816 lines
21 KiB
Bash
Executable File
816 lines
21 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# attack the test server and try to make it fall over
|
|
#
|
|
# Requires the library to have been built with
|
|
#
|
|
# cmake .. -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_MINIMAL_EXAMPLES=1
|
|
#
|
|
# run it from the build dir
|
|
|
|
echo
|
|
echo "----------------------------------------------"
|
|
echo "------- tests: lws attack.sh"
|
|
echo
|
|
|
|
SERVER=127.0.0.1
|
|
PORT=7681
|
|
LOG=/tmp/lwslog
|
|
|
|
A=`which libwebsockets-test-server`
|
|
INSTALLED=`dirname $A`
|
|
|
|
SHAREDIR=$INSTALLED/../share/libwebsockets-test-server
|
|
CORPUS=$SHAREDIR/test.html
|
|
|
|
LWS_NC=./bin/lws-minimal-raw-netcat
|
|
|
|
CPID=
|
|
LEN=0
|
|
|
|
function check {
|
|
kill -0 $CPID
|
|
if [ $? -ne 0 ] ; then
|
|
echo "(killed it) *******"
|
|
exit 1
|
|
fi
|
|
#dd if=$LOG bs=1 skip=$LEN 2>/dev/null
|
|
|
|
if [ "$1" = "default" ] ; then
|
|
diff /tmp/lwscap $CORPUS > /dev/null
|
|
if [ $? -ne 0 ] ; then
|
|
echo "FAIL: got something other than $CORPUS back"
|
|
exit 1
|
|
fi
|
|
fi
|
|
if [ "$1" = "defaultplusforbidden" ] ; then
|
|
cat $CORPUS > /tmp/plusforb
|
|
echo -e -n "HTTP/1.0 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb
|
|
diff /tmp/lwscap /tmp/plusforb > /dev/null
|
|
if [ $? -ne 0 ] ; then
|
|
cat $CORPUS > /tmp/plusforb
|
|
|
|
echo -e -n "HTTP/1.1 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb
|
|
diff /tmp/lwscap /tmp/plusforb > /dev/null
|
|
if [ $? -ne 0 ] ; then
|
|
|
|
echo "FAIL: got something other than $CORPUS + forbidden back"
|
|
tail -n 10 /tmp/lwscap
|
|
tail -n 100 $LOG
|
|
exit 1
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ "$1" = "forbidden" ] ; then
|
|
if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then
|
|
echo "FAIL: should have told forbidden (test server has no dirs)"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ "$1" = "notfound" ] ; then
|
|
if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then
|
|
echo "FAIL: should have told not found"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
|
|
if [ "$1" = "rejected" ] ; then
|
|
if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then
|
|
echo "FAIL: should have told forbidden (test server has no dirs)"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
|
|
if [ "$1" = "media" ] ; then
|
|
if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then
|
|
echo "FAIL: should have told unknown media type"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ "$1" == "0" ] ; then
|
|
a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep "get\ \ =" | tr -s ' ' | cut -d' ' -f4-`"
|
|
if [ "$a" != "$2" ] ; then
|
|
echo "URL path '$a' not $2"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ "$1" == "1" ] ; then
|
|
a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f7-`"
|
|
if [ "$a" != "$2" ] ; then
|
|
echo "Arg 1 '$a' not $2"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ "$1" == "2" ] ; then
|
|
a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f7-`"
|
|
if [ "$a" != "$2" ] ; then
|
|
echo "Arg 2 '$a' not $2"
|
|
exit 1
|
|
fi
|
|
fi
|
|
if [ "$1" == "3" ] ; then
|
|
a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f7-`"
|
|
if [ "$a" != "$2" ] ; then
|
|
echo "Arg 3 '$a' not $2"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if [ -z "$1" ] ; then
|
|
LEN=`stat $LOG -c %s`
|
|
fi
|
|
}
|
|
|
|
|
|
rm -rf $LOG
|
|
killall libwebsockets-test-server 2>/dev/null
|
|
libwebsockets-test-server -d15 2>> $LOG >/dev/null &
|
|
CPID=$!
|
|
|
|
echo "Started server on PID $CPID"
|
|
|
|
while [ -z "`grep ort\ 7681 $LOG`" ] ; do
|
|
sleep 0.5s
|
|
done
|
|
check
|
|
|
|
echo
|
|
echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
cat /tmp/lwscap
|
|
check 1 "UPDATE_SETTINGS=1"
|
|
check 2 "Root_Channels_1_Channel_name_http_post=?"
