1*1c60b9acSAndroid Build Coastguard Worker#!/bin/bash 2*1c60b9acSAndroid Build Coastguard Worker# 3*1c60b9acSAndroid Build Coastguard Worker# attack the test server and try to make it fall over 4*1c60b9acSAndroid Build Coastguard Worker# 5*1c60b9acSAndroid Build Coastguard Worker# Requires the library to have been built with 6*1c60b9acSAndroid Build Coastguard Worker# 7*1c60b9acSAndroid Build Coastguard Worker# cmake .. -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_MINIMAL_EXAMPLES=1 8*1c60b9acSAndroid Build Coastguard Worker# 9*1c60b9acSAndroid Build Coastguard Worker# run it from the build dir 10*1c60b9acSAndroid Build Coastguard Worker 11*1c60b9acSAndroid Build Coastguard Workerecho 12*1c60b9acSAndroid Build Coastguard Workerecho "----------------------------------------------" 13*1c60b9acSAndroid Build Coastguard Workerecho "------- tests: lws attack.sh" 14*1c60b9acSAndroid Build Coastguard Workerecho 15*1c60b9acSAndroid Build Coastguard Worker 16*1c60b9acSAndroid Build Coastguard WorkerSERVER=127.0.0.1 17*1c60b9acSAndroid Build Coastguard WorkerPORT=7681 18*1c60b9acSAndroid Build Coastguard WorkerLOG=/tmp/lwslog 19*1c60b9acSAndroid Build Coastguard Worker 20*1c60b9acSAndroid Build Coastguard WorkerA=`which libwebsockets-test-server` 21*1c60b9acSAndroid Build Coastguard WorkerINSTALLED=`dirname $A` 22*1c60b9acSAndroid Build Coastguard Worker 23*1c60b9acSAndroid Build Coastguard WorkerSHAREDIR=$INSTALLED/../share/libwebsockets-test-server 24*1c60b9acSAndroid Build Coastguard WorkerCORPUS=$SHAREDIR/test.html 25*1c60b9acSAndroid Build Coastguard Worker 26*1c60b9acSAndroid Build Coastguard WorkerLWS_NC=./bin/lws-minimal-raw-netcat 27*1c60b9acSAndroid Build Coastguard Worker 28*1c60b9acSAndroid Build Coastguard WorkerCPID= 29*1c60b9acSAndroid Build Coastguard WorkerLEN=0 30*1c60b9acSAndroid Build Coastguard Worker 31*1c60b9acSAndroid Build Coastguard Workerfunction check { 32*1c60b9acSAndroid Build Coastguard Worker kill -0 $CPID 33*1c60b9acSAndroid Build Coastguard Worker if [ $? -ne 0 ] ; then 34*1c60b9acSAndroid Build Coastguard Worker echo "(killed it) *******" 35*1c60b9acSAndroid Build Coastguard Worker exit 1 36*1c60b9acSAndroid Build Coastguard Worker fi 37*1c60b9acSAndroid Build Coastguard Worker #dd if=$LOG bs=1 skip=$LEN 2>/dev/null 38*1c60b9acSAndroid Build Coastguard Worker 39*1c60b9acSAndroid Build Coastguard Worker if [ "$1" = "default" ] ; then 40*1c60b9acSAndroid Build Coastguard Worker diff /tmp/lwscap $CORPUS > /dev/null 41*1c60b9acSAndroid Build Coastguard Worker if [ $? -ne 0 ] ; then 42*1c60b9acSAndroid Build Coastguard Worker echo "FAIL: got something other than $CORPUS back" 43*1c60b9acSAndroid Build Coastguard Worker exit 1 44*1c60b9acSAndroid Build Coastguard Worker fi 45*1c60b9acSAndroid Build Coastguard Worker fi 46*1c60b9acSAndroid Build Coastguard Worker if [ "$1" = "defaultplusforbidden" ] ; then 47*1c60b9acSAndroid Build Coastguard Worker cat $CORPUS > /tmp/plusforb 48*1c60b9acSAndroid Build Coastguard Worker echo -e -n "HTTP/1.0 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb 49*1c60b9acSAndroid Build Coastguard Worker diff /tmp/lwscap /tmp/plusforb > /dev/null 50*1c60b9acSAndroid Build Coastguard Worker if [ $? -ne 0 ] ; then 51*1c60b9acSAndroid Build Coastguard Worker cat $CORPUS > /tmp/plusforb 52*1c60b9acSAndroid Build Coastguard Worker 53*1c60b9acSAndroid Build Coastguard Worker echo -e -n "HTTP/1.1 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb 54*1c60b9acSAndroid Build Coastguard Worker diff /tmp/lwscap /tmp/plusforb > /dev/null 55*1c60b9acSAndroid Build Coastguard Worker if [ $? -ne 0 ] ; then 56*1c60b9acSAndroid Build Coastguard Worker 57*1c60b9acSAndroid Build Coastguard Worker echo "FAIL: got something other than $CORPUS + forbidden back" 58*1c60b9acSAndroid Build Coastguard Worker tail -n 10 /tmp/lwscap 59*1c60b9acSAndroid Build Coastguard