From 1d33205a7500f08c49e247af688877b0cc22cdfe Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Mon, 11 Nov 2013 03:31:33 +0000
Subject: extras/try_gzip_static: return 404 on ENOTDIR

Some attackers may try /path/to/file/foo where /path/to/file
is actually a valid path to a regular file.  Of course, requests
like this work on dynamic websites, but not static file mappings
because Unix directories and files cannot be the same thing.
---
 test/test_extras_try_gzip_static.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'test')

diff --git a/test/test_extras_try_gzip_static.rb b/test/test_extras_try_gzip_static.rb
index 77eaf33..44fb867 100644
--- a/test/test_extras_try_gzip_static.rb
+++ b/test/test_extras_try_gzip_static.rb
@@ -172,6 +172,11 @@ class TestExtrasTryGzipStatic < Testcase
       end
       assert_nil body
     end
+
+    Net::HTTP.start(host, port) do |http|
+      res = http.request(Net::HTTP::Get.new('/COPYING/foo'))
+      assert_equal 404, res.code.to_i
+    end
   ensure
     quit_wait(pid)
   end
-- 
cgit v1.2.3-24-ge0c7