2010-02-02 08:58:56 -05:00
|
|
|
require_relative "utils"
|
2010-01-18 02:50:08 -05:00
|
|
|
require "webrick"
|
2005-01-10 01:29:58 -05:00
|
|
|
require "test/unit"
|
|
|
|
|
|
|
|
class TestWEBrickCGI < Test::Unit::TestCase
|
2008-08-17 13:33:13 -04:00
|
|
|
CRLF = "\r\n"
|
|
|
|
|
|
|
|
def start_cgi_server(&block)
|
2005-01-10 01:29:58 -05:00
|
|
|
config = {
|
2008-05-18 09:33:24 -04:00
|
|
|
:CGIInterpreter => TestWEBrick::RubyBin,
|
2005-01-10 01:29:58 -05:00
|
|
|
:DocumentRoot => File.dirname(__FILE__),
|
2005-05-27 13:16:06 -04:00
|
|
|
:DirectoryIndex => ["webrick.cgi"],
|
2006-02-22 02:27:20 -05:00
|
|
|
:RequestHandler => Proc.new{|req, res|
|
|
|
|
def req.meta_vars
|
|
|
|
meta = super
|
|
|
|
meta["RUBYLIB"] = $:.join(File::PATH_SEPARATOR)
|
|
|
|
return meta
|
|
|
|
end
|
|
|
|
},
|
2005-01-10 01:29:58 -05:00
|
|
|
}
|
2005-09-20 04:35:52 -04:00
|
|
|
if RUBY_PLATFORM =~ /mswin32|mingw|cygwin|bccwin32/
|
|
|
|
config[:CGIPathEnv] = ENV['PATH'] # runtime dll may not be in system dir.
|
|
|
|
end
|
2008-10-29 07:48:35 -04:00
|
|
|
TestWEBrick.start_httpserver(config){|server, addr, port, log|
|
|
|
|
block.call(server, addr, port, log)
|
2008-08-17 13:33:13 -04:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_cgi
|
2008-10-29 07:48:35 -04:00
|
|
|
start_cgi_server{|server, addr, port, log|
|
2005-01-10 01:29:58 -05:00
|
|
|
http = Net::HTTP.new(addr, port)
|
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi")
|
2008-10-29 07:48:35 -04:00
|
|
|
http.request(req){|res| assert_equal("/webrick.cgi", res.body, log.call)}
|
2005-01-10 01:29:58 -05:00
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi/path/info")
|
2008-10-29 07:48:35 -04:00
|
|
|
http.request(req){|res| assert_equal("/path/info", res.body, log.call)}
|
2005-01-10 01:29:58 -05:00
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi/%3F%3F%3F?foo=bar")
|
2008-10-29 07:48:35 -04:00
|
|
|
http.request(req){|res| assert_equal("/???", res.body, log.call)}
|
2005-01-10 01:29:58 -05:00
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi/%A4%DB%A4%B2/%A4%DB%A4%B2")
|
|
|
|
http.request(req){|res|
|
2008-10-29 07:48:35 -04:00
|
|
|
assert_equal("/\xA4\xDB\xA4\xB2/\xA4\xDB\xA4\xB2", res.body, log.call)}
|
2005-01-10 01:29:58 -05:00
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi?a=1;a=2;b=x")
|
2008-10-29 07:48:35 -04:00
|
|
|
http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body, log.call)}
|
2005-01-10 01:29:58 -05:00
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi?a=1&a=2&b=x")
|
2008-10-29 07:48:35 -04:00
|
|
|
http.request(req){|res| assert_equal("a=1, a=2, b=x", res.body, log.call)}
|
2005-01-10 01:29:58 -05:00
|
|
|
|
|
|
|
req = Net::HTTP::Post.new("/webrick.cgi?a=x;a=y;b=1")
|
|
|
|
req["Content-Type"] = "application/x-www-form-urlencoded"
|
|
|
|
http.request(req, "a=1;a=2;b=x"){|res|
|
2008-10-29 07:48:35 -04:00
|
|
|
assert_equal("a=1, a=2, b=x", res.body, log.call)}
|
2005-01-10 01:29:58 -05:00
|
|
|
req = Net::HTTP::Post.new("/webrick.cgi?a=x&a=y&b=1")
|
|
|
|
req["Content-Type"] = "application/x-www-form-urlencoded"
|
|
|
|
http.request(req, "a=1&a=2&b=x"){|res|
|
2008-10-29 07:48:35 -04:00
|
|
|
assert_equal("a=1, a=2, b=x", res.body, log.call)}
|
2005-05-27 13:16:06 -04:00
|
|
|
req = Net::HTTP::Get.new("/")
