Пример #1
0
  @Test
  public void testListingWithSession() throws Exception {
    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/*");
    defholder.setInitParameter("dirAllowed", "true");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("gzip", "false");

    testdir.ensureEmpty();

    /* create some content in the docroot */
    File resBase = testdir.getFile("docroot");
    assertTrue(resBase.mkdirs());
    assertTrue(new File(resBase, "one").mkdir());
    assertTrue(new File(resBase, "two").mkdir());
    assertTrue(new File(resBase, "three").mkdir());

    String resBasePath = resBase.getAbsolutePath();
    defholder.setInitParameter("resourceBase", resBasePath);

    StringBuffer req1 = new StringBuffer();
    req1.append("GET /context/;JSESSIONID=1234567890 HTTP/1.0\n\n");

    String response = connector.getResponses(req1.toString());

    assertResponseContains("/one/;JSESSIONID=1234567890", response);
    assertResponseContains("/two/;JSESSIONID=1234567890", response);
    assertResponseContains("/three/;JSESSIONID=1234567890", response);

    assertResponseNotContains("<script>", response);
  }
  @Before
  public void init() throws Exception {
    server = new Server();

    connector = new LocalConnector(server);
    connector
        .getConnectionFactory(HttpConfiguration.ConnectionFactory.class)
        .getHttpConfiguration()
        .setSendServerVersion(false);

    context = new ServletContextHandler();
    context.setContextPath("/context");
    context.setWelcomeFiles(new String[] {"index.html", "index.jsp", "index.htm"});

    server.setHandler(context);
    server.addConnector(connector);

    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File data = new File(resBase, "data.txt");
    createFile(data, DATA);
    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("acceptRanges", "true");
    defholder.setInitParameter("resourceBase", resBasePath);

    server.start();
  }
Пример #3
0
  @Test
  public void testGzip() throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File file0 = new File(resBase, "data0.txt");
    createFile(file0, "Hello Text 0");
    File file0gz = new File(resBase, "data0.txt.gz");
    createFile(file0gz, "fake gzip");

    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("dirAllowed", "false");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("welcomeServlets", "false");
    defholder.setInitParameter("gzip", "true");
    defholder.setInitParameter("resourceBase", resBasePath);

    String response =
        connector.getResponses("GET /context/data0.txt HTTP/1.0\r\nHost:localhost:8080\r\n\r\n");
    assertResponseContains("Content-Length: 12", response);
    assertResponseContains("Hello Text 0", response);
    assertResponseContains("Vary: Accept-Encoding", response);
    assertResponseNotContains("Content-Encoding: gzip", response);

    response =
        connector.getResponses(
            "GET /context/data0.txt HTTP/1.0\r\nHost:localhost:8080\r\nAccept-Encoding:gzip\r\n\r\n");
    assertResponseContains("Content-Length: 9", response);
    assertResponseContains("fake gzip", response);
    assertResponseContains("Vary: Accept-Encoding", response);
    assertResponseContains("Content-Encoding: gzip", response);
  }
Пример #4
0
  @Test
  public void testResourceBase() throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File foobar = new File(resBase, "foobar.txt");
    File link = new File(resBase, "link.txt");
    createFile(foobar, "Foo Bar");

    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("resourceBase", resBasePath);
    defholder.setInitParameter("gzip", "false");

    String response;

    response = connector.getResponses("GET /context/foobar.txt HTTP/1.0\r\n\r\n");
    assertResponseContains("Foo Bar", response);

    if (!OS.IS_WINDOWS) {
      Files.createSymbolicLink(link.toPath(), foobar.toPath());
      response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
      assertResponseContains("404", response);

      context.addAliasCheck(new ContextHandler.ApproveAliases());

      response = connector.getResponses("GET /context/link.txt HTTP/1.0\r\n\r\n");
      assertResponseContains("Foo Bar", response);
    }
  }
Пример #5
0
  @Test
  public void testListingProperUrlEncoding() throws Exception {
    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/*");
    defholder.setInitParameter("dirAllowed", "true");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("gzip", "false");

    testdir.ensureEmpty();