|
|
check 3 "Root_Channels_1_Channel_location_http_post=?"
|
|
check
|
|
|
|
echo
|
|
echo "---- ? processing (/cgi-bin/settings.js?key1=value1)"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check 1 "key1=value1"
|
|
check
|
|
|
|
echo
|
|
echo "---- ? processing (/t%3dest?key1%3d2=value1)"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET /t%3dest?key1%3d2=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check 0 "/t=est"
|
|
check 1 "key1_2=value1"
|
|
check
|
|
|
|
echo
|
|
echo "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=1)"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check 1 "arg=1"
|
|
check
|
|
|
|
echo
|
|
echo "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=/../.)"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check 1 "arg=/../."
|
|
check
|
|
|
|
echo
|
|
echo "---- spam enough crap to not be GET"
|
|
echo "not GET" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
|
|
check
|
|
|
|
echo
|
|
echo "---- spam more than the name buffer of crap"
|
|
dd if=/dev/urandom bs=1 count=80 2>/dev/null | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
|
|
check
|
|
|
|
echo
|
|
echo "---- spam 10MB of crap"
|
|
dd if=/dev/urandom bs=1 count=655360 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
|
|
check
|
|
|
|
echo
|
|
echo "---- malformed URI"
|
|
echo "GET nonsense................................................................................................................" \
|
|
| $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
|
|
check
|
|
|
|
echo
|
|
echo "---- missing URI"
|
|
echo -n -e "GET HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap
|
|
check
|
|
|
|
echo
|
|
echo "---- repeated method"
|
|
echo -n -e "GET blah HTTP/1.0\x0d\x0aGET blah HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap
|
|
check
|
|
|
|
echo
|
|
echo "---- crazy header name part"
|
|
echo -n -e "GET blah HTTP/1.0\x0d\x0a................................................................................................................" \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
| $LWS_NC --server $SERVER --port $PORT 2>/dev/null
|
|
check
|
|
|
|
echo
|
|
echo "---- excessive uri content"
|
|
echo -n -e "GET ................................................................................................................" \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
"......................................................................................................................." \
|
|
| $LWS_NC --server $SERVER --port $PORT 2>/dev/null
|
|
check
|
|
|
|
echo
|
|
echo "---- good request but http payload coming too (test.html served then forbidden)"
|
|
echo -n -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \
|
|
| $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check defaultplusforbidden
|
|
check
|
|
|
|
echo
|
|
echo "---- nonexistent file"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET /nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
cat /tmp/lwscap
|
|
check notfound
|
|
check
|
|
|
|
echo
|
|
echo "---- relative uri path"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check forbidden
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)"
|
|
rm -f /tmp/lwscap
|
|