Worker tail -n 100 $LOG 60*1c60b9acSAndroid Build Coastguard Worker exit 1 61*1c60b9acSAndroid Build Coastguard Worker fi 62*1c60b9acSAndroid Build Coastguard Worker fi 63*1c60b9acSAndroid Build Coastguard Worker fi 64*1c60b9acSAndroid Build Coastguard Worker 65*1c60b9acSAndroid Build Coastguard Worker if [ "$1" = "forbidden" ] ; then 66*1c60b9acSAndroid Build Coastguard Worker if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then 67*1c60b9acSAndroid Build Coastguard Worker echo "FAIL: should have told forbidden (test server has no dirs)" 68*1c60b9acSAndroid Build Coastguard Worker exit 1 69*1c60b9acSAndroid Build Coastguard Worker fi 70*1c60b9acSAndroid Build Coastguard Worker fi 71*1c60b9acSAndroid Build Coastguard Worker 72*1c60b9acSAndroid Build Coastguard Worker if [ "$1" = "notfound" ] ; then 73*1c60b9acSAndroid Build Coastguard Worker if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then 74*1c60b9acSAndroid Build Coastguard Worker echo "FAIL: should have told not found" 75*1c60b9acSAndroid Build Coastguard Worker exit 1 76*1c60b9acSAndroid Build Coastguard Worker fi 77*1c60b9acSAndroid Build Coastguard Worker fi 78*1c60b9acSAndroid Build Coastguard Worker 79*1c60b9acSAndroid Build Coastguard Worker 80*1c60b9acSAndroid Build Coastguard Worker if [ "$1" = "rejected" ] ; then 81*1c60b9acSAndroid Build Coastguard Worker if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then 82*1c60b9acSAndroid Build Coastguard Worker echo "FAIL: should have told forbidden (test server has no dirs)" 83*1c60b9acSAndroid Build Coastguard Worker exit 1 84*1c60b9acSAndroid Build Coastguard Worker fi 85*1c60b9acSAndroid Build Coastguard Worker fi 86*1c60b9acSAndroid Build Coastguard Worker 87*1c60b9acSAndroid Build Coastguard Worker 88*1c60b9acSAndroid Build Coastguard Worker if [ "$1" = "media" ] ; then 89*1c60b9acSAndroid Build Coastguard Worker if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then 90*1c60b9acSAndroid Build Coastguard Worker echo "FAIL: should have told unknown media type" 91*1c60b9acSAndroid Build Coastguard Worker exit 1 92*1c60b9acSAndroid Build Coastguard Worker fi 93*1c60b9acSAndroid Build Coastguard Worker fi 94*1c60b9acSAndroid Build Coastguard Worker 95*1c60b9acSAndroid Build Coastguard Worker if [ "$1" == "0" ] ; then 96*1c60b9acSAndroid Build Coastguard Worker a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep "get\ \ =" | tr -s ' ' | cut -d' ' -f4-`" 97*1c60b9acSAndroid Build Coastguard Worker if [ "$a" != "$2" ] ; then 98*1c60b9acSAndroid Build Coastguard Worker echo "URL path '$a' not $2" 99*1c60b9acSAndroid Build Coastguard Worker exit 1 100*1c60b9acSAndroid Build Coastguard Worker fi 101*1c60b9acSAndroid Build Coastguard Worker fi 102*1c60b9acSAndroid Build Coastguard Worker 103*1c60b9acSAndroid Build Coastguard Worker if [ "$1" == "1" ] ; then 104*1c60b9acSAndroid Build Coastguard Worker a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f7-`" 105*1c60b9acSAndroid Build Coastguard Worker if [ "$a" != "$2" ] ; then 106*1c60b9acSAndroid Build Coastguard Worker echo "Arg 1 '$a' not $2" 107*1c60b9acSAndroid Build Coastguard Worker exit 1 108*1c60b9acSAndroid Build Coastguard Worker fi 109*1c60b9acSAndroid Build Coastguard Worker fi 110*1c60b9acSAndroid Build Coastguard Worker 111*1c60b9acSAndroid Build Coastguard Worker if [ "$1" == "2" ] ; then 112*1c60b9acSAndroid Build Coastguard Worker a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f7-`" 113*1c60b9acSAndroid Build Coastguard Worker if [ "$a" != "$2" ] ; then 114*1c60b9acSAndroid Build Coastguard Worker echo "Arg 2 '$a' not $2" 115*1c60b9acSAndroid Build Coastguard Worker exit 1 116*1c60b9acSAndroid Build Coastguard Worker fi 117*1c60b9acSAndroid Build Coastguard Worker fi 118*1c60b9acSAndroid Build Coastguard Worker if [ "$1" == "3" ] ; then 119*1c60b9acSAndroid Build Coastguard Worker