httpd-test-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r357160 - in /httpd/test/trunk/perl-framework/t: conf/extra.conf.in htdocs/security/CVE-2005-3352.map security/CVE-2005-3352.t
Date Fri, 16 Dec 2005 14:24:14 GMT
Author: jorton
Date: Fri Dec 16 06:24:04 2005
New Revision: 357160

URL: http://svn.apache.org/viewcvs?rev=357160&view=rev
Log:
- add test for CVE-2005-3352

Added:
    httpd/test/trunk/perl-framework/t/htdocs/security/CVE-2005-3352.map
    httpd/test/trunk/perl-framework/t/security/CVE-2005-3352.t
Modified:
    httpd/test/trunk/perl-framework/t/conf/extra.conf.in

Modified: httpd/test/trunk/perl-framework/t/conf/extra.conf.in
URL: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/t/conf/extra.conf.in?rev=357160&r1=357159&r2=357160&view=diff
==============================================================================
--- httpd/test/trunk/perl-framework/t/conf/extra.conf.in (original)
+++ httpd/test/trunk/perl-framework/t/conf/extra.conf.in Fri Dec 16 06:24:04 2005
@@ -451,6 +451,9 @@
     AllowOverride All
     Order allow,deny
     Allow from all
+
+    # for CVE-2005-3352 test:
+    AddHandler imap-file map
 </Directory>
 
 <Directory @SERVERROOT@/htdocs/security/CAN-2004-0811>

Added: httpd/test/trunk/perl-framework/t/htdocs/security/CVE-2005-3352.map
URL: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/t/htdocs/security/CVE-2005-3352.map?rev=357160&view=auto
==============================================================================
--- httpd/test/trunk/perl-framework/t/htdocs/security/CVE-2005-3352.map (added)
+++ httpd/test/trunk/perl-framework/t/htdocs/security/CVE-2005-3352.map Fri Dec 16 06:24:04
2005
@@ -0,0 +1 @@
+default referer "Go Back"

Added: httpd/test/trunk/perl-framework/t/security/CVE-2005-3352.t
URL: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/t/security/CVE-2005-3352.t?rev=357160&view=auto
==============================================================================
--- httpd/test/trunk/perl-framework/t/security/CVE-2005-3352.t (added)
+++ httpd/test/trunk/perl-framework/t/security/CVE-2005-3352.t Fri Dec 16 06:24:04 2005
@@ -0,0 +1,18 @@
+use strict;
+use warnings FATAL => 'all';
+
+use Apache::Test;
+use Apache::TestUtil;
+use Apache::TestRequest;
+
+my $vars = Apache::Test::vars();
+
+plan tests => 2, need 'imagemap';
+
+my $url = "/security/CVE-2005-3352.map";
+
+my $r = GET $url, Referer => '">http://fish/';
+
+ok t_cmp($r->code, 200, "response code is OK");
+
+ok t_cmp($r->content, qr/\&quot/, "referer was escaped");



Mime
View raw message