    /* create some content in the docroot */
    File resBase = testdir.getFile("docroot");
    assertTrue(resBase.mkdirs());
    File wackyDir = new File(resBase, "dir;"); // this should not be double-encoded.
    assertTrue(wackyDir.mkdirs());

    assertTrue(new File(wackyDir, "four").mkdir());
    assertTrue(new File(wackyDir, "five").mkdir());
    assertTrue(new File(wackyDir, "six").mkdir());

    /* At this point we have the following
     * testListingProperUrlEncoding/
     * `-- docroot
     *     `-- dir;
     *         |-- five
     *         |-- four
     *         `-- six
     */

    String resBasePath = resBase.getAbsolutePath();
    defholder.setInitParameter("resourceBase", resBasePath);

    // First send request in improper, unencoded way.
    String response = connector.getResponses("GET /context/dir;/ HTTP/1.0\r\n\r\n");

    assertResponseContains("HTTP/1.1 404 Not Found", response);

    // Now send request in proper, encoded format.
    response = connector.getResponses("GET /context/dir%3B/ HTTP/1.0\r\n\r\n");

    // Should not see double-encoded ";"
    // First encoding: ";" -> "%3b"
    // Second encoding: "%3B" -> "%253B" (BAD!)
    assertResponseNotContains("%253B", response);

    assertResponseContains("/dir%3B/", response);
    assertResponseContains("/dir%3B/four/", response);
    assertResponseContains("/dir%3B/five/", response);
    assertResponseContains("/dir%3B/six/", response);
  }
Пример #6
0
  @Test
  public void testWelcomeExactServlet() throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File inde = new File(resBase, "index.htm");
    File index = new File(resBase, "index.html");

    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("dirAllowed", "false");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("welcomeServlets", "exact");
    defholder.setInitParameter("gzip", "false");
    defholder.setInitParameter("resourceBase", resBasePath);

    ServletHolder jspholder = context.addServlet(NoJspServlet.class, "*.jsp");
    context.addServlet(jspholder, "/index.jsp");

    String response;

    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("JSP support not configured", response);

    createFile(index, "<h1>Hello Index</h1>");
    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("<h1>Hello Index</h1>", response);

    createFile(inde, "<h1>Hello Inde</h1>");
    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("<h1>Hello Index</h1>", response);

    // In Windows it's impossible to delete files that are somehow in use
    // Avoid to fail the test if we're on Windows
    if (!OS.IS_WINDOWS) {
      deleteFile(index);
      response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
      assertResponseContains("<h1>Hello Inde</h1>", response);

      deleteFile(inde);
      response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
      assertResponseContains("JSP support not configured", response);
    }
  }
Пример #7
0
  @Test
  public void testListingXSS() throws Exception {
    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/*");
    defholder.setInitParameter("dirAllowed", "true");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("gzip", "false");

    testdir.ensureEmpty();

    /* create some content in the docroot */
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    assertTrue(new File(resBase, "one").mkdir());
    assertTrue(new File(resBase, "two").mkdir());
    assertTrue(new File(resBase, "three").mkdir());
    if (!OS.IS_WINDOWS) {
      assertTrue(
          "Creating dir 'f??r' (Might not work in Windows)", new File(resBase, "f??r").mkdir());
    }

    String resBasePath = resBase.getAbsolutePath();
    defholder.setInitParameter("resourceBase", resBasePath);

    StringBuffer req1 = new StringBuffer();
    /*
     * Intentionally bad request URI. Sending a non-encoded URI with typically encoded characters '<', '>', and
     * '"'.
     */
    req1.append("GET /context/;<script>window.alert(\"hi\");</script> HTTP/1.0\n");
    req1.append("\n");

