@Test public void testListingWithSession() throws Exception { ServletHolder defholder = context.addServlet(DefaultServlet.class, "/*"); defholder.setInitParameter("dirAllowed", "true"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("gzip", "false"); testdir.ensureEmpty(); /* create some content in the docroot */ File resBase = testdir.getFile("docroot"); assertTrue(resBase.mkdirs()); assertTrue(new File(resBase, "one").mkdir()); assertTrue(new File(resBase, "two").mkdir()); assertTrue(new File(resBase, "three").mkdir()); String resBasePath = resBase.getAbsolutePath(); defholder.setInitParameter("resourceBase", resBasePath); StringBuffer req1 = new StringBuffer(); req1.append("GET /context/;JSESSIONID=1234567890 HTTP/1.0\n\n"); String response = connector.getResponses(req1.toString()); assertResponseContains("/one/;JSESSIONID=1234567890", response); assertResponseContains("/two/;JSESSIONID=1234567890", response); assertResponseContains("/three/;JSESSIONID=1234567890", response); assertResponseNotContains("<script>", response); }
@Before public void init() throws Exception { server = new Server(); connector = new LocalConnector(server); connector .getConnectionFactory(HttpConfiguration.ConnectionFactory.class) .getHttpConfiguration() .setSendServerVersion(false); context = new ServletContextHandler(); context.setContextPath("/context"); context.setWelcomeFiles(new String[] {"index.html", "index.jsp", "index.htm"}); server.setHandler(context); server.addConnector(connector); testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File data = new File(resBase, "data.txt"); createFile(data, DATA); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("acceptRanges", "true"); defholder.setInitParameter("resourceBase", resBasePath); server.start(); }
@Test public void testGzip() throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File file0 = new File(resBase, "data0.txt"); createFile(file0, "Hello Text 0"); File file0gz = new File(resBase, "data0.txt.gz"); createFile(file0gz, "fake gzip"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("dirAllowed", "false"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("welcomeServlets", "false"); defholder.setInitParameter("gzip", "true"); defholder.setInitParameter("resourceBase", resBasePath); String response = connector.getResponses("GET /context/data0.txt HTTP/1.0\r\nHost:localhost:8080\r\n\r\n"); assertResponseContains("Content-Length: 12", response); assertResponseContains("Hello Text 0", response); assertResponseContains("Vary: Accept-Encoding", response); assertResponseNotContains("Content-Encoding: gzip", response); response = connector.getResponses( "GET /context/data0.txt HTTP/1.0\r\nHost:localhost:8080\r\nAccept-Encoding:gzip\r\n\r\n"); assertResponseContains("Content-Length: 9", response); assertResponseContains("fake gzip", response); assertResponseContains("Vary: Accept-Encoding", response); assertResponseContains("Content-Encoding: gzip", response); }
@Test public void testResourceBase() throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File foobar = new File(resBase, "foobar.txt"); File link = new File(resBase, "link.txt"); createFile(foobar, "Foo Bar"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("resourceBase", resBasePath); defholder.setInitParameter("gzip", "false"); String response; response = connector.getResponses("GET /context/foobar.txt HTTP/1.0\r\n\r\n"); assertResponseContains("Foo Bar", response); if (!OS.IS_WINDOWS) { Files.createSymbolicLink(link.toPath(), foobar.toPath()); response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n"); assertResponseContains("404", response); context.addAliasCheck(new ContextHandler.ApproveAliases()); response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n"); assertResponseContains("Foo Bar", response); } }
@Test public void testListingProperUrlEncoding() throws Exception { ServletHolder defholder = context.addServlet(DefaultServlet.class, "/*"); defholder.setInitParameter("dirAllowed", "true"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("gzip", "false"); testdir.ensureEmpty(); /* create some content in the docroot */ File resBase = testdir.getFile("docroot"); assertTrue(resBase.mkdirs()); File wackyDir = new File(resBase, "dir;"); // this should not be double-encoded. assertTrue(wackyDir.mkdirs()); assertTrue(new File(wackyDir, "four").mkdir()); assertTrue(new File(wackyDir, "five").mkdir()); assertTrue(new File(wackyDir, "six").mkdir()); /* At this point we have the following * testListingProperUrlEncoding/ * `-- docroot * `-- dir; * |-- five * |-- four * `-- six */ String resBasePath = resBase.getAbsolutePath(); defholder.setInitParameter("resourceBase", resBasePath); // First send request in improper, unencoded way. String response = connector.getResponses("GET /context/dir;/ HTTP/1.0\r\n\r\n"); assertResponseContains("HTTP/1.1 404 Not Found", response); // Now send request in proper, encoded format. response = connector.getResponses("GET /context/dir%3B/ HTTP/1.0\r\n\r\n"); // Should not see double-encoded ";" // First encoding: ";" -> "%3b" // Second encoding: "%3B" -> "%253B" (BAD!) assertResponseNotContains("%253B", response); assertResponseContains("/dir%3B/", response); assertResponseContains("/dir%3B/four/", response); assertResponseContains("/dir%3B/five/", response); assertResponseContains("/dir%3B/six/", response); }
