diff options
| author | Eric Wong <e@80x24.org> | 2013-11-11 03:31:33 +0000 |
|---|---|---|
| committer | Eric Wong <e@80x24.org> | 2013-11-12 07:08:34 +0000 |
| commit | 1d33205a7500f08c49e247af688877b0cc22cdfe (patch) | |
| tree | 86768902cbeaaf7a8f8bbeb97d94940df7283aa5 /test | |
| parent | 340d96e9d389b96c1d709e58b8ac08d8faee935b (diff) | |
| download | yahns-1d33205a7500f08c49e247af688877b0cc22cdfe.tar.gz | |
Some attackers may try /path/to/file/foo where /path/to/file is actually a valid path to a regular file. Of course, requests like this work on dynamic websites, but not static file mappings because Unix directories and files cannot be the same thing.
Diffstat (limited to 'test')
| -rw-r--r-- | test/test_extras_try_gzip_static.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/test_extras_try_gzip_static.rb b/test/test_extras_try_gzip_static.rb index 77eaf33..44fb867 100644 --- a/test/test_extras_try_gzip_static.rb +++ b/test/test_extras_try_gzip_static.rb @@ -172,6 +172,11 @@ class TestExtrasTryGzipStatic < Testcase end assert_nil body end + + Net::HTTP.start(host, port) do |http| + res = http.request(Net::HTTP::Get.new('/COPYING/foo')) + assert_equal 404, res.code.to_i + end ensure quit_wait(pid) end |