summaryrefslogtreecommitdiff
path: root/test/webrick/test_httpresponse.rb
diff options
context:
space:
mode:
authornormal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-07-14 02:59:39 +0000
committernormal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2018-07-14 02:59:39 +0000
commitb9f9986a5e531975c97bdb695a86d6673713aedd (patch)
treec2f2ab5f378a7264d62ba59206b2684b6eee0b85 /test/webrick/test_httpresponse.rb
parenteb53b0ff05bbb62e9db5f3421cf38b691a14d91a (diff)
webrick/httpresponse: set_redirect requires a valid URI
Prevents response splitting and HTML injection attacks in poorly-written applications which blindly pass along user input in redirects. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/webrick/test_httpresponse.rb')
-rw-r--r--test/webrick/test_httpresponse.rb21
1 files changed, 21 insertions, 0 deletions
diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb
index 6263e0a..75861ca 100644
--- a/test/webrick/test_httpresponse.rb
+++ b/test/webrick/test_httpresponse.rb
@@ -50,6 +50,27 @@ module WEBrick
refute_match 'hack', io.string
end
+ def test_set_redirect_response_splitting
+ url = "malicious\r\nCookie: hack"
+ assert_raises(URI::InvalidURIError) do
+ res.set_redirect(WEBrick::HTTPStatus::MultipleChoices, url)
+ end
+ end
+
+ def test_set_redirect_html_injection
+ url = 'http://example.com////?a</a><head></head><body><img src=1></body>'
+ assert_raises(WEBrick::HTTPStatus::MultipleChoices) do
+ res.set_redirect(WEBrick::HTTPStatus::MultipleChoices, url)
+ end
+ res.status = 300
+ io = StringIO.new
+ res.send_response(io)
+ io.rewind
+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+ assert_equal '300', res.code
+ refute_match /<img/, io.string
+ end
+
def test_304_does_not_log_warning
res.status = 304
res.setup_header