@Test public void testWelcomeExactServlet() throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File inde = new File(resBase, "index.htm"); File index = new File(resBase, "index.html"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("dirAllowed", "false"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("welcomeServlets", "exact"); defholder.setInitParameter("gzip", "false"); defholder.setInitParameter("resourceBase", resBasePath); ServletHolder jspholder = context.addServlet(NoJspServlet.class, "*.jsp"); context.addServlet(jspholder, "/index.jsp"); String response; response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("JSP support not configured", response); createFile(index, "<h1>Hello Index</h1>"); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Index</h1>", response); createFile(inde, "<h1>Hello Inde</h1>"); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Index</h1>", response); // In Windows it's impossible to delete files that are somehow in use // Avoid to fail the test if we're on Windows if (!OS.IS_WINDOWS) { deleteFile(index); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Inde</h1>", response); deleteFile(inde); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("JSP support not configured", response); } }
@Test public void testListingXSS() throws Exception { ServletHolder defholder = context.addServlet(DefaultServlet.class, "/*"); defholder.setInitParameter("dirAllowed", "true"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("gzip", "false"); testdir.ensureEmpty(); /* create some content in the docroot */ File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); assertTrue(new File(resBase, "one").mkdir()); assertTrue(new File(resBase, "two").mkdir()); assertTrue(new File(resBase, "three").mkdir()); if (!OS.IS_WINDOWS) { assertTrue( "Creating dir 'f??r' (Might not work in Windows)", new File(resBase, "f??r").mkdir()); } String resBasePath = resBase.getAbsolutePath(); defholder.setInitParameter("resourceBase", resBasePath); StringBuffer req1 = new StringBuffer(); /* * Intentionally bad request URI. Sending a non-encoded URI with typically encoded characters '<', '>', and * '"'. */ req1.append("GET /context/;<script>window.alert(\"hi\");</script> HTTP/1.0\n"); req1.append("\n"); String response = connector.getResponses(req1.toString()); assertResponseContains("/one/", response); assertResponseContains("/two/", response); assertResponseContains("/three/", response); if (!OS.IS_WINDOWS) { assertResponseContains("/f%3F%3Fr", response); } assertResponseNotContains("<script>", response); }
@Test public void testFiltered() throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File file0 = new File(resBase, "data0.txt"); createFile(file0, "Hello Text 0"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("dirAllowed", "false"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("welcomeServlets", "false"); defholder.setInitParameter("gzip", "false"); defholder.setInitParameter("resourceBase", resBasePath); String response = connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n"); assertResponseContains("Content-Length: 12", response); assertResponseNotContains("Extra Info", response); context.addFilter(OutputFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST)); response = connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n"); assertResponseContains("Content-Length: 2", response); // 20 something long assertResponseContains("Extra Info", response); assertResponseNotContains("Content-Length: 12", response); context.getServletHandler().setFilterMappings(new FilterMapping[] {}); context.getServletHandler().setFilters(new FilterHolder[] {}); context.addFilter(WriterFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST)); response = connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n"); assertResponseContains("Content-Length: 2", response); // 20 something long assertResponseContains("Extra Info", response); assertResponseNotContains("Content-Length: 12", response); }
