]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/tests/testRFC1738.cc
1 #define SQUID_UNIT_TEST 1
6 #include "testRFC1738.h"
8 /* Being a C library code it is best bodily included and tested with C++ type-safe techniques. */
9 #include "lib/rfc1738.c"
11 CPPUNIT_TEST_SUITE_REGISTRATION( testRFC1738
);
13 /* Regular Format de-coding tests */
14 void testRFC1738::testUrlDecode()
18 /* regular URL-path */
19 unescaped_str
= xstrdup("%2Fdata%2Fsource%2Fpath");
20 rfc1738_unescape(unescaped_str
);
21 CPPUNIT_ASSERT(memcmp(unescaped_str
, "/data/source/path",18)==0);
24 /* path in full URL */
25 unescaped_str
= xstrdup("http://foo.invalid%2Fdata%2Fsource%2Fpath");
26 rfc1738_unescape(unescaped_str
);
27 CPPUNIT_ASSERT(memcmp(unescaped_str
, "http://foo.invalid/data/source/path",36)==0);
30 // TODO query string...
32 /* Newline %0A encoded */
33 unescaped_str
= xstrdup("w%0Ard");
34 rfc1738_unescape(unescaped_str
);
35 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w\nrd",5)==0);
38 /* Handle Un-encoded % */
39 unescaped_str
= xstrdup("w%rd");
40 rfc1738_unescape(unescaped_str
);
41 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%rd",5)==0);
44 /* Handle encoded % */
45 unescaped_str
= xstrdup("w%%rd");
46 rfc1738_unescape(unescaped_str
);
47 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%rd",5)==0);
50 /* Handle mixed-encoded % */
51 unescaped_str
= xstrdup("w%%%rd");
52 rfc1738_unescape(unescaped_str
);
53 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%%rd",6)==0);
56 /* A corrupt string */
57 unescaped_str
= xstrdup("Bad String %1");
58 rfc1738_unescape(unescaped_str
);
59 CPPUNIT_ASSERT(memcmp(unescaped_str
, "Bad String %1",14)==0);
62 /* A partly corrupt string */
63 unescaped_str
= xstrdup("Bad String %1A%3");
64 rfc1738_unescape(unescaped_str
);
65 CPPUNIT_ASSERT(memcmp(unescaped_str
, "Bad String \032%3",15)==0);
68 /* A non corrupt string */
69 unescaped_str
= xstrdup("Good String %1A");
70 rfc1738_unescape(unescaped_str
);
71 CPPUNIT_ASSERT(memcmp(unescaped_str
, "Good String \032",14)==0);
76 * Public API is formed of a triplet of encode functions mapping to the rfc1738_do_encode() engine.
80 * rfc1738_escape_unescaped == -1
81 * rfc1738_escape_part == 1
83 void testRFC1738::testUrlEncode()
87 /* TEST: Escaping only unsafe characters */
89 /* regular URL (no encoding needed) */
90 result
= rfc1738_do_escape("http://foo.invalid/data/source/path", RFC1738_ESCAPE_UNSAFE
);
91 CPPUNIT_ASSERT(memcmp(result
, "http://foo.invalid/data/source/path",36)==0);
93 /* long string of unsafe # characters */
94 result
= rfc1738_do_escape("################ ################ ################ ################ ################ ################ ################ ################", RFC1738_ESCAPE_UNSAFE
);
95 CPPUNIT_ASSERT(memcmp(result
, "%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23",406)==0);
97 /* TEST: escaping only reserved characters */
99 /* regular URL (full encoding requested) */
100 result
= rfc1738_do_escape("http://foo.invalid/data/source/path", RFC1738_ESCAPE_RESERVED
);
101 CPPUNIT_ASSERT(memcmp(result
, "http%3A%2F%2Ffoo.invalid%2Fdata%2Fsource%2Fpath",48)==0);
103 /* regular path (encoding wanted for ALL special chars) */
104 result
= rfc1738_do_escape("/data/source/path", RFC1738_ESCAPE_RESERVED
);
105 CPPUNIT_ASSERT(memcmp(result
, "%2Fdata%2Fsource%2Fpath",24)==0);
107 /* TEST: safety-escaping a string already partially escaped */
109 /* escaping of dangerous characters in a partially escaped string */
110 result
= rfc1738_do_escape("http://foo.invalid/data%2Fsource[]", RFC1738_ESCAPE_UNESCAPED
);
111 CPPUNIT_ASSERT(memcmp(result
, "http://foo.invalid/data%2Fsource%5B%5D",39)==0);
113 /* escaping of hexadecimal 0xFF characters in a partially escaped string */
114 result
= rfc1738_do_escape("http://foo.invalid/data%2Fsource\xFF\xFF", RFC1738_ESCAPE_UNESCAPED
);
115 CPPUNIT_ASSERT(memcmp(result
, "http://foo.invalid/data%2Fsource%FF%FF",39)==0);
119 /** SECURITY BUG TESTS: avoid null truncation attacks by skipping %00 bytes */
120 void testRFC1738::PercentZeroNullDecoding()
124 /* Attack with %00 encoded NULL */
125 unescaped_str
= xstrdup("w%00rd");
126 rfc1738_unescape(unescaped_str
);
127 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%00rd",7)==0);
128 xfree(unescaped_str
);
130 /* Attack with %0 encoded NULL */
131 unescaped_str
= xstrdup("w%0rd");
132 rfc1738_unescape(unescaped_str
);
133 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%0rd",6)==0);
134 xfree(unescaped_str
);
136 /* Handle '0' bytes embeded in encoded % */
137 unescaped_str
= xstrdup("w%%00%rd");
138 rfc1738_unescape(unescaped_str
);
139 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%00%rd",8)==0);
140 xfree(unescaped_str
);
142 /* Handle NULL bytes with encoded % */
143 unescaped_str
= xstrdup("w%%%00%rd");
144 rfc1738_unescape(unescaped_str
);
145 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%%00%rd",9)==0);
146 xfree(unescaped_str
);