1 files changed, 0 insertions, 37 deletions

diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb
deleted file mode 100644
index b0d93e42b8..0000000000
--- a/spec/ruby/security/cve_2017_17742_spec.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-require_relative '../spec_helper'
-
-# webrick is no longer in stdlib in Ruby 3+
-ruby_version_is ""..."3.0" do
-  require "webrick"
-  require "stringio"
-  require "net/http"
-
-  describe "WEBrick" do
-    describe "resists CVE-2017-17742" do
-      it "for a response splitting headers" do
-        config = WEBrick::Config::HTTP
-        res = WEBrick::HTTPResponse.new config
-        res['X-header'] = "malicious\r\nCookie: hack"
-        io = StringIO.new
-        res.send_response io
-        io.rewind
-        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-        res.code.should == '500'
-        io.string.should_not =~ /hack/
-      end
-
-      it "for a response splitting cookie headers" do
-        user_input = "malicious\r\nCookie: hack"
-        config = WEBrick::Config::HTTP
-        res = WEBrick::HTTPResponse.new config
-        res.cookies << WEBrick::Cookie.new('author', user_input)
-        io = StringIO.new
-        res.send_response io
-        io.rewind
-        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-        res.code.should == '500'
-        io.string.should_not =~ /hack/
-      end
-    end
-  end
-end