@Test public void testWelcome() throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File inde = new File(resBase, "index.htm"); File index = new File(resBase, "index.html"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("dirAllowed", "false"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("welcomeServlets", "false"); defholder.setInitParameter("gzip", "false"); defholder.setInitParameter("resourceBase", resBasePath); defholder.setInitParameter("maxCacheSize", "1024000"); defholder.setInitParameter("maxCachedFileSize", "512000"); defholder.setInitParameter("maxCachedFiles", "100"); @SuppressWarnings("unused") ServletHolder jspholder = context.addServlet(NoJspServlet.class, "*.jsp"); String response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("403", response); createFile(index, "<h1>Hello Index</h1>"); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Index</h1>", response); createFile(inde, "<h1>Hello Inde</h1>"); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Index</h1>", response); assertTrue(index.delete()); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Inde</h1>", response); assertTrue(inde.delete()); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("403", response); }
public static void main(String[] args) { Server server = new Server(9001); ServletContextHandler contextHandler = new ServletContextHandler(ServletContextHandler.SESSIONS); contextHandler.setContextPath("/"); ServletHolder holder = new ServletHolder(new ServletContainer()); holder.setInitParameter("javax.ws.rs.Application", "backtobasic.rest.div.Services"); contextHandler.addServlet(holder, "/*"); server.setHandler(contextHandler); try { server.start(); server.join(); } catch (InterruptedException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } }
public void testIfETag(String content) throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File file = new File(resBase, "file.txt"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("resourceBase", resBasePath); defholder.setInitParameter("maxCacheSize", "4096"); defholder.setInitParameter("maxCachedFileSize", "25"); defholder.setInitParameter("maxCachedFiles", "100"); defholder.setInitParameter("etags", "true"); String response; createFile(file, content); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\n\r\n"); assertResponseContains("200", response); assertResponseContains("ETag", response); String etag = getHeaderValue("ETag", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: " + etag + "\r\n\r\n"); assertResponseContains("304", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: wibble," + etag + ",wobble\r\n\r\n"); assertResponseContains("304", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: wibble\r\n\r\n"); assertResponseContains("200", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: wibble, wobble\r\n\r\n"); assertResponseContains("200", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: " + etag + "\r\n\r\n"); assertResponseContains("200", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: wibble," + etag + ",wobble\r\n\r\n"); assertResponseContains("200", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: wibble\r\n\r\n"); assertResponseContains("412", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: wibble, wobble\r\n\r\n"); assertResponseContains("412", response); }
public void testIfModified(String content) throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File file = new File(resBase, "file.txt"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("resourceBase", resBasePath); defholder.setInitParameter("maxCacheSize", "4096"); defholder.setInitParameter("maxCachedFileSize", "25"); defholder.setInitParameter("maxCachedFiles", "100"); String response = connector.getResponses("GET /context/file.txt HTTP/1.0\r\n\r\n"); assertResponseContains("404", response); createFile(file, content); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\n\r\n"); assertResponseContains("200", response); assertResponseContains("Last-Modified", response); String last_modified = getHeaderValue("Last-Modified", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Modified-Since: " + last_modified + "\r\n\r\n"); assertResponseContains("304", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Modified-Since: " + HttpFields.formatDate(System.currentTimeMillis() - 10000) + "\r\n\r\n"); assertResponseContains("200", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Modified-Since: " + HttpFields.formatDate(System.currentTimeMillis() + 10000) + "\r\n\r\n"); assertResponseContains("304", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Unmodified-Since: " + HttpFields.formatDate(System.currentTimeMillis() + 10000) + "\r\n\r\n"); assertResponseContains("200", response); response = connector.getResponses( "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Unmodified-Since: " + HttpFields.formatDate(System.currentTimeMillis() - 10000) + "\r\n\r\n"); assertResponseContains("412", response); }
