From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 7 Oct 2021 12:01:20 +0000 (+0000)
Subject: test/modules/http2: more encoding tests.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~764
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c385f2b6c8352e2ca0665e66af022d6e936db6d;p=thirdparty%2Fapache%2Fhttpd.git

test/modules/http2: more encoding tests.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893972 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/test/modules/http2/h2_env.py b/test/modules/http2/h2_env.py
index 3492a3974a8..7f879870e70 100644
--- a/test/modules/http2/h2_env.py
+++ b/test/modules/http2/h2_env.py
@@ -508,7 +508,8 @@ class H2TestEnv:
             "--cacert", self.ca.cert_file,
             "-s", "-D", headerfile,
             "--resolve", ("%s:%s:%s" % (u.hostname, u.port, self._httpd_addr)),
-            "--connect-timeout", ("%d" % timeout) 
+            "--connect-timeout", ("%d" % timeout),
+            "--path-as-is"
         ]
         if options:
             args.extend(options)
diff --git a/test/modules/http2/test_203_encoding.py b/test/modules/http2/test_203_encoding.py
index a9a450ac0a5..60d96e0badf 100644
--- a/test/modules/http2/test_203_encoding.py
+++ b/test/modules/http2/test_203_encoding.py
@@ -43,6 +43,9 @@ class TestEncoding:
         "/%30%30%36/%30%30%36.css",
         "/nothing/../006/006.css",
         "/nothing/./../006/006.css",
+        "/nothing/%2e%2e/006/006.css",
+        "/nothing/%2e/%2e%2e/006/006.css",
+        "/nothing/%2e/%2e%2e/006/006%2ecss",
     ])
     def test_203_01(self, env, path):
         url = env.mkurl("https", "test1", path)
@@ -54,7 +57,10 @@ class TestEncoding:
         "/006//006.css",
         "/006//////////006.css",
         "/006////.//////006.css",
+        "/006////%2e//////006.css",
+        "/006////%2e//////006%2ecss",
         "/006/../006/006.css",
+        "/006/%2e%2e/006/006.css",
     ])
     def test_203_03(self, env, path):
         url = env.mkurl("https", "test1", path)
@@ -63,11 +69,19 @@ class TestEncoding:
 
     # check path traversals
     @pytest.mark.parametrize(["path", "status"], [
-        ["/../cgi/echo.py", 404],
-        ["/nothing/%%32%65%%32%65/echo.py", 400],
+        ["/../echo.py", 400],
+        ["/nothing/../../echo.py", 400],
+        ["/cgi-bin/../../echo.py", 400],
+        ["/nothing/%2e%2e/%2e%2e/echo.py", 400],
+        ["/cgi-bin/%2e%2e/%2e%2e/echo.py", 400],
         ["/nothing/%%32%65%%32%65/echo.py", 400],
         ["/cgi-bin/%%32%65%%32%65/echo.py", 400],
+        ["/nothing/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400],
         ["/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400],
+        ["/nothing/%25%32%65%25%32%65/echo.py", 404],
+        ["/cgi-bin/%25%32%65%25%32%65/echo.py", 404],
+        ["/nothing/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404],
+        ["/cgi-bin/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404],
     ])
     def test_203_04(self, env, path, status):
         url = env.mkurl("https", "cgi", path)