    String response = connector.getResponses(req1.toString());

    assertResponseContains("/one/", response);
    assertResponseContains("/two/", response);
    assertResponseContains("/three/", response);
    if (!OS.IS_WINDOWS) {
      assertResponseContains("/f%3F%3Fr", response);
    }

    assertResponseNotContains("<script>", response);
  }
Пример #8
0
  @Test
  public void testFiltered() throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File file0 = new File(resBase, "data0.txt");
    createFile(file0, "Hello Text 0");

    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("dirAllowed", "false");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("welcomeServlets", "false");
    defholder.setInitParameter("gzip", "false");
    defholder.setInitParameter("resourceBase", resBasePath);

    String response = connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n");
    assertResponseContains("Content-Length: 12", response);
    assertResponseNotContains("Extra Info", response);

    context.addFilter(OutputFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));
    response = connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n");
    assertResponseContains("Content-Length: 2", response); // 20 something long
    assertResponseContains("Extra Info", response);
    assertResponseNotContains("Content-Length: 12", response);

    context.getServletHandler().setFilterMappings(new FilterMapping[] {});
    context.getServletHandler().setFilters(new FilterHolder[] {});

    context.addFilter(WriterFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));
    response = connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n");
    assertResponseContains("Content-Length: 2", response); // 20 something long
    assertResponseContains("Extra Info", response);
    assertResponseNotContains("Content-Length: 12", response);
  }
Пример #9
0
  @Test
  public void testWelcome() throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File inde = new File(resBase, "index.htm");
    File index = new File(resBase, "index.html");

    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("dirAllowed", "false");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("welcomeServlets", "false");
    defholder.setInitParameter("gzip", "false");
    defholder.setInitParameter("resourceBase", resBasePath);
    defholder.setInitParameter("maxCacheSize", "1024000");
    defholder.setInitParameter("maxCachedFileSize", "512000");
    defholder.setInitParameter("maxCachedFiles", "100");

    @SuppressWarnings("unused")
    ServletHolder jspholder = context.addServlet(NoJspServlet.class, "*.jsp");

    String response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("403", response);

    createFile(index, "<h1>Hello Index</h1>");
    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("<h1>Hello Index</h1>", response);

    createFile(inde, "<h1>Hello Inde</h1>");
    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("<h1>Hello Index</h1>", response);

    assertTrue(index.delete());
    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("<h1>Hello Inde</h1>", response);

    assertTrue(inde.delete());
    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("403", response);
  }
  public static void main(String[] args) {
    Server server = new Server(9001);
    ServletContextHandler contextHandler =
        new ServletContextHandler(ServletContextHandler.SESSIONS);

    contextHandler.setContextPath("/");

    ServletHolder holder = new ServletHolder(new ServletContainer());

    holder.setInitParameter("javax.ws.rs.Application", "backtobasic.rest.div.Services");
    contextHandler.addServlet(holder, "/*");
    server.setHandler(contextHandler);

    try {
      server.start();
      server.join();
    } catch (InterruptedException e) {
      e.printStackTrace();
    } catch (Exception e) {
      e.printStackTrace();
    }
  }
Пример #11
0
  public void testIfETag(String content) throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File file = new File(resBase, "file.txt");

    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("resourceBase", resBasePath);
    defholder.setInitParameter("maxCacheSize", "4096");
    defholder.setInitParameter("maxCachedFileSize", "25");
    defholder.setInitParameter("maxCachedFiles", "100");
    defholder.setInitParameter("etags", "true");

