com/nodejs/node/issues/16452)
   const headers = {
-    'set-cookie': 'foo=bar'
+    'set-cookie': ['foo=bar']
   };
   assert.deepStrictEqual(
     mapToHeaders(headers),
     [ [ 'set-cookie', 'foo=bar', '' ].join('\0'), 1 ]
   );
 }
 
+{
+  // pseudo-headers are only allowed a single value
+  const headers = {
+    ':status': 200,
+    ':statuS': 204,
+  };
+
+  common.expectsError({
+    code: 'ERR_HTTP2_HEADER_SINGLE_VALUE',
+    type: Error,
+    message: 'Header field ":status" must have only a single value'
+  })(mapToHeaders(headers));
+}
+
 // The following are not allowed to have multiple values
 [
   HTTP2_HEADER_STATUS,
@@ -248,8 +262,6 @@ const {
   assert(!(mapToHeaders({ [name]: [1, 2, 3] }) instanceof Error), name);
 });
 
-const regex =
-  /^HTTP\/1 Connection specific headers are forbidden$/;
 [
   HTTP2_HEADER_CONNECTION,
   HTTP2_HEADER_UPGRADE,
@@ -269,18 +281,21 @@ const regex =
 ].forEach((name) => {
   common.expectsError({
     code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
-    message: regex
+    message: 'HTTP/1 Connection specific headers are forbidden: ' +
+             `"${name.toLowerCase()}"`
   })(mapToHeaders({ [name]: 'abc' }));
 });
 
 common.expectsError({
   code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
-  message: regex
+  message: 'HTTP/1 Connection specific headers are forbidden: ' +
+           `"${HTTP2_HEADER_TE}"`
 })(mapToHeaders({ [HTTP2_HEADER_TE]: ['abc'] }));
 
 common.expectsError({
   code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
-  message: regex
+  message: 'HTTP/1 Connection specific headers are forbidden: ' +
+           `"${HTTP2_HEADER_TE}"`
 })(mapToHeaders({ [HTTP2_HEADER_TE]: ['abc', 'trailers'] }));
 
 assert(!(mapToHeaders({ te: 'trailers' }) instanceof Error));