summaryrefslogtreecommitdiff
path: root/spec/ruby/security/cve_2017_17742_spec.rb
diff options
context:
space:
mode:
authoreregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-06-13 21:41:45 +0000
committereregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-06-13 21:41:45 +0000
commit67078e81f57523fdf65ba7a9d919a146763363a5 (patch)
tree795ec86c6a90842d9168b0900d058c46244249f3 /spec/ruby/security/cve_2017_17742_spec.rb
parent78890babe74e87aea79d1022ab455aeddf8a3310 (diff)
Update to ruby/spec@4bc7a2b
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'spec/ruby/security/cve_2017_17742_spec.rb')
-rw-r--r--spec/ruby/security/cve_2017_17742_spec.rb54
1 files changed, 24 insertions, 30 deletions
diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb
index f1205412c6..72776cb497 100644
--- a/spec/ruby/security/cve_2017_17742_spec.rb
+++ b/spec/ruby/security/cve_2017_17742_spec.rb
@@ -4,37 +4,31 @@ require "webrick"
require "stringio"
require "net/http"
-guard -> {
- ruby_version_is "2.3.7"..."2.4" or
- ruby_version_is "2.4.4"..."2.5" or
- ruby_version_is "2.5.1"
-} do
- describe "WEBrick" do
- describe "resists CVE-2017-17742" do
- it "for a response splitting headers" do
- config = WEBrick::Config::HTTP
- res = WEBrick::HTTPResponse.new config
- res['X-header'] = "malicious\r\nCookie: hack"
- io = StringIO.new
- res.send_response io
- io.rewind
- res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
- res.code.should == '500'
- io.string.should_not =~ /hack/
- end
+describe "WEBrick" do
+ describe "resists CVE-2017-17742" do
+ it "for a response splitting headers" do
+ config = WEBrick::Config::HTTP
+ res = WEBrick::HTTPResponse.new config
+ res['X-header'] = "malicious\r\nCookie: hack"
+ io = StringIO.new
+ res.send_response io
+ io.rewind
+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+ res.code.should == '500'
+ io.string.should_not =~ /hack/
+ end
- it "for a response splitting cookie headers" do
- user_input = "malicious\r\nCookie: hack"
- config = WEBrick::Config::HTTP
- res = WEBrick::HTTPResponse.new config
- res.cookies << WEBrick::Cookie.new('author', user_input)
- io = StringIO.new
- res.send_response io
- io.rewind
- res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
- res.code.should == '500'
- io.string.should_not =~ /hack/
- end
+ it "for a response splitting cookie headers" do
+ user_input = "malicious\r\nCookie: hack"
+ config = WEBrick::Config::HTTP
+ res = WEBrick::HTTPResponse.new config
+ res.cookies << WEBrick::Cookie.new('author', user_input)
+ io = StringIO.new
+ res.send_response io
+ io.rewind
+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+ res.code.should == '500'
+ io.string.should_not =~ /hack/
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 06:48:20 +0000