a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f7-`" 120*1c60b9acSAndroid Build Coastguard Worker if [ "$a" != "$2" ] ; then 121*1c60b9acSAndroid Build Coastguard Worker echo "Arg 3 '$a' not $2" 122*1c60b9acSAndroid Build Coastguard Worker exit 1 123*1c60b9acSAndroid Build Coastguard Worker fi 124*1c60b9acSAndroid Build Coastguard Worker fi 125*1c60b9acSAndroid Build Coastguard Worker 126*1c60b9acSAndroid Build Coastguard Worker if [ -z "$1" ] ; then 127*1c60b9acSAndroid Build Coastguard Worker LEN=`stat $LOG -c %s` 128*1c60b9acSAndroid Build Coastguard Worker fi 129*1c60b9acSAndroid Build Coastguard Worker} 130*1c60b9acSAndroid Build Coastguard Worker 131*1c60b9acSAndroid Build Coastguard Worker 132*1c60b9acSAndroid Build Coastguard Workerrm -rf $LOG 133*1c60b9acSAndroid Build Coastguard Workerkillall libwebsockets-test-server 2>/dev/null 134*1c60b9acSAndroid Build Coastguard Workerlibwebsockets-test-server -d15 2>> $LOG >/dev/null & 135*1c60b9acSAndroid Build Coastguard WorkerCPID=$! 136*1c60b9acSAndroid Build Coastguard Worker 137*1c60b9acSAndroid Build Coastguard Workerecho "Started server on PID $CPID" 138*1c60b9acSAndroid Build Coastguard Worker 139*1c60b9acSAndroid Build Coastguard Workerwhile [ -z "`grep ort\ 7681 $LOG`" ] ; do 140*1c60b9acSAndroid Build Coastguard Worker sleep 0.5s 141*1c60b9acSAndroid Build Coastguard Workerdone 142*1c60b9acSAndroid Build Coastguard Workercheck 143*1c60b9acSAndroid Build Coastguard Worker 144*1c60b9acSAndroid Build Coastguard Workerecho 145*1c60b9acSAndroid Build Coastguard Workerecho "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F" 146*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 147*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 148*1c60b9acSAndroid Build Coastguard Workercat /tmp/lwscap 149*1c60b9acSAndroid Build Coastguard Workercheck 1 "UPDATE_SETTINGS=1" 150*1c60b9acSAndroid Build Coastguard Workercheck 2 "Root_Channels_1_Channel_name_http_post=?" 151*1c60b9acSAndroid Build Coastguard Workercheck 3 "Root_Channels_1_Channel_location_http_post=?" 152*1c60b9acSAndroid Build Coastguard Workercheck 153*1c60b9acSAndroid Build Coastguard Worker 154*1c60b9acSAndroid Build Coastguard Workerecho 155*1c60b9acSAndroid Build Coastguard Workerecho "---- ? processing (/cgi-bin/settings.js?key1=value1)" 156*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 157*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 158*1c60b9acSAndroid Build Coastguard Workercheck 1 "key1=value1" 159*1c60b9acSAndroid Build Coastguard Workercheck 160*1c60b9acSAndroid Build Coastguard Worker 161*1c60b9acSAndroid Build Coastguard Workerecho 162*1c60b9acSAndroid Build Coastguard Workerecho "---- ? processing (/t%3dest?key1%3d2=value1)" 163*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 164*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET /t%3dest?key1%3d2=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 165*1c60b9acSAndroid Build Coastguard Workercheck 0 "/t=est" 166*1c60b9acSAndroid Build Coastguard Workercheck 1 "key1_2=value1" 167*1c60b9acSAndroid Build Coastguard Workercheck 168*1c60b9acSAndroid Build Coastguard Worker 169*1c60b9acSAndroid Build Coastguard Workerecho 170*1c60b9acSAndroid Build Coastguard Workerecho "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=1)" 171*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 172*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 173*1c60b9acSAndroid Build Coastguard Workercheck 1 "arg=1" 174*1c60b9acSAndroid Build Coastguard Workercheck 175*1c60b9acSAndroid Build Coastguard Worker 176*1c60b9acSAndroid Build Coastguard Workerecho 177*1c60b9acSAndroid Build Coastguard Workerecho "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=/../.)" 178*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 179*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 180*1c60b9acSAndroid Build Coastguard Workercheck 1 "arg=/../." 