|
|
|
|
http.request(req){|res|
|
2006-11-01 19:21:28 -05:00
|
|
|
ary = res.body.lines.to_a
|
2008-10-29 07:48:35 -04:00
|
|
|
assert_match(%r{/$}, ary[0], log.call)
|
|
|
|
assert_match(%r{/webrick.cgi$}, ary[1], log.call)
|
2005-05-27 13:16:06 -04:00
|
|
|
}
|
2005-10-30 15:40:05 -05:00
|
|
|
|
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi")
|
|
|
|
req["Cookie"] = "CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001"
|
|
|
|
http.request(req){|res|
|
|
|
|
assert_equal(
|
|
|
|
"CUSTOMER=WILE_E_COYOTE\nPART_NUMBER=ROCKET_LAUNCHER_0001\n",
|
2008-10-29 07:48:35 -04:00
|
|
|
res.body, log.call)
|
2005-10-30 15:40:05 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
req = Net::HTTP::Get.new("/webrick.cgi")
|
|
|
|
cookie = %{$Version="1"; }
|
|
|
|
cookie << %{Customer="WILE_E_COYOTE"; $Path="/acme"; }
|
|
|
|
cookie << %{Part_Number="Rocket_Launcher_0001"; $Path="/acme"; }
|
|
|
|
cookie << %{Shipping="FedEx"; $Path="/acme"}
|
|
|
|
req["Cookie"] = cookie
|
|
|
|
http.request(req){|res|
|
|
|
|
assert_equal("Customer=WILE_E_COYOTE, Shipping=FedEx",
|
2008-10-29 07:48:35 -04:00
|
|
|
res["Set-Cookie"], log.call)
|
2005-10-30 15:40:05 -05:00
|
|
|
assert_equal("Customer=WILE_E_COYOTE\n" +
|
|
|
|
"Part_Number=Rocket_Launcher_0001\n" +
|
2008-10-29 07:48:35 -04:00
|
|
|
"Shipping=FedEx\n", res.body, log.call)
|
2005-10-30 15:40:05 -05:00
|
|
|
}
|
2005-01-10 01:29:58 -05:00
|
|
|
}
|
|
|
|
end
|
2008-08-17 13:33:13 -04:00
|
|
|
|
|
|
|
def test_bad_request
|
2008-10-29 07:48:35 -04:00
|
|
|
start_cgi_server{|server, addr, port, log|
|
2008-08-17 13:33:13 -04:00
|
|
|
sock = TCPSocket.new(addr, port)
|
|
|
|
begin
|
|
|
|
sock << "POST /webrick.cgi HTTP/1.0" << CRLF
|
|
|
|
sock << "Content-Type: application/x-www-form-urlencoded" << CRLF
|
|
|
|
sock << "Content-Length: 1024" << CRLF
|
|
|
|
sock << CRLF
|
|
|
|
sock << "a=1&a=2&b=x"
|
|
|
|
sock.close_write
|
2008-10-29 07:48:35 -04:00
|
|
|
assert_match(%r{\AHTTP/\d.\d 400 Bad Request}, sock.read, log.call)
|
2008-08-17 13:33:13 -04:00
|
|
|
ensure
|
|
|
|
sock.close
|
|
|
|
end
|
|
|
|
}
|
|
|
|
end
|
2010-01-10 04:33:47 -05:00
|
|
|
|
|
|
|
CtrlSeq = [0x7f, *(1..31)].pack("C*").gsub(/\s+/, '')
|
|
|
|
CtrlPat = /#{Regexp.quote(CtrlSeq)}/o
|
|
|
|
DumpPat = /#{Regexp.quote(CtrlSeq.dump[1...-1])}/o
|
|
|
|
|
|
|
|
def test_bad_uri
|
|
|
|
start_cgi_server{|server, addr, port, log|
|
|
|
|
res = TCPSocket.open(addr, port) {|sock|
|
|
|
|
sock << "GET /#{CtrlSeq}#{CRLF}#{CRLF}"
|
|
|
|
sock.close_write
|
|
|
|
sock.read
|
|
|
|
}
|
|
|
|
assert_match(%r{\AHTTP/\d.\d 400 Bad Request}, res)
|
|
|
|
s = log.call.each_line.grep(/ERROR bad URI/)[0]
|
|
|
|
assert_match(DumpPat, s)
|
|
|
|
assert_not_match(CtrlPat, s)
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_bad_header
|
|
|
|
start_cgi_server{|server, addr, port, log|
|
|
|
|
res = TCPSocket.open(addr, port) {|sock|
|
|
|
|
sock << "GET / HTTP/1.0#{CRLF}#{CtrlSeq}#{CRLF}#{CRLF}"
|
|
|
|
sock.close_write
|
|
|
|
sock.read
|
|
|
|
}
|
|
|
|
assert_match(%r{\AHTTP/\d.\d 400 Bad Request}, res)
|
|
|
|
s = log.call.each_line.grep(/ERROR bad header/)[0]
|
|
|
|
assert_match(DumpPat, s)
|
|
|
|
assert_not_match(CtrlPat, s)
|
|
|
|
}
|
|
|
|
end
|
2005-01-10 01:29:58 -05:00
|
|
|
end
|