struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From musa...@apache.org
Subject svn commit: r688095 - /struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
Date Fri, 22 Aug 2008 15:22:57 GMT
Author: musachy
Date: Fri Aug 22 08:22:56 2008
New Revision: 688095

URL: http://svn.apache.org/viewvc?rev=688095&view=rev
Log:
WW-2779  Directory traversal vulnerability while serving static content

Modified:
    struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java

Modified: struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java?rev=688095&r1=688094&r2=688095&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
(original)
+++ struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
Fri Aug 22 08:22:56 2008
@@ -69,6 +69,30 @@
         assertEquals(0, res.getContentLength());
     }
 
+    public void testInvalidRersources2() throws IOException {
+        contentLoader.findStaticResource("/struts/..", req, res);
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+        assertEquals(0, res.getContentLength());
+    }
+
+    public void testInvalidRersources3() throws IOException {
+        contentLoader.findStaticResource("/struts/../othertest.properties", req, res);
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+        assertEquals(0, res.getContentLength());
+    }
+
+    public void testInvalidRersources4() throws IOException {
+        contentLoader.findStaticResource("/struts/..%252f", req, res);
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+        assertEquals(0, res.getContentLength());
+    }
+
+    public void testInvalidRersources5() throws IOException {
+        contentLoader.findStaticResource("/struts/..%252fothertest.properties", req, res);
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+        assertEquals(0, res.getContentLength());
+    }
+
     @Override
     protected void setUp() throws Exception {
         super.setUp();



Mime
View raw message