181*1c60b9acSAndroid Build Coastguard Workercheck 182*1c60b9acSAndroid Build Coastguard Worker 183*1c60b9acSAndroid Build Coastguard Workerecho 184*1c60b9acSAndroid Build Coastguard Workerecho "---- spam enough crap to not be GET" 185*1c60b9acSAndroid Build Coastguard Workerecho "not GET" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 186*1c60b9acSAndroid Build Coastguard Workercheck 187*1c60b9acSAndroid Build Coastguard Worker 188*1c60b9acSAndroid Build Coastguard Workerecho 189*1c60b9acSAndroid Build Coastguard Workerecho "---- spam more than the name buffer of crap" 190*1c60b9acSAndroid Build Coastguard Workerdd if=/dev/urandom bs=1 count=80 2>/dev/null | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 191*1c60b9acSAndroid Build Coastguard Workercheck 192*1c60b9acSAndroid Build Coastguard Worker 193*1c60b9acSAndroid Build Coastguard Workerecho 194*1c60b9acSAndroid Build Coastguard Workerecho "---- spam 10MB of crap" 195*1c60b9acSAndroid Build Coastguard Workerdd if=/dev/urandom bs=1 count=655360 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 196*1c60b9acSAndroid Build Coastguard Workercheck 197*1c60b9acSAndroid Build Coastguard Worker 198*1c60b9acSAndroid Build Coastguard Workerecho 199*1c60b9acSAndroid Build Coastguard Workerecho "---- malformed URI" 200*1c60b9acSAndroid Build Coastguard Workerecho "GET nonsense................................................................................................................" \ 201*1c60b9acSAndroid Build Coastguard Worker | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 202*1c60b9acSAndroid Build Coastguard Workercheck 203*1c60b9acSAndroid Build Coastguard Worker 204*1c60b9acSAndroid Build Coastguard Workerecho 205*1c60b9acSAndroid Build Coastguard Workerecho "---- missing URI" 206*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap 207*1c60b9acSAndroid Build Coastguard Workercheck 208*1c60b9acSAndroid Build Coastguard Worker 209*1c60b9acSAndroid Build Coastguard Workerecho 210*1c60b9acSAndroid Build Coastguard Workerecho "---- repeated method" 211*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET blah HTTP/1.0\x0d\x0aGET blah HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap 212*1c60b9acSAndroid Build Coastguard Workercheck 213*1c60b9acSAndroid Build Coastguard Worker 214*1c60b9acSAndroid Build Coastguard Workerecho 215*1c60b9acSAndroid Build Coastguard Workerecho "---- crazy header name part" 216*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET blah HTTP/1.0\x0d\x0a................................................................................................................" \ 217*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 218*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 219*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 220*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 221*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 222*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 223*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 224*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 225*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 226*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 227*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 228*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 229*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 230*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 231*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 232*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 233*1c60b9acSAndroid Build Coastguard Worker | $LWS_NC --server $SERVER --port $PORT 2>/dev/null 234*1c60b9acSAndroid Build Coastguard Workercheck 235*1c60b9acSAndroid Build Coastguard Worker 236*1c60b9acSAndroid Build Coastguard Workerecho 237*1c60b9acSAndroid Build Coastguard Workerecho "---- excessive uri content" 238*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET ................................................................................................................" \ 239*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 240*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 241*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 242*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 243*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 244*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 245*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 246*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 247*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 248*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 249*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 250*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 251*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 252*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 253*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 254*1c60b9acSAndroid Build Coastguard Worker "......................................................................................................................." \ 255*1c60b9acSAndroid Build Coastguard Worker | $LWS_NC --server $SERVER --port $PORT 2>/dev/null 256*1c60b9acSAndroid Build Coastguard Workercheck 257*1c60b9acSAndroid Build Coastguard Worker 258*1c60b9acSAndroid Build Coastguard Workerecho 259*1c60b9acSAndroid Build Coastguard Workerecho "---- good request but http payload coming too (test.html served then forbidden)" 260*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \ 261*1c60b9acSAndroid Build Coastguard Worker | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 262*1c60b9acSAndroid Build Coastguard Workercheck defaultplusforbidden 263*1c60b9acSAndroid Build Coastguard Workercheck 264*1c60b9acSAndroid Build Coastguard Worker 265*1c60b9acSAndroid Build Coastguard Workerecho 266*1c60b9acSAndroid Build Coastguard Workerecho "---- nonexistent file" 267*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 268*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET /nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 269*1c60b9acSAndroid Build Coastguard Workercat /tmp/lwscap 270*1c60b9acSAndroid Build Coastguard Workercheck notfound 271*1c60b9acSAndroid Build Coastguard Workercheck 272*1c60b9acSAndroid Build Coastguard Worker 273*1c60b9acSAndroid Build Coastguard Workerecho 274*1c60b9acSAndroid Build Coastguard Workerecho "---- relative uri path" 275*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 276*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 277*1c60b9acSAndroid Build Coastguard Workercheck forbidden 278*1c60b9acSAndroid Build Coastguard Workercheck 279*1c60b9acSAndroid Build Coastguard Worker 280*1c60b9acSAndroid Build Coastguard Workerecho 281*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)" 282*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 283*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET /../../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 284*1c60b9acSAndroid Build Coastguard Workercheck notfound 285*1c60b9acSAndroid Build Coastguard Workercheck 286*1c60b9acSAndroid Build Coastguard Worker 287*1c60b9acSAndroid Build Coastguard Workerecho 288*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 2 (/../ should be /)" 289*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 290*1c60b9acSAndroid Build Coastguard Workerecho -e -n "GET /../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 291*1c60b9acSAndroid Build Coastguard Workercheck default 292*1c60b9acSAndroid Build Coastguard Workercheck 293*1c60b9acSAndroid Build Coastguard Worker 294*1c60b9acSAndroid Build Coastguard Workerecho 295*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 3 (/./ should