echo -n -e "GET /../../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check notfound
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 2 (/../ should be /)"
|
|
rm -f /tmp/lwscap
|
|
echo -e -n "GET /../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check default
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 3 (/./ should be /)"
|
|
rm -f /tmp/lwscap
|
|
echo -e -n "GET /./ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check default
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 4 (/blah/.. should be /)"
|
|
rm -f /tmp/lwscap
|
|
echo -e -n "GET /blah/.. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check default
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 5 (/blah/../ should be /)"
|
|
rm -f /tmp/lwscap
|
|
echo -e -n "GET /blah/../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check default
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 6 (/blah/../. should be /)"
|
|
rm -f /tmp/lwscap
|
|
echo -e -n "GET /blah/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check default
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)"
|
|
rm -f /tmp/lwscap
|
|
echo -e -n "GET /%2e%2e%2f../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check notfound
|
|
check
|
|
|
|
echo
|
|
echo "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)"
|
|
rm -f /tmp/lwscap
|
|
echo -e -n "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
|
|
check notfound
|
|
check
|
|
|
|
echo
|
|
echo "---- http/1.1 pipelining"
|
|
rm -f /tmp/lwscap
|
|
wget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap
|
|
good=`cat $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS | md5sum | cut -d' ' -f1`
|
|
if [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then
|
|
echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`"
|
|
exit 1
|
|
fi
|
|
|
|
echo
|
|
echo "---- mass testing uri variations"
|
|
|
|
rm -f /tmp/results
|
|
|
|
for i in \
|
|
/..../ \
|
|
/.../. \
|
|
/...// \
|
|
/.../a \
|
|
/.../w \
|
|
"/.../?" \
|
|
/.../% \
|
|
/../.. \
|
|
/.././ \
|
|
/../.a \
|
|
/../.w \
|
|
/../.. \
|
|
/../.% \
|
|
/..//. \
|
|
/../// \
|
|
/..//a \
|
|
/..//w \
|
|
"/..//?" \
|
|
/..//% \
|
|
/../a. \
|
|
/../a/ \
|
|
/../aa \
|
|
/../aw \
|
|
/../a? \
|
|
/../a% \
|
|
/../w. \
|
|
/../w/ \
|
|
/../wa \
|
|
/../ww \
|
|
/../w? \
|
|
/../w% \
|
|
/../?. \
|
|
/../?/ \
|
|
/../?a \
|
|
/../?w \
|
|
/../?? \
|
|
/../?% \
|
|
/../%. \
|
|
/../%/ \
|
|
/../%a \
|
|
/../%w \
|
|
/../%? \
|
|
/../%% \
|
|
/./... \
|
|
/./../ \
|
|
/./..a \
|
|
/./..w \
|
|
/./..? \
|
|
/./..% \
|
|
/.//.. \
|
|
/.a../ \
|
|
/.a/.. \
|
|
/.w../ \
|
|
/.w/.. \
|
|
/.?../ \
|
|
/../.. \
|
|
/.%../ \
|
|
/.%/.. \
|
|
//.... \
|
|
//.../ \
|
|
//...a \
|
|
//...w \
|
|
//...? \
|
|
//...% \
|
|
//../. \
|
|
//..// \
|
|
//../a \
|
|
//../w \
|
|
//../? \
|
|
//../% \
|
|
//..a. \
|
|
//..a/ \
|
|
//..aa \
|
|
//..aw \
|
|
//..a? \
|
|
//..a% \
|
|
//..w. \
|
|
//..w/ \
|
|
//..wa \
|
|
//..ww \
|
|
//..w? \
|
|
//..w% \
|
|
//..?. \
|
|
//..?/ \
|
|
//..?a \
|
|
//..?w \
|
|
//..?? \
|
|
//..?% \
|
|
//..%. \
|
|
//..%/ \
|
|
//..%a \
|
|
//..%w \
|
|
//..%? \
|
|
//..%% \
|
|
//./.. \
|
|
///... \
|
|
///../ \
|
|
///..a \
|
|
///..w \
|
|
///..? \
|
|
///..% \
|
|
////.. \
|
|
//a../ \
|
|
//a/.. \
|
|
//w../ \
|
|
//w/.. \
|
|
//?../ \
|
|
