test/modules/http2: more encoding tests.

author Yann Ylavic <ylavic@apache.org>

Thu, 7 Oct 2021 12:01:20 +0000 (12:01 +0000)

committer Yann Ylavic <ylavic@apache.org>

Thu, 7 Oct 2021 12:01:20 +0000 (12:01 +0000)
author Yann Ylavic <ylavic@apache.org>
Thu, 7 Oct 2021 12:01:20 +0000 (12:01 +0000)
committer Yann Ylavic <ylavic@apache.org>
Thu, 7 Oct 2021 12:01:20 +0000 (12:01 +0000)
diff --git a/test/modules/http2/h2_env.py b/test/modules/http2/h2_env.py

index 3492a3974a8253cd54d79459443128277dd7bbae..7f879870e70ff3899bb8c6e86e28cd626f2924f1 100644 (file)
--- a/test/modules/http2/h2_env.py
+++ b/test/modules/http2/h2_env.py
@@ -508,7 +508,8 @@ class H2TestEnv:
              "--cacert", self.ca.cert_file,
              "-s", "-D", headerfile,
              "--resolve", ("%s:%s:%s" % (u.hostname, u.port, self._httpd_addr)),
-            "--connect-timeout", ("%d" % timeout) 
+            "--connect-timeout", ("%d" % timeout),
+            "--path-as-is"
          ]
          if options:
              args.extend(options)
diff --git a/test/modules/http2/test_203_encoding.py b/test/modules/http2/test_203_encoding.py

index a9a450ac0a5d71a865bdf8e7d69d7e7d87ae2c93..60d96e0badfead9062bbe9b8dc91e390837ca67b 100644 (file)
--- a/test/modules/http2/test_203_encoding.py
+++ b/test/modules/http2/test_203_encoding.py
@@ -43,6 +43,9 @@ class TestEncoding:
          "/%30%30%36/%30%30%36.css",
          "/nothing/../006/006.css",
          "/nothing/./../006/006.css",
+        "/nothing/%2e%2e/006/006.css",
+        "/nothing/%2e/%2e%2e/006/006.css",
+        "/nothing/%2e/%2e%2e/006/006%2ecss",
      ])
      def test_203_01(self, env, path):
          url = env.mkurl("https", "test1", path)
@@ -54,7 +57,10 @@ class TestEncoding:
          "/006//006.css",
          "/006//////////006.css",
          "/006////.//////006.css",
+        "/006////%2e//////006.css",
+        "/006////%2e//////006%2ecss",
          "/006/../006/006.css",
+        "/006/%2e%2e/006/006.css",
      ])
      def test_203_03(self, env, path):
          url = env.mkurl("https", "test1", path)
@@ -63,11 +69,19 @@ class TestEncoding:
  
      # check path traversals
      @pytest.mark.parametrize(["path", "status"], [
-        ["/../cgi/echo.py", 404],
-        ["/nothing/%%32%65%%32%65/echo.py", 400],
+        ["/../echo.py", 400],
+        ["/nothing/../../echo.py", 400],
+        ["/cgi-bin/../../echo.py", 400],
+        ["/nothing/%2e%2e/%2e%2e/echo.py", 400],
+        ["/cgi-bin/%2e%2e/%2e%2e/echo.py", 400],
          ["/nothing/%%32%65%%32%65/echo.py", 400],
          ["/cgi-bin/%%32%65%%32%65/echo.py", 400],
+        ["/nothing/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400],
          ["/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400],
+        ["/nothing/%25%32%65%25%32%65/echo.py", 404],
+        ["/cgi-bin/%25%32%65%25%32%65/echo.py", 404],
+        ["/nothing/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404],
+        ["/cgi-bin/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404],
      ])
      def test_203_04(self, env, path, status):
          url = env.mkurl("https", "cgi", path)
author	Yann Ylavic <ylavic@apache.org>
	Thu, 7 Oct 2021 12:01:20 +0000 (12:01 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Thu, 7 Oct 2021 12:01:20 +0000 (12:01 +0000)
test/modules/http2/h2_env.py		patch \| blob \| blame \| history
test/modules/http2/test_203_encoding.py		patch \| blob \| blame \| history