summaryrefslogtreecommitdiff
path: root/tests/server-test.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/server-test.c')
-rw-r--r--tests/server-test.c66
1 files changed, 66 insertions, 0 deletions
diff --git a/tests/server-test.c b/tests/server-test.c
index cf132b33..8976103e 100644
--- a/tests/server-test.c
+++ b/tests/server-test.c
@@ -275,6 +275,72 @@ do_dot_dot_test (ServerData *sd, gconstpointer test_data)
soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
g_object_unref (msg);
+ uri = soup_uri_new_with_base (sd->base_uri, "/%2e%2e%2ftest");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+
+#ifdef G_OS_WIN32
+ uri = soup_uri_new_with_base (sd->base_uri, "\\..%5Ctest");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+
+ uri = soup_uri_new_with_base (sd->base_uri, "\\../test");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+
+ uri = soup_uri_new_with_base (sd->base_uri, "%5C..%2ftest");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+
+ uri = soup_uri_new_with_base (sd->base_uri, "/..\\test");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+
+ uri = soup_uri_new_with_base (sd->base_uri, "%2f..%5Ctest");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+
+ uri = soup_uri_new_with_base (sd->base_uri, "\\%2e%2e%5ctest");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+
+ uri = soup_uri_new_with_base (sd->base_uri, "\\..%%35%63..%%35%63test");
+ msg = soup_message_new_from_uri ("GET", uri);
+ soup_uri_free (uri);
+
+ soup_session_send_message (session, msg);
+ soup_test_assert_message_status (msg, SOUP_STATUS_BAD_REQUEST);
+ g_object_unref (msg);
+#endif
+
soup_test_session_abort_unref (session);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 08:04:59 +0000