<testcase> <info> <keywords> Metalink HTTP HTTP GET </keywords> </info> # # Server-side <reply> <data nocheck="yes"> HTTP/1.1 200 OK Date: Wed, 20 Jun 2012 14:49:00 GMT Server: test-server/fake Content-Length: 56 Connection: close Content-Type: text/html Content-Disposition: filename=name2016; charset=funny; option=strange Funny-head: yesyes Data that should not be delivered from an HTTP resource </data> </reply> # # Client-side <client> <server> http </server> <features> file Metalink </features> <name> Metalink local XML file, attempt UNIX path traversal </name> <command option="no-output,no-include"> --metalink file://%PWD/log/test2016.metalink </command> # local metalink file written before test command runs <file name="log/test2016.metalink"> <?xml version="1.0" encoding="utf-8"?> <metalink version="3.0" xmlns="http://www.metalinker.org/"> <files> <file name="log/../log/download2016"> <verification> <hash type="sha256">c7d03debe90ca29492203ea921d76941fa98640cf3b744f2a16c9b58465eab82</hash> </verification> <resources maxconnections="1"> <url type="http" preference="90">http://%HOSTIP:%HTTPPORT/2016</url> </resources> </file> </files> </metalink> </file> <postcheck> perl %SRCDIR/libtest/notexists.pl log/2016 log/name2016 log/download2016 </postcheck> </client> # # Verify data after the test has been "shot" <verify> <file1 name="log/stdout2016"> </file1> <file2 name="log/stderr2016"> Metalink: parsing (file://%PWD/log/test2016.metalink) metalink/XML... Metalink: parsing (file://%PWD/log/test2016.metalink) WARNING (missing or invalid file name) Metalink: parsing (file://%PWD/log/test2016.metalink) FAILED </file2> <stripfile2> $_ = '' if (($_ !~ /^Metalink: /) && ($_ !~ /error/i) && ($_ !~ /warn/i)) </stripfile2> </verify> </testcase>