//?/.. \
|
|
//%../ \
|
|
//%/.. \
|
|
/a.../ \
|
|
/a../. \
|
|
/a..// \
|
|
/a../a \
|
|
/a../w \
|
|
/a../? \
|
|
/a../% \
|
|
/a./.. \
|
|
/a/... \
|
|
/a/../ \
|
|
/a/..a \
|
|
/a/..w \
|
|
/a/..? \
|
|
/a/..% \
|
|
/a//.. \
|
|
/aa../ \
|
|
/aa/.. \
|
|
/aw../ \
|
|
/aw/.. \
|
|
/a?../ \
|
|
/a?/.. \
|
|
/a%../ \
|
|
/a%/.. \
|
|
/w.../ \
|
|
/w../. \
|
|
/w..// \
|
|
/w../a \
|
|
/w../w \
|
|
/w../? \
|
|
/w../% \
|
|
/w./.. \
|
|
/w/... \
|
|
/w/../ \
|
|
/w/..a \
|
|
/w/..w \
|
|
/w/..? \
|
|
/w/..% \
|
|
/w//.. \
|
|
/wa../ \
|
|
/wa/.. \
|
|
/ww../ \
|
|
/ww/.. \
|
|
/w?../ \
|
|
/w?/.. \
|
|
/w%../ \
|
|
/w%/.. \
|
|
/?.../ \
|
|
/?../. \
|
|
/?..// \
|
|
/?../a \
|
|
/?../w \
|
|
/?../? \
|
|
/?../% \
|
|
/?./.. \
|
|
/?/... \
|
|
/?/../ \
|
|
/?/..a \
|
|
/?/..w \
|
|
/?/..? \
|
|
/?/..% \
|
|
/?//.. \
|
|
/?a../ \
|
|
/?a/.. \
|
|
/?w../ \
|
|
/?w/.. \
|
|
/??../ \
|
|
/??/.. \
|
|
/?%../ \
|
|
/?%/.. \
|
|
/%.../ \
|
|
/%../. \
|
|
/%..// \
|
|
/%../a \
|
|
/%../w \
|
|
/%../? \
|
|
/%../% \
|
|
/%./.. \
|
|
/%/... \
|
|
/%/../ \
|
|
/%/..a \
|
|
/%/..w \
|
|
/%/..? \
|
|
/%/..% \
|
|
/%//.. \
|
|
/%a../ \
|
|
/%a/.. \
|
|
/%w../ \
|
|
/%w/.. \
|
|
/%?../ \
|
|
/%?/.. \
|
|
/%%../ \
|
|
/%%/.. \
|
|
/a/w/../a \
|
|
/path/to/dir/../other/dir \
|
|
; do
|
|
LEN=`stat $LOG -c %s`
|
|
rm -f /tmp/lwscap1
|
|
echo -n -e "GET $i HTTP/1.0\r\n\r\n" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap1
|
|
R=`cat /tmp/lwscap1| head -n 1 | cut -d' ' -f 2`
|
|
#cat $LOG
|
|
#echo ==== $R
|
|
|
|
|
|
if [ "$R" != "403" ]; then
|
|
U=`dd if=$LOG bs=1 skip=$LEN 2>/dev/null| grep "Method:" | tr -s ' ' | cut -d"'" -f4`
|
|
#dd if=$LOG bs=1 skip=$LEN 2>/dev/null
|
|
echo "- \"$i\" -> $R \"$U\"" >>/tmp/results
|
|
else
|
|
echo "- \"$i\" -> $R" >>/tmp/results
|
|
fi
|
|
done
|
|
|
|
cat <<EOF >/tmp/lwsresult1
|
|
- "/..../" -> 404 "/..../"
|
|
- "/.../." -> 404 "/.../"
|
|
- "/...//" -> 404 "/.../"
|
|
- "/.../a" -> 404 "/.../a"
|
|
- "/.../w" -> 404 "/.../w"
|
|
- "/.../?" -> 404 "/.../"
|
|
- "/.../%" -> 403
|
|
- "/../.." -> 200 "/"
|
|
- "/.././" -> 200 "/"
|
|
- "/../.a" -> 404 "/.a"
|
|
- "/../.w" -> 404 "/.w"
|
|
- "/../.." -> 200 "/"
|
|
- "/../.%" -> 403
|
|
- "/..//." -> 200 "/"
|
|
- "/..///" -> 200 "/"
|
|
- "/..//a" -> 404 "/a"
|
|
- "/..//w" -> 404 "/w"
|
|
- "/..//?" -> 200 "/"
|
|
- "/..//%" -> 403
|
|
- "/../a." -> 404 "/a."
|
|
- "/../a/" -> 404 "/a/"
|
|
- "/../aa" -> 404 "/aa"
|
|
- "/../aw" -> 404 "/aw"
|
|
- "/../a?" -> 404 "/a"
|
|
- "/../a%" -> 403
|
|
- "/../w." -> 404 "/w."
|
|
- "/../w/" -> 404 "/w/"
|
|
- "/../wa" -> 404 "/wa"
|
|
- "/../ww" -> 404 "/ww"
|
|
- "/../w?" -> 404 "/w"
|
|
- "/../w%" -> 403
|
|
- "/../?." -> 200 "/"
|
|
- "/../?/" -> 200 "/"
|
|
- "/../?a" -> 200 "/"
|
|
- "/../?w" -> 200 "/"
|
|
- "/../??" -> 200 "/"
|
|
- "/../?%" -> 403
|
|
- "/../%." -> 403
|
|
- "/../%/" -> 403
|
|
- "/../%a" -> 403
|
|
- "/../%w" -> 403
|
|
- "/../%?" -> 403
|
|
- "/../%%" -> 403
|
|
- "/./..." -> 404 "/..."
|
|
- "/./../" -> 200 "/"
|
|
- "/./..a" -> 404 "/..a"
|
|
- "/./..w" -> 404 "/..w"
|
|
- "/./..?" -> 200 "/"
|
|
- "/./..%" -> 403
|
|
- "/.//.." -> 200 "/"
|
|
- "/.a../" -> 404 "/.a../"
|
|
- "/.a/.." -> 200 "/"
|
|
- "/.w../" -> 404 "/.w../"
|
|
- "/.w/.." -> 200 "/"
|
|
- "/.?../" -> 404 "/."
