2018-04-28 15:50:06 -04:00
|
|
|
require_relative '../spec_helper'
|
|
|
|
|
2021-08-13 12:09:14 -04:00
|
|
|
# webrick is no longer in stdlib in Ruby 3+
|
|
|
|
ruby_version_is ""..."3.0" do
|
|
|
|
require "webrick"
|
|
|
|
require "stringio"
|
|
|
|
require "net/http"
|
2018-04-28 15:50:06 -04:00
|
|
|
|
2021-08-13 12:09:14 -04:00
|
|
|
describe "WEBrick" do
|
|
|
|
describe "resists CVE-2017-17742" do
|
|
|
|
it "for a response splitting headers" do
|
|
|
|
config = WEBrick::Config::HTTP
|
|
|
|
res = WEBrick::HTTPResponse.new config
|
|
|
|
res['X-header'] = "malicious\r\nCookie: hack"
|
|
|
|
io = StringIO.new
|
|
|
|
res.send_response io
|
|
|
|
io.rewind
|
|
|
|
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
|
|
|
|
res.code.should == '500'
|
|
|
|
io.string.should_not =~ /hack/
|
|
|
|
end
|
2018-04-28 15:50:06 -04:00
|
|
|
|
2021-08-13 12:09:14 -04:00
|
|
|
it "for a response splitting cookie headers" do
|
|
|
|
user_input = "malicious\r\nCookie: hack"
|
|
|
|
config = WEBrick::Config::HTTP
|
|
|
|
res = WEBrick::HTTPResponse.new config
|
|
|
|
res.cookies << WEBrick::Cookie.new('author', user_input)
|
|
|
|
io = StringIO.new
|
|
|
|
res.send_response io
|
|
|
|
io.rewind
|
|
|
|
res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
|
|
|
|
res.code.should == '500'
|
|
|
|
io.string.should_not =~ /hack/
|
|
|
|
end
|
2018-04-28 15:50:06 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|