summaryrefslogtreecommitdiff
path: root/test/webrick/test_httpresponse.rb
diff options
context:
space:
mode:
authorYusuke Endoh <mame@ruby-lang.org>2020-06-19 00:53:33 +0900
committerYusuke Endoh <mame@ruby-lang.org>2020-06-19 00:57:18 +0900
commit26c1cf6a6066f90c0c2be7e84e68f75fb920b0d9 (patch)
tree49659b76064867e1ed544ec5d2f2df4a8a0ea9b4 /test/webrick/test_httpresponse.rb
parentc0591b8477edfa59bba566acbb8e0550fa31caff (diff)
test/webrick/test_httpresponse.rb: Use a longer indicator for crack
"hack" was too short. The tests checks the error html, which includes hostname. GitHub Actions hostname seems randomly generated, and it may include the indicator string. https://github.com/ruby/ruby/runs/784896235 ``` 1) Failure: WEBrick::TestHTTPResponse#test_prevent_response_splitting_cookie_headers_cr [/home/runner/work/ruby/ruby/src/test/webrick/test_httpresponse.rb:71]: Expected /hack/ to not match "HTTP/1.1 500 Internal Server Error\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\n<HTML>\n <HEAD><TITLE>Internal Server Error</TITLE></HEAD>\n <BODY>\n <H1>Internal Server Error</H1>\n WEBrick::HTTPResponse::InvalidHeader\n <HR>\n <ADDRESS>\n WEBrick/1.6.0 (Ruby/2.8.0/2020-06-18) at\n fv-az89.dddawhu1s14uzpjkiz5fhackre.cx.internal.cloudapp.net:80\n </ADDRESS>\n </BODY>\n</HTML>\n". ``` This change uses longer indicator "cracked_indicator_for_test" instead.
Diffstat (limited to 'test/webrick/test_httpresponse.rb')
-rw-r--r--test/webrick/test_httpresponse.rb26
1 files changed, 13 insertions, 13 deletions
diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb
index e8c69a1..89a0f70 100644
--- a/test/webrick/test_httpresponse.rb
+++ b/test/webrick/test_httpresponse.rb
@@ -30,70 +30,70 @@ module WEBrick
end
def test_prevent_response_splitting_headers_crlf
- res['X-header'] = "malicious\r\nCookie: hack"
+ res['X-header'] = "malicious\r\nCookie: cracked_indicator_for_test"
io = StringIO.new
res.send_response io
io.rewind
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
assert_equal '500', res.code
- refute_match 'hack', io.string
+ refute_match 'cracked_indicator_for_test', io.string
end
def test_prevent_response_splitting_cookie_headers_crlf
- user_input = "malicious\r\nCookie: hack"
+ user_input = "malicious\r\nCookie: cracked_indicator_for_test"
res.cookies << WEBrick::Cookie.new('author', user_input)
io = StringIO.new
res.send_response io
io.rewind
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
assert_equal '500', res.code
- refute_match 'hack', io.string
+ refute_match 'cracked_indicator_for_test', io.string
end
def test_prevent_response_splitting_headers_cr
- res['X-header'] = "malicious\rCookie: hack"
+ res['X-header'] = "malicious\rCookie: cracked_indicator_for_test"
io = StringIO.new
res.send_response io
io.rewind
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
assert_equal '500', res.code
- refute_match 'hack', io.string
+ refute_match 'cracked_indicator_for_test', io.string
end
def test_prevent_response_splitting_cookie_headers_cr
- user_input = "malicious\rCookie: hack"
+ user_input = "malicious\rCookie: cracked_indicator_for_test"
res.cookies << WEBrick::Cookie.new('author', user_input)
io = StringIO.new
res.send_response io
io.rewind
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
assert_equal '500', res.code
- refute_match 'hack', io.string
+ refute_match 'cracked_indicator_for_test', io.string
end
def test_prevent_response_splitting_headers_lf
- res['X-header'] = "malicious\nCookie: hack"
+ res['X-header'] = "malicious\nCookie: cracked_indicator_for_test"
io = StringIO.new
res.send_response io
io.rewind
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
assert_equal '500', res.code
- refute_match 'hack', io.string
+ refute_match 'cracked_indicator_for_test', io.string
end
def test_prevent_response_splitting_cookie_headers_lf
- user_input = "malicious\nCookie: hack"
+ user_input = "malicious\nCookie: cracked_indicator_for_test"
res.cookies << WEBrick::Cookie.new('author', user_input)
io = StringIO.new
res.send_response io
io.rewind
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
assert_equal '500', res.code
- refute_match 'hack', io.string
+ refute_match 'cracked_indicator_for_test', io.string
end
def test_set_redirect_response_splitting
- url = "malicious\r\nCookie: hack"
+ url = "malicious\r\nCookie: cracked_indicator_for_test"
assert_raises(URI::InvalidURIError) do
res.set_redirect(WEBrick::HTTPStatus::MultipleChoices, url)
end