    String response;

    createFile(file, content);
    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\n\r\n");

    assertResponseContains("200", response);
    assertResponseContains("ETag", response);
    String etag = getHeaderValue("ETag", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: "
                + etag
                + "\r\n\r\n");
    assertResponseContains("304", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: wibble,"
                + etag
                + ",wobble\r\n\r\n");
    assertResponseContains("304", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: wibble\r\n\r\n");
    assertResponseContains("200", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-None-Match: wibble, wobble\r\n\r\n");
    assertResponseContains("200", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: "
                + etag
                + "\r\n\r\n");
    assertResponseContains("200", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: wibble,"
                + etag
                + ",wobble\r\n\r\n");
    assertResponseContains("200", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: wibble\r\n\r\n");
    assertResponseContains("412", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Match: wibble, wobble\r\n\r\n");
    assertResponseContains("412", response);
  }
Пример #12
0
  public void testIfModified(String content) throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File file = new File(resBase, "file.txt");

    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("resourceBase", resBasePath);
    defholder.setInitParameter("maxCacheSize", "4096");
    defholder.setInitParameter("maxCachedFileSize", "25");
    defholder.setInitParameter("maxCachedFiles", "100");

    String response = connector.getResponses("GET /context/file.txt HTTP/1.0\r\n\r\n");
    assertResponseContains("404", response);

    createFile(file, content);
    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\n\r\n");

    assertResponseContains("200", response);
    assertResponseContains("Last-Modified", response);
    String last_modified = getHeaderValue("Last-Modified", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Modified-Since: "
                + last_modified
                + "\r\n\r\n");
    assertResponseContains("304", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Modified-Since: "
                + HttpFields.formatDate(System.currentTimeMillis() - 10000)
                + "\r\n\r\n");
    assertResponseContains("200", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Modified-Since: "
                + HttpFields.formatDate(System.currentTimeMillis() + 10000)
                + "\r\n\r\n");
    assertResponseContains("304", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Unmodified-Since: "
                + HttpFields.formatDate(System.currentTimeMillis() + 10000)
                + "\r\n\r\n");
    assertResponseContains("200", response);

    response =
        connector.getResponses(
            "GET /context/file.txt HTTP/1.1\r\nHost:test\r\nConnection:close\r\nIf-Unmodified-Since: "
                + HttpFields.formatDate(System.currentTimeMillis() - 10000)
                + "\r\n\r\n");
    assertResponseContains("412", response);
  }
Пример #13
0
  @Test
  public void testRangeRequests() throws Exception {
    testdir.ensureEmpty();
    File resBase = testdir.getFile("docroot");
    FS.ensureDirExists(resBase);
    File data = new File(resBase, "data.txt");
    createFile(
        data, "01234567890123456789012345678901234567890123456789012345678901234567890123456789");
    String resBasePath = resBase.getAbsolutePath();

    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("dirAllowed", "false");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("welcomeServlets", "false");
    defholder.setInitParameter("gzip", "false");
    defholder.setInitParameter("acceptRanges", "true");
    defholder.setInitParameter("resourceBase", resBasePath);

    String response =
        connector.getResponses(
            "GET /context/data.txt HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n\r\n");
    assertResponseContains("200 OK", response);
    assertResponseContains("Accept-Ranges: bytes", response);

    response =
        connector.getResponses(
            "GET /context/data.txt HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "Range: bytes=0-9\r\n"
                + "\r\n");
    assertResponseContains("206 Partial", response);
    assertResponseContains("Content-Type: text/plain", response);
    assertResponseContains("Content-Length: 10", response);
    assertResponseContains("Content-Range: bytes 0-9/80", response);

    response =
        connector.getResponses(
            "GET /context/data.txt HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "Range: bytes=0-9,20-29,40-49\r\n"
                + "\r\n");
    int start = response.indexOf("--jetty");
    String body = response.substring(start);
    String boundary = body.substring(0, body.indexOf("\r\n"));
    assertResponseContains("206 Partial", response);
    assertResponseContains("Content-Type: multipart/byteranges; boundary=", response);
    assertResponseContains("Content-Range: bytes 0-9/80", response);
    assertResponseContains("Content-Range: bytes 20-29/80", response);
    assertResponseContains("Content-Length: " + body.length(), response);
    assertTrue(body.endsWith(boundary + "--\r\n"));

