diff options
author | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-07-14 02:59:39 +0000 |
---|---|---|
committer | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-07-14 02:59:39 +0000 |
commit | b9f9986a5e531975c97bdb695a86d6673713aedd (patch) | |
tree | c2f2ab5f378a7264d62ba59206b2684b6eee0b85 /test | |
parent | eb53b0ff05bbb62e9db5f3421cf38b691a14d91a (diff) | |
download | ruby-b9f9986a5e531975c97bdb695a86d6673713aedd.tar.gz |
webrick/httpresponse: set_redirect requires a valid URI
Prevents response splitting and HTML injection attacks in
poorly-written applications which blindly pass along user input
in redirects.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
-rw-r--r-- | test/webrick/test_httpresponse.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb index 6263e0a710..75861caf8f 100644 --- a/test/webrick/test_httpresponse.rb +++ b/test/webrick/test_httpresponse.rb @@ -50,6 +50,27 @@ module WEBrick refute_match 'hack', io.string end + def test_set_redirect_response_splitting + url = "malicious\r\nCookie: hack" + assert_raises(URI::InvalidURIError) do + res.set_redirect(WEBrick::HTTPStatus::MultipleChoices, url) + end + end + + def test_set_redirect_html_injection + url = 'http://example.com////?a</a><head></head><body><img src=1></body>' + assert_raises(WEBrick::HTTPStatus::MultipleChoices) do + res.set_redirect(WEBrick::HTTPStatus::MultipleChoices, url) + end + res.status = 300 + io = StringIO.new + res.send_response(io) + io.rewind + res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) + assert_equal '300', res.code + refute_match /<img/, io.string + end + def test_304_does_not_log_warning res.status = 304 res.setup_header |