ruby/test/webrick/test_filehandler.rb

205 строки
6.7 KiB
Ruby

require "test/unit"
require "webrick"
require "stringio"
require File.join(File.dirname(__FILE__), "utils.rb")
class WEBrick::TestFileHandler < Test::Unit::TestCase
def default_file_handler(filename)
klass = WEBrick::HTTPServlet::DefaultFileHandler
klass.new(WEBrick::Config::HTTP, filename)
end
def windows?
File.directory?("\\")
end
def get_res_body(res)
if defined? res.body.read
res.body.read
else
res.body
end
end
def make_range_request(range_spec)
msg = <<-_end_of_request_
GET / HTTP/1.0
Range: #{range_spec}
_end_of_request_
return StringIO.new(msg.gsub(/^ {6}/, ""))
end
def make_range_response(file, range_spec)
req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
req.parse(make_range_request(range_spec))
res = WEBrick::HTTPResponse.new(WEBrick::Config::HTTP)
size = File.size(file)
handler = default_file_handler(file)
handler.make_partial_content(req, res, file, size)
return res
end
def test_make_partial_content
filename = __FILE__
filesize = File.size(filename)
res = make_range_response(filename, "bytes=#{filesize-100}-")
assert_match(%r{^text/plain}, res["content-type"])
assert_equal(get_res_body(res).size, 100)
res = make_range_response(filename, "bytes=-100")
assert_match(%r{^text/plain}, res["content-type"])
assert_equal(get_res_body(res).size, 100)
res = make_range_response(filename, "bytes=0-99")
assert_match(%r{^text/plain}, res["content-type"])
assert_equal(get_res_body(res).size, 100)
res = make_range_response(filename, "bytes=100-199")
assert_match(%r{^text/plain}, res["content-type"])
assert_equal(get_res_body(res).size, 100)
res = make_range_response(filename, "bytes=0-0")
assert_match(%r{^text/plain}, res["content-type"])
assert_equal(get_res_body(res).size, 1)
res = make_range_response(filename, "bytes=-1")
assert_match(%r{^text/plain}, res["content-type"])
assert_equal(get_res_body(res).size, 1)
res = make_range_response(filename, "bytes=0-0, -2")
assert_match(%r{^multipart/byteranges}, res["content-type"])
end
def test_filehandler
config = { :DocumentRoot => File.dirname(__FILE__), }
this_file = File.basename(__FILE__)
TestWEBrick.start_httpserver(config) do |server, addr, port, log|
http = Net::HTTP.new(addr, port)
req = Net::HTTP::Get.new("/")
http.request(req){|res|
assert_equal("200", res.code, log.call)
assert_equal("text/html", res.content_type, log.call)
assert_match(/HREF="#{this_file}"/, res.body, log.call)
}
req = Net::HTTP::Get.new("/#{this_file}")
http.request(req){|res|
assert_equal("200", res.code, log.call)
assert_equal("text/plain", res.content_type, log.call)
assert_equal(File.read(__FILE__), res.body, log.call)
}
end
end
def test_non_disclosure_name
config = { :DocumentRoot => File.dirname(__FILE__), }
this_file = File.basename(__FILE__)
TestWEBrick.start_httpserver(config) do |server, addr, port, log|
http = Net::HTTP.new(addr, port)
doc_root_opts = server[:DocumentRootOptions]
doc_root_opts[:NondisclosureName] = %w(.ht* *~ test_*)
req = Net::HTTP::Get.new("/")
http.request(req){|res|
assert_equal("200", res.code, log.call)
assert_equal("text/html", res.content_type, log.call)
assert_no_match(/HREF="#{File.basename(__FILE__)}"/, res.body)
}
req = Net::HTTP::Get.new("/#{this_file}")
http.request(req){|res|
assert_equal("404", res.code, log.call)
}
doc_root_opts[:NondisclosureName] = %w(.ht* *~ TEST_*)
http.request(req){|res|
assert_equal("404", res.code, log.call)
}
end
end
def test_directory_traversal
config = { :DocumentRoot => File.dirname(__FILE__), }
this_file = File.basename(__FILE__)
TestWEBrick.start_httpserver(config) do |server, addr, port, log|
http = Net::HTTP.new(addr, port)
req = Net::HTTP::Get.new("/../../")
http.request(req){|res| assert_equal("400", res.code, log.call) }
req = Net::HTTP::Get.new("/..%5c../#{File.basename(__FILE__)}")
http.request(req){|res| assert_equal(windows? ? "200" : "404", res.code, log.call) }
req = Net::HTTP::Get.new("/..%5c..%5cruby.c")
http.request(req){|res| assert_equal("404", res.code, log.call) }
end
end
def test_unwise_in_path
if windows?
config = { :DocumentRoot => File.dirname(__FILE__), }
this_file = File.basename(__FILE__)
TestWEBrick.start_httpserver(config) do |server, addr, port, log|
http = Net::HTTP.new(addr, port)
req = Net::HTTP::Get.new("/..%5c..")
http.request(req){|res| assert_equal("301", res.code, log.call) }
end
end
end
def test_short_filename
config = {
:CGIInterpreter => TestWEBrick::RubyBin,
:DocumentRoot => File.dirname(__FILE__),
:CGIPathEnv => ENV['PATH'],
}
TestWEBrick.start_httpserver(config) do |server, addr, port, log|
http = Net::HTTP.new(addr, port)
req = Net::HTTP::Get.new("/webric~1.cgi/test")
http.request(req) do |res|
if windows?
assert_equal("200", res.code, log.call)
assert_equal("/test", res.body, log.call)
else
assert_equal("404", res.code, log.call)
end
end
req = Net::HTTP::Get.new("/.htaccess")
http.request(req) {|res| assert_equal("404", res.code, log.call) }
req = Net::HTTP::Get.new("/htacce~1")
http.request(req) {|res| assert_equal("404", res.code, log.call) }
req = Net::HTTP::Get.new("/HTACCE~1")
http.request(req) {|res| assert_equal("404", res.code, log.call) }
end
end
def test_script_disclosure
config = {
:CGIInterpreter => TestWEBrick::RubyBin,
:DocumentRoot => File.dirname(__FILE__),
:CGIPathEnv => ENV['PATH'],
}
TestWEBrick.start_httpserver(config) do |server, addr, port, log|
http = Net::HTTP.new(addr, port)
req = Net::HTTP::Get.new("/webrick.cgi/test")
http.request(req) do |res|
assert_equal("200", res.code, log.call)
assert_equal("/test", res.body, log.call)
end
response_assertion = Proc.new do |res|
if windows?
assert_equal("200", res.code, log.call)
assert_equal("/test", res.body, log.call)
else
assert_equal("404", res.code, log.call)
end
end
req = Net::HTTP::Get.new("/webrick.cgi%20/test")
http.request(req, &response_assertion)
req = Net::HTTP::Get.new("/webrick.cgi./test")
http.request(req, &response_assertion)
req = Net::HTTP::Get.new("/webrick.cgi::$DATA/test")
http.request(req, &response_assertion)
end
end
end