aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-06-15 23:47:02 +0200
committerDaniel Stenberg <daniel@haxx.se>2013-06-22 14:15:07 +0200
commit7877619f856a04af0519e92780b1d6674a8ff3f7 (patch)
tree6b1c1f0c5ef5761494be6d5d2851a6c196917898 /tests
parentec248b590df3ac2e6873ea9c7507eff8e5044825 (diff)
dotdot: introducing dot file path cleanup
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik
Diffstat (limited to 'tests')
-rw-r--r--tests/data/Makefile.am2
-rw-r--r--tests/data/test123161
-rw-r--r--tests/data/test139526
-rw-r--r--tests/unit/Makefile.inc5
-rw-r--r--tests/unit/unit1395.c87
5 files changed, 179 insertions, 2 deletions
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index e96bc9ba1..ecfee4850 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -93,7 +93,7 @@ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
test1216 test1217 test1218 test1219 \
test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 \
-test1228 test1229 test1230 \
+test1228 test1229 test1230 test1231 \
\
test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
diff --git a/tests/data/test1231 b/tests/data/test1231
new file mode 100644
index 000000000..16533a851
--- /dev/null
+++ b/tests/data/test1231
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+dotdot removal
+</keywords>
+</info>
+
+#
+# Server-side
+<reply name="1">
+<data>
+HTTP/1.1 200 OK
+Content-Length: 6
+Connection: close
+
+-foo-
+</data>
+
+<data1>
+HTTP/1.1 200 OK
+Content-Length: 7
+Connection: close
+
+-cool-
+</data1>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP URL with dotdot removal from path
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/../../hej/but/who/../1231?stupid=me/../1231#soo/../1231 http://%HOSTIP:%HTTPPORT/../../hej/but/who/../12310001#/../12310001
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /hej/but/1231?stupid=me/../1231 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /hej/but/12310001 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1395 b/tests/data/test1395
new file mode 100644
index 000000000..967c8d492
--- /dev/null
+++ b/tests/data/test1395
@@ -0,0 +1,26 @@
+<testcase>
+<info>
+<keywords>
+unittest
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unittest
+</features>
+ <name>
+Curl_dedotdotify
+ </name>
+<tool>
+unit1395
+</tool>
+
+</client>
+
+</testcase>
diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
index 4b3f903e3..4c06fcf86 100644
--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
@@ -6,7 +6,7 @@ UNITFILES = curlcheck.h \
# These are all unit test programs
UNITPROGS = unit1300 unit1301 unit1302 unit1303 unit1304 unit1305 unit1307 \
- unit1308 unit1309 unit1330 unit1394 unit1396
+ unit1308 unit1309 unit1330 unit1394 unit1395 unit1396
unit1300_SOURCES = unit1300.c $(UNITFILES)
unit1300_CPPFLAGS = $(AM_CPPFLAGS)
@@ -44,5 +44,8 @@ unit1394_LDADD = @LIBMETALINK_LIBS@ $(top_builddir)/lib/libcurl.la @LIBCURL_LIBS
unit1394_LDFLAGS = @LIBMETALINK_LDFLAGS@ $(top_builddir)/src/libcurltool.la
unit1394_LIBS =
+unit1395_SOURCES = unit1395.c $(UNITFILES)
+unit1395_CPPFLAGS = $(AM_CPPFLAGS)
+
unit1396_SOURCES = unit1396.c $(UNITFILES)
unit1396_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/tests/unit/unit1395.c b/tests/unit/unit1395.c
new file mode 100644
index 000000000..8b0b0a08a
--- /dev/null
+++ b/tests/unit/unit1395.c
@@ -0,0 +1,87 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curlcheck.h"
+
+#include "dotdot.h"
+
+#include "memdebug.h"
+
+static CURLcode unit_setup(void)
+{
+ return CURLE_OK;
+}
+
+static void unit_stop(void)
+{
+
+}
+
+struct dotdot {
+ const char *input;
+ const char *output;
+};
+
+UNITTEST_START
+
+ unsigned int i;
+ int fails=0;
+ struct dotdot pairs[] = {
+ { "/a/b/c/./../../g", "/a/g" },
+ { "mid/content=5/../6", "mid/6" },
+ { "/hello/../moo", "/moo" },
+ { "/1/../1", "/1" },
+ { "/1/./1", "/1/1" },
+ { "/1/..", "/" },
+ { "/1/.", "/1/" },
+ { "/1/./..", "/" },
+ { "/1/./../2", "/2" },
+ { "/hello/1/./../2", "/hello/2" },
+ { "test/this", "test/this" },
+ { "test/this/../now", "test/now" },
+ { "/1../moo../foo", "/1../moo../foo"},
+ { "/../../moo", "/moo"},
+ { "/../../moo?andnot/../yay", "/moo?andnot/../yay"},
+ { "/123?foo=/./&bar=/../", "/123?foo=/./&bar=/../"},
+ { "/../moo/..?what", "/?what" },
+ };
+
+ for(i=0; i < sizeof(pairs)/sizeof(pairs[0]); i++) {
+ char *out = Curl_dedotdotify((char *)pairs[i].input);
+
+ if(strcmp(out, pairs[i].output)) {
+ fprintf(stderr, "Test %d: '%s' gave '%s' instead of '%s'\n",
+ i, pairs[i].input, out, pairs[i].output);
+ fail("Test case output mismatched");
+ fails++;
+ }
+ else
+ fprintf(stderr, "Test %d: OK\n", i);
+ free(out);
+ }
+
+ return fails;
+
+UNITTEST_STOP
+
+
+
+