Reenable ee10 protected target exceptions
This commit is contained in:
Greg Wilkins
parent
af5fecd18d
commit
db359ff8a5
|
|
@ -53,7 +53,6 @@ import org.eclipse.jetty.util.resource.ResourceFactory;
|
|||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
|
|
@ -306,9 +305,15 @@ public class WebAppContextTest
|
|||
assertFalse(context.isProtectedTarget("/something-else/web-inf"));
|
||||
}
|
||||
|
||||
@Disabled //TODO
|
||||
@Test
|
||||
public void testProtectedTarget() throws Exception
|
||||
@ParameterizedTest
|
||||
@ValueSource(strings = {
|
||||
"/test.xml",
|
||||
"/%2e/%2e/test.xml",
|
||||
"/%u002e/%u002e/test.xml",
|
||||
"/foo/%2e%2e/test.xml",
|
||||
"/foo/%u002e%u002e/test.xml"
|
||||
})
|
||||
public void testUnProtectedTarget(String target) throws Exception
|
||||
{
|
||||
Server server = newServer();
|
||||
|
||||
|
|
@ -328,46 +333,58 @@ public class WebAppContextTest
|
|||
|
||||
server.start();
|
||||
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2e/%2e/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%u002e/%u002e/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /foo/%2e%2e/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /foo/%u002e%u002e/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
|
||||
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF/ HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /web-inf/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%u002e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2e/%2e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%u002e/%u002e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /foo/%2e%2e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /foo/%u002e%u002e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2E/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /%u002E/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET //WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF%2ftest.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET " + target + " HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
|
||||
}
|
||||
|
||||
|
||||
@ParameterizedTest
|
||||
@ValueSource(strings = {
|
||||
"/WEB-INF",
|
||||
"/WEB-INF/",
|
||||
"/WEB-INF%2F",
|
||||
"/WEB-INF/test.xml",
|
||||
"/web-inf/test.xml",
|
||||
"/%2e/WEB-INF/test.xml",
|
||||
"/%u002e/WEB-INF/test.xml",
|
||||
"/%2e/%2e/WEB-INF/test.xml",
|
||||
"/%u002e/%u002e/WEB-INF/test.xml",
|
||||
"/foo/%2e%2e/WEB-INF/test.xml",
|
||||
"/foo/%u002e%u002e/WEB-INF/test.xml",
|
||||
"/%2E/WEB-INF/test.xml",
|
||||
"//WEB-INF/test.xml",
|
||||
"/WEB-INF%2ftest.xml",
|
||||
"/.%00/WEB-INF/test.xml",
|
||||
"/WEB-INF%00/test.xml"
|
||||
"/%u002E/WEB-INF/test.xml",
|
||||
"//WEB-INF/test.xml" /* TODO,
|
||||
"/WEB-INF%2Ftest.xml",
|
||||
"/WEB-INF%u002Ftest.xml",
|
||||
"/WEB-INF%2ftest.xml" */
|
||||
})
|
||||
public void testProtectedTarget(String target) throws Exception
|
||||
{
|
||||
Server server = newServer();
|
||||
|
||||
Handler.Collection handlers = new Handler.Collection();
|
||||
ContextHandlerCollection contexts = new ContextHandlerCollection();
|
||||
WebAppContext context = new WebAppContext();
|
||||
Path testWebapp = MavenTestingUtils.getProjectDirPath("src/test/webapp");
|
||||
context.setBaseResource(testWebapp);
|
||||
context.setContextPath("/");
|
||||
server.setHandler(handlers);
|
||||
handlers.addHandler(contexts);
|
||||
contexts.addHandler(context);
|
||||
|
||||
LocalConnector connector = new LocalConnector(server);
|
||||
server.addConnector(connector);
|
||||
connector.getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration().setUriCompliance(UriCompliance.RFC3986);
|
||||
|
||||
server.start();
|
||||
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET " + target + " HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
|
||||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@ValueSource(strings = {
|
||||
"/.%00/WEB-INF/test.xml",
|
||||
"/WEB-INF%00/test.xml",
|
||||
"/WEB-INF%u0000/test.xml"
|
||||
})
|
||||
|
||||
@Disabled //TODO
|
||||
@Test
|
||||
public void testProtectedTargetFailure(String path) throws Exception
|
||||
{
|
||||
Server server = newServer();
|
||||
|
|
@ -389,10 +406,9 @@ public class WebAppContextTest
|
|||
server.start();
|
||||
|
||||
assertThat(HttpTester.parseResponse(connector.getResponse("GET " + path + " HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(),
|
||||
Matchers.anyOf(is(HttpStatus.NOT_FOUND_404), is(HttpStatus.BAD_REQUEST_400)));
|
||||
Matchers.anyOf(is(HttpStatus.BAD_REQUEST_400)));
|
||||
}
|
||||
|
||||
@Disabled //TODO
|
||||
@Test
|
||||
public void testNullPath() throws Exception
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue