diff options
Diffstat (limited to 'spec/ruby/security/cve_2017_17742_spec.rb')
-rw-r--r-- | spec/ruby/security/cve_2017_17742_spec.rb | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb deleted file mode 100644 index 72776cb497..0000000000 --- a/spec/ruby/security/cve_2017_17742_spec.rb +++ /dev/null @@ -1,34 +0,0 @@ -require_relative '../spec_helper' - -require "webrick" -require "stringio" -require "net/http" - -describe "WEBrick" do - describe "resists CVE-2017-17742" do - it "for a response splitting headers" do - config = WEBrick::Config::HTTP - res = WEBrick::HTTPResponse.new config - res['X-header'] = "malicious\r\nCookie: hack" - io = StringIO.new - res.send_response io - io.rewind - res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) - res.code.should == '500' - io.string.should_not =~ /hack/ - end - - it "for a response splitting cookie headers" do - user_input = "malicious\r\nCookie: hack" - config = WEBrick::Config::HTTP - res = WEBrick::HTTPResponse.new config - res.cookies << WEBrick::Cookie.new('author', user_input) - io = StringIO.new - res.send_response io - io.rewind - res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) - res.code.should == '500' - io.string.should_not =~ /hack/ - end - end -end |