    response =
        connector.getResponses(
            "GET /context/data.txt HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "Range: bytes=0-9,20-29,40-49,70-79\r\n"
                + "\r\n");
    start = response.indexOf("--jetty");
    body = response.substring(start);
    boundary = body.substring(0, body.indexOf("\r\n"));
    assertResponseContains("206 Partial", response);
    assertResponseContains("Content-Type: multipart/byteranges; boundary=", response);
    assertResponseContains("Content-Range: bytes 0-9/80", response);
    assertResponseContains("Content-Range: bytes 20-29/80", response);
    assertResponseContains("Content-Range: bytes 70-79/80", response);
    assertResponseContains("Content-Length: " + body.length(), response);
    assertTrue(body.endsWith(boundary + "--\r\n"));

    response =
        connector.getResponses(
            "GET /context/data.txt HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "Range: bytes=0-9,20-29,40-49,60-60,70-79\r\n"
                + "\r\n");
    start = response.indexOf("--jetty");
    body = response.substring(start);
    boundary = body.substring(0, body.indexOf("\r\n"));
    assertResponseContains("206 Partial", response);
    assertResponseContains("Content-Type: multipart/byteranges; boundary=", response);
    assertResponseContains("Content-Range: bytes 0-9/80", response);
    assertResponseContains("Content-Range: bytes 20-29/80", response);
    assertResponseContains("Content-Range: bytes 60-60/80", response);
    assertResponseContains("Content-Range: bytes 70-79/80", response);
    assertResponseContains("Content-Length: " + body.length(), response);
    assertTrue(body.endsWith(boundary + "--\r\n"));

    // test a range request with a file with no suffix, therefore no mimetype

    File nofilesuffix = new File(resBase, "nofilesuffix");
    createFile(
        nofilesuffix,
        "01234567890123456789012345678901234567890123456789012345678901234567890123456789");

    response =
        connector.getResponses(
            "GET /context/nofilesuffix HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "\r\n");
    assertResponseContains("200 OK", response);
    assertResponseContains("Accept-Ranges: bytes", response);

    response =
        connector.getResponses(
            "GET /context/nofilesuffix HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "Range: bytes=0-9\r\n"
                + "\r\n");
    assertResponseContains("206 Partial", response);
    assertResponseContains("Content-Length: 10", response);
    assertTrue(!response.contains("Content-Type:"));
    assertResponseContains("Content-Range: bytes 0-9/80", response);

    response =
        connector.getResponses(
            "GET /context/nofilesuffix HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "Range: bytes=0-9,20-29,40-49\r\n"
                + "\r\n");
    start = response.indexOf("--jetty");
    body = response.substring(start);
    boundary = body.substring(0, body.indexOf("\r\n"));
    assertResponseContains("206 Partial", response);
    assertResponseContains("Content-Type: multipart/byteranges; boundary=", response);
    assertResponseContains("Content-Range: bytes 0-9/80", response);
    assertResponseContains("Content-Range: bytes 20-29/80", response);
    assertResponseContains("Content-Length: " + body.length(), response);
    assertTrue(body.endsWith(boundary + "--\r\n"));

    response =
        connector.getResponses(
            "GET /context/nofilesuffix HTTP/1.1\r\n"
                + "Host: localhost\r\n"
                + "Connection: close\r\n"
                + "Range: bytes=0-9,20-29,40-49,60-60,70-79\r\n"
                + "\r\n");
    start = response.indexOf("--jetty");
    body = response.substring(start);
    boundary = body.substring(0, body.indexOf("\r\n"));
    assertResponseContains("206 Partial", response);
    assertResponseContains("Content-Type: multipart/byteranges; boundary=", response);
    assertResponseContains("Content-Range: bytes 0-9/80", response);
    assertResponseContains("Content-Range: bytes 20-29/80", response);
    assertResponseContains("Content-Range: bytes 60-60/80", response);
    assertResponseContains("Content-Range: bytes 70-79/80", response);
    assertResponseContains("Content-Length: " + body.length(), response);
    assertTrue(body.endsWith(boundary + "--\r\n"));
  }
Пример #14
0
  @Test
  public void testListingContextBreakout() throws Exception {
    ServletHolder defholder = context.addServlet(DefaultServlet.class, "/");
    defholder.setInitParameter("dirAllowed", "true");
    defholder.setInitParameter("redirectWelcome", "false");
    defholder.setInitParameter("gzip", "false");
    defholder.setInitParameter("aliases", "true");