@Test public void testRangeRequests() throws Exception { testdir.ensureEmpty(); File resBase = testdir.getFile("docroot"); FS.ensureDirExists(resBase); File data = new File(resBase, "data.txt"); createFile( data, "01234567890123456789012345678901234567890123456789012345678901234567890123456789"); String resBasePath = resBase.getAbsolutePath(); ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("dirAllowed", "false"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("welcomeServlets", "false"); defholder.setInitParameter("gzip", "false"); defholder.setInitParameter("acceptRanges", "true"); defholder.setInitParameter("resourceBase", resBasePath); String response = connector.getResponses( "GET /context/data.txt HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n\r\n"); assertResponseContains("200 OK", response); assertResponseContains("Accept-Ranges: bytes", response); response = connector.getResponses( "GET /context/data.txt HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "Range: bytes=0-9\r\n" + "\r\n"); assertResponseContains("206 Partial", response); assertResponseContains("Content-Type: text/plain", response); assertResponseContains("Content-Length: 10", response); assertResponseContains("Content-Range: bytes 0-9/80", response); response = connector.getResponses( "GET /context/data.txt HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "Range: bytes=0-9,20-29,40-49\r\n" + "\r\n"); int start = response.indexOf("--jetty"); String body = response.substring(start); String boundary = body.substring(0, body.indexOf("\r\n")); assertResponseContains("206 Partial", response); assertResponseContains("Content-Type: multipart/byteranges; boundary=", response); assertResponseContains("Content-Range: bytes 0-9/80", response); assertResponseContains("Content-Range: bytes 20-29/80", response); assertResponseContains("Content-Length: " + body.length(), response); assertTrue(body.endsWith(boundary + "--\r\n")); response = connector.getResponses( "GET /context/data.txt HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "Range: bytes=0-9,20-29,40-49,70-79\r\n" + "\r\n"); start = response.indexOf("--jetty"); body = response.substring(start); boundary = body.substring(0, body.indexOf("\r\n")); assertResponseContains("206 Partial", response); assertResponseContains("Content-Type: multipart/byteranges; boundary=", response); assertResponseContains("Content-Range: bytes 0-9/80", response); assertResponseContains("Content-Range: bytes 20-29/80", response); assertResponseContains("Content-Range: bytes 70-79/80", response); assertResponseContains("Content-Length: " + body.length(), response); assertTrue(body.endsWith(boundary + "--\r\n")); response = connector.getResponses( "GET /context/data.txt HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "Range: bytes=0-9,20-29,40-49,60-60,70-79\r\n" + "\r\n"); start = response.indexOf("--jetty"); body = response.substring(start); boundary = body.substring(0, body.indexOf("\r\n")); assertResponseContains("206 Partial", response); assertResponseContains("Content-Type: multipart/byteranges; boundary=", response); assertResponseContains("Content-Range: bytes 0-9/80", response); assertResponseContains("Content-Range: bytes 20-29/80", response); assertResponseContains("Content-Range: bytes 60-60/80", response); assertResponseContains("Content-Range: bytes 70-79/80", response); assertResponseContains("Content-Length: " + body.length(), response); assertTrue(body.endsWith(boundary + "--\r\n")); // test a range request with a file with no suffix, therefore no mimetype File nofilesuffix = new File(resBase, "nofilesuffix"); createFile( nofilesuffix, "01234567890123456789012345678901234567890123456789012345678901234567890123456789"); response = connector.getResponses( "GET /context/nofilesuffix HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "\r\n"); assertResponseContains("200 OK", response); assertResponseContains("Accept-Ranges: bytes", response); response = connector.getResponses( "GET /context/nofilesuffix HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "Range: bytes=0-9\r\n" + "\r\n"); assertResponseContains("206 Partial", response); assertResponseContains("Content-Length: 10", response); assertTrue(!response.contains("Content-Type:")); assertResponseContains("Content-Range: bytes 0-9/80", response); response = connector.getResponses( "GET /context/nofilesuffix HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "Range: bytes=0-9,20-29,40-49\r\n" + "\r\n"); start = response.indexOf("--jetty"); body = response.substring(start); boundary = body.substring(0, body.indexOf("\r\n")); assertResponseContains("206 