diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2019-03-09 19:53:51 +0900 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2019-06-24 10:11:47 +0900 |
commit | 11a60f9bdb486b5173946a7eb11b41e5f75a28cd (patch) | |
tree | 9f08b42546cb6fd27d6ad04216e98919d59f04de /test/webrick | |
parent | 97a7f463f683774f054f9d7dafc3756aad39dd1c (diff) |
Remove extraneous spaces at the end of status line
Remove extraneous spaces after the status code that is
non-compliant with RFC, i.e `HTTP 200 OK `, to unnecessary
confusion for WEBrick users, by a risk that WEBrick instances in
the wild will have server responses flagged as suspicious or
malicious due to a similar bug in [Cobalt Strike
misconfiguration].
Reported by Matt Tennis <mtennis@paloaltonetworks.com>
[Cobalt Strike misconfiguration]: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/
Diffstat (limited to 'test/webrick')
-rw-r--r-- | test/webrick/test_httpresponse.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb index 468c60582d..a1d7712be0 100644 --- a/test/webrick/test_httpresponse.rb +++ b/test/webrick/test_httpresponse.rb @@ -222,5 +222,12 @@ module WEBrick assert_match(/#{@res.reason_phrase}/, body) assert_match(/#{message}/, body) end + + def test_no_extraneous_space + [200, 300, 400, 500].each do |status| + @res.status = status + assert_match(/\S\r\n/, @res.status_line) + end + end end end |