    testdir.ensureEmpty();

    /* create some content in the docroot */
    File resBase = testdir.getFile("docroot");
    assertTrue(resBase.mkdirs());

    File index = new File(resBase, "index.html");
    createFile(index, "<h1>Hello Index</h1>");

    File wackyDir = new File(resBase, "dir?");
    if (!OS.IS_WINDOWS) {
      FS.ensureDirExists(wackyDir);
    }

    wackyDir = new File(resBase, "dir;");
    assertTrue(wackyDir.mkdirs());

    /* create some content outside of the docroot */
    File sekret = testdir.getFile("sekret");
    assertTrue(sekret.mkdirs());
    File pass = new File(sekret, "pass");
    createFile(pass, "Sssh, you shouldn't be seeing this");

    /* At this point we have the following
     * testListingContextBreakout/
     * |-- docroot
     * |   |-- index.html
     * |   |-- dir?
     * |   |-- dir;
     * `-- sekret
     *     `-- pass
     */

    String resBasePath = resBase.getAbsolutePath();
    defholder.setInitParameter("resourceBase", resBasePath);

    String response;

    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("<h1>Hello Index</h1>", response);

    response = connector.getResponses("GET /context/dir?/ HTTP/1.0\r\n\r\n");
    assertResponseContains("404", response);

    if (!OS.IS_WINDOWS) {
      response = connector.getResponses("GET /context/dir%3F/ HTTP/1.0\r\n\r\n");
      assertResponseContains("Directory: /context/dir?/<", response);
    } else assertResponseContains("404", response);

    response = connector.getResponses("GET /context/index.html HTTP/1.0\r\n\r\n");
    assertResponseContains("Hello Index", response);

    response = connector.getResponses("GET /context/dir%3F/../index.html HTTP/1.0\r\n\r\n");
    assertResponseContains("Hello Index", response);

    response = connector.getResponses("GET /context/dir%3F/../../ HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Directory: ", response);

    response = connector.getResponses("GET /context/dir%3F/../../sekret/pass HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Sssh", response);

    response = connector.getResponses("GET /context/dir?/../../ HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Directory: ", response);

    response = connector.getResponses("GET /context/dir?/../../sekret/pass HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Sssh", response);

    response = connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n");
    assertResponseContains("<h1>Hello Index</h1>", response);

    response = connector.getResponses("GET /context/dir;/ HTTP/1.0\r\n\r\n");
    assertResponseContains("404", response);

    response = connector.getResponses("GET /context/dir%3B/ HTTP/1.0\r\n\r\n");
    assertResponseContains("Directory: /context/dir;/<", response);

    response = connector.getResponses("GET /context/index.html HTTP/1.0\r\n\r\n");
    assertResponseContains("Hello Index", response);

    response = connector.getResponses("GET /context/dir%3B/../index.html HTTP/1.0\r\n\r\n");
    assertResponseContains("Hello Index", response);

    response = connector.getResponses("GET /context/dir%3B/../../ HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Directory: ", response);

    response = connector.getResponses("GET /context/dir%3B/../../sekret/pass HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Sssh", response);

    response = connector.getResponses("GET /context/dir;/../../ HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Directory: ", response);

    response = connector.getResponses("GET /context/dir;/../../sekret/pass HTTP/1.0\r\n\r\n");
    assertResponseNotContains("Sssh", response);
  }