Partial", response); assertResponseContains("Content-Type: multipart/byteranges; boundary=", response); assertResponseContains("Content-Range: bytes 0-9/80", response); assertResponseContains("Content-Range: bytes 20-29/80", response); assertResponseContains("Content-Length: " + body.length(), response); assertTrue(body.endsWith(boundary + "--\r\n")); response = connector.getResponses( "GET /context/nofilesuffix HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "Range: bytes=0-9,20-29,40-49,60-60,70-79\r\n" + "\r\n"); start = response.indexOf("--jetty"); body = response.substring(start); boundary = body.substring(0, body.indexOf("\r\n")); assertResponseContains("206 Partial", response); assertResponseContains("Content-Type: multipart/byteranges; boundary=", response); assertResponseContains("Content-Range: bytes 0-9/80", response); assertResponseContains("Content-Range: bytes 20-29/80", response); assertResponseContains("Content-Range: bytes 60-60/80", response); assertResponseContains("Content-Range: bytes 70-79/80", response); assertResponseContains("Content-Length: " + body.length(), response); assertTrue(body.endsWith(boundary + "--\r\n")); }
@Test public void testListingContextBreakout() throws Exception { ServletHolder defholder = context.addServlet(DefaultServlet.class, "/"); defholder.setInitParameter("dirAllowed", "true"); defholder.setInitParameter("redirectWelcome", "false"); defholder.setInitParameter("gzip", "false"); defholder.setInitParameter("aliases", "true"); testdir.ensureEmpty(); /* create some content in the docroot */ File resBase = testdir.getFile("docroot"); assertTrue(resBase.mkdirs()); File index = new File(resBase, "index.html"); createFile(index, "<h1>Hello Index</h1>"); File wackyDir = new File(resBase, "dir?"); if (!OS.IS_WINDOWS) { FS.ensureDirExists(wackyDir); } wackyDir = new File(resBase, "dir;"); assertTrue(wackyDir.mkdirs()); /* create some content outside of the docroot */ File sekret = testdir.getFile("sekret"); assertTrue(sekret.mkdirs()); File pass = new File(sekret, "pass"); createFile(pass, "Sssh, you shouldn't be seeing this"); /* At this point we have the following * testListingContextBreakout/ * |-- docroot * | |-- index.html * | |-- dir? * | |-- dir; * `-- sekret * `-- pass */ String resBasePath = resBase.getAbsolutePath(); defholder.setInitParameter("resourceBase", resBasePath); String response; response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Index</h1>", response); response = connector.getResponses("GET /context/dir?/ HTTP/1.0\r\n\r\n"); assertResponseContains("404", response); if (!OS.IS_WINDOWS) { response = connector.getResponses("GET /context/dir%3F/ HTTP/1.0\r\n\r\n"); assertResponseContains("Directory: /context/dir?/<", response); } else assertResponseContains("404", response); response = connector.getResponses("GET /context/index.html HTTP/1.0\r\n\r\n"); assertResponseContains("Hello Index", response); response = connector.getResponses("GET /context/dir%3F/../index.html HTTP/1.0\r\n\r\n"); assertResponseContains("Hello Index", response); response = connector.getResponses("GET /context/dir%3F/../../ HTTP/1.0\r\n\r\n"); assertResponseNotContains("Directory: ", response); response = connector.getResponses("GET /context/dir%3F/../../sekret/pass HTTP/1.0\r\n\r\n"); assertResponseNotContains("Sssh", response); response = connector.getResponses("GET /context/dir?/../../ HTTP/1.0\r\n\r\n"); assertResponseNotContains("Directory: ", response); response = connector.getResponses("GET /context/dir?/../../sekret/pass HTTP/1.0\r\n\r\n"); assertResponseNotContains("Sssh", response); response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"); assertResponseContains("<h1>Hello Index</h1>", response); response = connector.getResponses("GET /context/dir;/ HTTP/1.0\r\n\r\n"); assertResponseContains("404", response); response = connector.getResponses("GET /context/dir%3B/ HTTP/1.0\r\n\r\n"); assertResponseContains("Directory: /context/dir;/<", response); response = connector.getResponses("GET /context/index.html HTTP/1.0\r\n\r\n"); assertResponseContains("Hello Index", response); response = connector.getResponses("GET /context/dir%3B/../index.html HTTP/1.0\r\n\r\n"); assertResponseContains("Hello Index", response); response = connector.getResponses("GET /context/dir%3B/../../ HTTP/1.0\r\n\r\n"); assertResponseNotContains("Directory: ", response); response = connector.getResponses("GET /context/dir%3B/../../sekret/pass HTTP/1.0\r\n\r\n"); assertResponseNotContains("Sssh", response); response = connector.getResponses("GET /context/dir;/../../ HTTP/1.0\r\n\r\n"); assertResponseNotContains("Directory: ", response); response = connector.getResponses("GET /context/dir;/../../sekret/pass HTTP/1.0\r\n\r\n"); assertResponseNotContains("Sssh", response); }