|
|
- "/../.." -> 200 "/"
|
|
- "/.%../" -> 403
|
|
- "/.%/.." -> 403
|
|
- "//...." -> 404 "/...."
|
|
- "//.../" -> 404 "/.../"
|
|
- "//...a" -> 404 "/...a"
|
|
- "//...w" -> 404 "/...w"
|
|
- "//...?" -> 404 "/..."
|
|
- "//...%" -> 403
|
|
- "//../." -> 200 "/"
|
|
- "//..//" -> 200 "/"
|
|
- "//../a" -> 404 "/a"
|
|
- "//../w" -> 404 "/w"
|
|
- "//../?" -> 200 "/"
|
|
- "//../%" -> 403
|
|
- "//..a." -> 404 "/..a."
|
|
- "//..a/" -> 404 "/..a/"
|
|
- "//..aa" -> 404 "/..aa"
|
|
- "//..aw" -> 404 "/..aw"
|
|
- "//..a?" -> 404 "/..a"
|
|
- "//..a%" -> 403
|
|
- "//..w." -> 404 "/..w."
|
|
- "//..w/" -> 404 "/..w/"
|
|
- "//..wa" -> 404 "/..wa"
|
|
- "//..ww" -> 404 "/..ww"
|
|
- "//..w?" -> 404 "/..w"
|
|
- "//..w%" -> 403
|
|
- "//..?." -> 200 "/"
|
|
- "//..?/" -> 200 "/"
|
|
- "//..?a" -> 404 "/a"
|
|
- "//..?w" -> 404 "/w"
|
|
- "//..??" -> 200 "/"
|
|
- "//..?%" -> 403
|
|
- "//..%." -> 403
|
|
- "//..%/" -> 403
|
|
- "//..%a" -> 403
|
|
- "//..%w" -> 403
|
|
- "//..%?" -> 403
|
|
- "//..%%" -> 403
|
|
- "//./.." -> 200 "/"
|
|
- "///..." -> 404 "/..."
|
|
- "///../" -> 200 "/"
|
|
- "///..a" -> 404 "/..a"
|
|
- "///..w" -> 404 "/..w"
|
|
- "///..?" -> 200 "/"
|
|
- "///..%" -> 403
|
|
- "////.." -> 200 "/"
|
|
- "//a../" -> 404 "/a../"
|
|
- "//a/.." -> 200 "/"
|
|
- "//w../" -> 404 "/w../"
|
|
- "//w/.." -> 200 "/"
|
|
- "//?../" -> 200 "/"
|
|
- "//?/.." -> 200 "/"
|
|
- "//%../" -> 403
|
|
- "//%/.." -> 403
|
|
- "/a.../" -> 404 "/a.../"
|
|
- "/a../." -> 404 "/a../"
|
|
- "/a..//" -> 404 "/a../"
|
|
- "/a../a" -> 404 "/a../a"
|
|
- "/a../w" -> 404 "/a../w"
|
|
- "/a../?" -> 404 "/a../"
|
|
- "/a../%" -> 403
|
|
- "/a./.." -> 200 "/"
|
|
- "/a/..." -> 404 "/a/..."
|
|
- "/a/../" -> 200 "/"
|
|
- "/a/..a" -> 404 "/a/..a"
|
|
- "/a/..w" -> 404 "/a/..w"
|
|
- "/a/..?" -> 200 "/"
|
|
- "/a/..%" -> 403
|
|
- "/a//.." -> 200 "/"
|
|
- "/aa../" -> 404 "/aa../"
|
|
- "/aa/.." -> 200 "/"
|
|
- "/aw../" -> 404 "/aw../"
|
|
- "/aw/.." -> 200 "/"
|
|
- "/a?../" -> 404 "/a"
|
|
- "/a?/.." -> 404 "/a"
|
|
- "/a%../" -> 403
|
|
- "/a%/.." -> 403
|
|
- "/w.../" -> 404 "/w.../"
|
|
- "/w../." -> 404 "/w../"
|
|
- "/w..//" -> 404 "/w../"
|
|
- "/w../a" -> 404 "/w../a"
|
|
- "/w../w" -> 404 "/w../w"
|
|
- "/w../?" -> 404 "/w../"
|
|
- "/w../%" -> 403
|
|
- "/w./.." -> 200 "/"
|
|
- "/w/..." -> 404 "/w/..."
