]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/tests/testRFC1738.cc
1 #define SQUID_UNIT_TEST 1
8 #include "testRFC1738.h"
10 /* Being a C library code it is best bodily included and tested with C++ type-safe techniques. */
11 #include "lib/rfc1738.c"
13 CPPUNIT_TEST_SUITE_REGISTRATION( testRFC1738
);
15 /* Regular Format de-coding tests */
16 void testRFC1738::testUrlDecode()
20 /* regular URL-path */
21 unescaped_str
= xstrdup("%2Fdata%2Fsource%2Fpath");
22 rfc1738_unescape(unescaped_str
);
23 CPPUNIT_ASSERT(memcmp(unescaped_str
, "/data/source/path",18)==0);
26 /* path in full URL */
27 unescaped_str
= xstrdup("http://foo.invalid%2Fdata%2Fsource%2Fpath");
28 rfc1738_unescape(unescaped_str
);
29 CPPUNIT_ASSERT(memcmp(unescaped_str
, "http://foo.invalid/data/source/path",36)==0);
32 // TODO query string...
34 /* Newline %0A encoded */
35 unescaped_str
= xstrdup("w%0Ard");
36 rfc1738_unescape(unescaped_str
);
37 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w\nrd",5)==0);
40 /* Handle Un-encoded % */
41 unescaped_str
= xstrdup("w%rd");
42 rfc1738_unescape(unescaped_str
);
43 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%rd",5)==0);
46 /* Handle encoded % */
47 unescaped_str
= xstrdup("w%%rd");
48 rfc1738_unescape(unescaped_str
);
49 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%rd",5)==0);
52 /* Handle mixed-encoded % */
53 unescaped_str
= xstrdup("w%%%rd");
54 rfc1738_unescape(unescaped_str
);
55 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%%rd",6)==0);
58 /* A corrupt string */
59 unescaped_str
= xstrdup("Bad String %1");
60 rfc1738_unescape(unescaped_str
);
61 CPPUNIT_ASSERT(memcmp(unescaped_str
, "Bad String %1",14)==0);
64 /* A partly corrupt string */
65 unescaped_str
= xstrdup("Bad String %1A%3");
66 rfc1738_unescape(unescaped_str
);
67 CPPUNIT_ASSERT(memcmp(unescaped_str
, "Bad String \032%3",15)==0);
70 /* A non corrupt string */
71 unescaped_str
= xstrdup("Good String %1A");
72 rfc1738_unescape(unescaped_str
);
73 CPPUNIT_ASSERT(memcmp(unescaped_str
, "Good String \032",14)==0);
78 * Public API is formed of a triplet of encode functions mapping to the rfc1738_do_encode() engine.
82 * rfc1738_escape_unescaped == -1
83 * rfc1738_escape_part == 1
85 void testRFC1738::testUrlEncode()
89 /* TEST: Escaping only unsafe characters */
91 /* regular URL (no encoding needed) */
92 result
= rfc1738_do_escape("http://foo.invalid/data/source/path", RFC1738_ESCAPE_UNSAFE
);
93 CPPUNIT_ASSERT(memcmp(result
, "http://foo.invalid/data/source/path",36)==0);
95 /* long string of unsafe # characters */
96 result
= rfc1738_do_escape("################ ################ ################ ################ ################ ################ ################ ################", RFC1738_ESCAPE_UNSAFE
);
97 CPPUNIT_ASSERT(memcmp(result
, "%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%20%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23",406)==0);
99 /* TEST: escaping only reserved characters */
101 /* regular URL (full encoding requested) */
102 result
= rfc1738_do_escape("http://foo.invalid/data/source/path", RFC1738_ESCAPE_RESERVED
);
103 CPPUNIT_ASSERT(memcmp(result
, "http%3A%2F%2Ffoo.invalid%2Fdata%2Fsource%2Fpath",48)==0);
105 /* regular path (encoding wanted for ALL special chars) */
106 result
= rfc1738_do_escape("/data/source/path", RFC1738_ESCAPE_RESERVED
);
107 CPPUNIT_ASSERT(memcmp(result
, "%2Fdata%2Fsource%2Fpath",24)==0);
109 /* TEST: safety-escaping a string already partially escaped */
111 /* escaping of dangerous characters in a partially escaped string */
112 result
= rfc1738_do_escape("http://foo.invalid/data%2Fsource[]", RFC1738_ESCAPE_UNESCAPED
);
113 CPPUNIT_ASSERT(memcmp(result
, "http://foo.invalid/data%2Fsource%5B%5D",39)==0);
115 /* escaping of hexadecimal 0xFF characters in a partially escaped string */
116 result
= rfc1738_do_escape("http://foo.invalid/data%2Fsource\xFF\xFF", RFC1738_ESCAPE_UNESCAPED
);
117 CPPUNIT_ASSERT(memcmp(result
, "http://foo.invalid/data%2Fsource%FF%FF",39)==0);
121 /** SECURITY BUG TESTS: avoid null truncation attacks by skipping %00 bytes */
122 void testRFC1738::PercentZeroNullDecoding()
126 /* Attack with %00 encoded NULL */
127 unescaped_str
= xstrdup("w%00rd");
128 rfc1738_unescape(unescaped_str
);
129 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%00rd",7)==0);
130 xfree(unescaped_str
);
132 /* Attack with %0 encoded NULL */
133 unescaped_str
= xstrdup("w%0rd");
134 rfc1738_unescape(unescaped_str
);
135 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%0rd",6)==0);
136 xfree(unescaped_str
);
138 /* Handle '0' bytes embeded in encoded % */
139 unescaped_str
= xstrdup("w%%00%rd");
140 rfc1738_unescape(unescaped_str
);
141 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%00%rd",8)==0);
142 xfree(unescaped_str
);
144 /* Handle NULL bytes with encoded % */
145 unescaped_str
= xstrdup("w%%%00%rd");
146 rfc1738_unescape(unescaped_str
);
147 CPPUNIT_ASSERT(memcmp(unescaped_str
, "w%%00%rd",9)==0);
148 xfree(unescaped_str
);