summaryrefslogtreecommitdiff
path: root/test/webrick/test_httpresponse.rb
AgeCommit message (Collapse)Author
2020-12-10Move webrick library into internal test toolchainHiroshi SHIBATA
Notes: Merged: https://github.com/ruby/ruby/pull/3729
2020-06-19test/webrick/test_httpresponse.rb: Use a longer indicator for crackYusuke Endoh
"hack" was too short. The tests checks the error html, which includes hostname. GitHub Actions hostname seems randomly generated, and it may include the indicator string. https://github.com/ruby/ruby/runs/784896235 ``` 1) Failure: WEBrick::TestHTTPResponse#test_prevent_response_splitting_cookie_headers_cr [/home/runner/work/ruby/ruby/src/test/webrick/test_httpresponse.rb:71]: Expected /hack/ to not match "HTTP/1.1 500 Internal Server Error\r\nContent-Type: text/html; charset=ISO-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\n<HTML>\n <HEAD><TITLE>Internal Server Error</TITLE></HEAD>\n <BODY>\n <H1>Internal Server Error</H1>\n WEBrick::HTTPResponse::InvalidHeader\n <HR>\n <ADDRESS>\n WEBrick/1.6.0 (Ruby/2.8.0/2020-06-18) at\n fv-az89.dddawhu1s14uzpjkiz5fhackre.cx.internal.cloudapp.net:80\n </ADDRESS>\n </BODY>\n</HTML>\n". ``` This change uses longer indicator "cracked_indicator_for_test" instead.
2019-11-30[ruby/webrick] Enabled chunked encoding if Transfer-Encoding: chunked header ↵Jeremy Evans
is set Patch from Leonard Garvey. Fixes Ruby Bug 9986. https://github.com/ruby/webrick/commit/8cff7f3995
2019-10-01WEBrick: prevent response splitting and header injectionYusuke Endoh
This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16. The commit prevented CRLR, but did not address an isolated CR or an isolated LF. Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
2019-06-24Remove extraneous spaces at the end of status lineNobuyoshi Nakada
Remove extraneous spaces after the status code that is non-compliant with RFC, i.e `HTTP 200 OK `, to unnecessary confusion for WEBrick users, by a risk that WEBrick instances in the wild will have server responses flagged as suspicious or malicious due to a similar bug in [Cobalt Strike misconfiguration]. Reported by Matt Tennis <mtennis@paloaltonetworks.com> [Cobalt Strike misconfiguration]: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/
2019-06-01Ignore warnings about ambiguous first argument of regexp with assert match.Hiroshi SHIBATA
2018-07-14webrick/httpresponse: set_redirect requires a valid URInormal
Prevents response splitting and HTML injection attacks in poorly-written applications which blindly pass along user input in redirects. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-03-28webrick: prevent response splitting and header injectionnormal
Original patch by tenderlove (with minor style adjustments). * lib/webrick/httpresponse.rb (send_header): call check_header (check_header): raise on embedded CRLF in header value * test/webrick/test_httpresponse.rb (test_prevent_response_splitting_headers): new test * (test_prevent_response_splitting_cookie_headers): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-10-30webrick: support Proc objects as body responsesnormal
* lib/webrick/httpresponse.rb (send_body): call send_body_proc (send_body_proc): new method (class ChunkedWrapper): new class * test/webrick/test_httpresponse.rb (test_send_body_proc): new test (test_send_body_proc_chunked): ditto [Feature #855] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60584 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-03-29* lib/webrick/httpresponse.rb: Move error_body to method. It allow tohsbt
override the body more easily. [fix GH-1307] * test/webrick/test_httpresponse.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16Add frozen_string_literal: false for all filesnaruse
When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-11-08* test/webrick: Examine log and use assert_join_threads.akr
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48318 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-05-30Close FDs.akr
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-08-08* test/webrick/test_httpresponse.rb (test_send_body_*_chunked): theseusa
expectations assumes that the IOs are binmode. fixed test failures introduced at r42427 on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-08-07* lib/webrick/httpresponse.rb: Allow #body to be an IO-like objectdrbrain
that responds to #readpartial and #read. [ruby-trunk - Feature #8155] * NEWS: NEWS for above * test/webrick/test_httpresponse.rb: Tests for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42427 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-12-12* lib/webrick/httpresponse.rb (setup_header): 1xx responsestenderlove
are allowed to have Keep-Alive connections. * test/webrick/test_httpresponse.rb: corresponding test. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34024 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-12-12* lib/webrick/httpresponse.rb (setup_header): 204 and 304 responsestenderlove
are allowed to have a Keep-Alive connection. [ruby-core:41581] * test/webrick/test_httpresponse.rb: corresponding test. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 10:33:32 +0000