|
|
- "/w/../" -> 200 "/"
|
|
- "/w/..a" -> 404 "/w/..a"
|
|
- "/w/..w" -> 404 "/w/..w"
|
|
- "/w/..?" -> 200 "/"
|
|
- "/w/..%" -> 403
|
|
- "/w//.." -> 200 "/"
|
|
- "/wa../" -> 404 "/wa../"
|
|
- "/wa/.." -> 200 "/"
|
|
- "/ww../" -> 404 "/ww../"
|
|
- "/ww/.." -> 200 "/"
|
|
- "/w?../" -> 404 "/w"
|
|
- "/w?/.." -> 404 "/w"
|
|
- "/w%../" -> 403
|
|
- "/w%/.." -> 403
|
|
- "/?.../" -> 200 "/"
|
|
- "/?../." -> 200 "/"
|
|
- "/?..//" -> 200 "/"
|
|
- "/?../a" -> 200 "/"
|
|
- "/?../w" -> 200 "/"
|
|
- "/?../?" -> 200 "/"
|
|
- "/?../%" -> 403
|
|
- "/?./.." -> 200 "/"
|
|
- "/?/..." -> 200 "/"
|
|
- "/?/../" -> 200 "/"
|
|
- "/?/..a" -> 200 "/"
|
|
- "/?/..w" -> 200 "/"
|
|
- "/?/..?" -> 200 "/"
|
|
- "/?/..%" -> 403
|
|
- "/?//.." -> 200 "/"
|
|
- "/?a../" -> 200 "/"
|
|
- "/?a/.." -> 200 "/"
|
|
- "/?w../" -> 200 "/"
|
|
- "/?w/.." -> 200 "/"
|
|
- "/??../" -> 200 "/"
|
|
- "/??/.." -> 200 "/"
|
|
- "/?%../" -> 403
|
|
- "/?%/.." -> 403
|
|
- "/%.../" -> 403
|
|
- "/%../." -> 403
|
|
- "/%..//" -> 403
|
|
- "/%../a" -> 403
|
|
- "/%../w" -> 403
|
|
- "/%../?" -> 403
|
|
- "/%../%" -> 403
|
|
- "/%./.." -> 403
|
|
- "/%/..." -> 403
|
|
- "/%/../" -> 403
|
|
- "/%/..a" -> 403
|
|
- "/%/..w" -> 403
|
|
- "/%/..?" -> 403
|
|
- "/%/..%" -> 403
|
|
- "/%//.." -> 403
|
|
- "/%a../" -> 403
|
|
- "/%a/.." -> 403
|
|
- "/%w../" -> 403
|
|
- "/%w/.." -> 403
|
|
- "/%?../" -> 403
|
|
- "/%?/.." -> 403
|
|
- "/%%../" -> 403
|
|
- "/%%/.." -> 403
|
|
- "/a/w/../a" -> 404 "/a/a"
|
|
- "/path/to/dir/../other/dir" -> 404 "/path/to/other/dir"
|
|
EOF
|
|
|
|
if [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then
|
|
echo "Differences..."
|
|
diff -urN /tmp/lwsresult1 /tmp/results
|
|
cat /tmp/lwscap1
|
|
ls -l /tmp/results
|
|
cat /tmp/results
|
|
# this is currently broken on travis
|
|
# exit 1
|
|
else
|
|
echo "OK"
|
|
fi
|
|
|
|
|
|
echo
|
|
echo "--- survived OK ---"
|
|
kill -2 $CPID
|
|
|
|
exit 0
|
|
|
|
# coverage...
|
|
# run the test client against mirror for one period and exit
|
|
killall libwebsockets-test-server 2>/dev/null
|
|
libwebsockets-test-server -s 2>> $LOG &
|
|
CPID=$!
|
|
sleep 1s
|
|
libwebsockets-test-client 127.0.0.1 -s -O
|
|
|
|
# https://github.com/curl/curl/issues/1587
|
|
curl -v -F text=hello -F send=SEND -F upload=@../README.md https://127.0.0.1:7681/formtest -k
|
|
|
|
kill -2 $CPID
|
|
|
|
exit 0
|
|
|
|
|