be /)" 296*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 297*1c60b9acSAndroid Build Coastguard Workerecho -e -n "GET /./ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 298*1c60b9acSAndroid Build Coastguard Workercheck default 299*1c60b9acSAndroid Build Coastguard Workercheck 300*1c60b9acSAndroid Build Coastguard Worker 301*1c60b9acSAndroid Build Coastguard Workerecho 302*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 4 (/blah/.. should be /)" 303*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 304*1c60b9acSAndroid Build Coastguard Workerecho -e -n "GET /blah/.. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 305*1c60b9acSAndroid Build Coastguard Workercheck default 306*1c60b9acSAndroid Build Coastguard Workercheck 307*1c60b9acSAndroid Build Coastguard Worker 308*1c60b9acSAndroid Build Coastguard Workerecho 309*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 5 (/blah/../ should be /)" 310*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 311*1c60b9acSAndroid Build Coastguard Workerecho -e -n "GET /blah/../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 312*1c60b9acSAndroid Build Coastguard Workercheck default 313*1c60b9acSAndroid Build Coastguard Workercheck 314*1c60b9acSAndroid Build Coastguard Worker 315*1c60b9acSAndroid Build Coastguard Workerecho 316*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 6 (/blah/../. should be /)" 317*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 318*1c60b9acSAndroid Build Coastguard Workerecho -e -n "GET /blah/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 319*1c60b9acSAndroid Build Coastguard Workercheck default 320*1c60b9acSAndroid Build Coastguard Workercheck 321*1c60b9acSAndroid Build Coastguard Worker 322*1c60b9acSAndroid Build Coastguard Workerecho 323*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)" 324*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 325*1c60b9acSAndroid Build Coastguard Workerecho -e -n "GET /%2e%2e%2f../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 326*1c60b9acSAndroid Build Coastguard Workercheck notfound 327*1c60b9acSAndroid Build Coastguard Workercheck 328*1c60b9acSAndroid Build Coastguard Worker 329*1c60b9acSAndroid Build Coastguard Workerecho 330*1c60b9acSAndroid Build Coastguard Workerecho "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)" 331*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 332*1c60b9acSAndroid Build Coastguard Workerecho -e -n "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 333*1c60b9acSAndroid Build Coastguard Workercheck notfound 334*1c60b9acSAndroid Build Coastguard Workercheck 335*1c60b9acSAndroid Build Coastguard Worker 336*1c60b9acSAndroid Build Coastguard Workerecho 337*1c60b9acSAndroid Build Coastguard Workerecho "---- http/1.1 pipelining" 338*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap 339*1c60b9acSAndroid Build Coastguard Workerwget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap 340*1c60b9acSAndroid Build Coastguard Workergood=`cat $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS | md5sum | cut -d' ' -f1` 341*1c60b9acSAndroid Build Coastguard Workerif [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then 342*1c60b9acSAndroid Build Coastguard Worker echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`" 343*1c60b9acSAndroid Build Coastguard Worker exit 1 344*1c60b9acSAndroid Build Coastguard Workerfi 345*1c60b9acSAndroid Build Coastguard Worker 346*1c60b9acSAndroid Build Coastguard Workerecho 347*1c60b9acSAndroid Build Coastguard Workerecho "---- mass testing uri variations" 348*1c60b9acSAndroid Build Coastguard Worker 349*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/results 350*1c60b9acSAndroid Build Coastguard Worker 351*1c60b9acSAndroid Build Coastguard Workerfor i in \ 352*1c60b9acSAndroid Build Coastguard Worker/..../ \ 353*1c60b9acSAndroid Build Coastguard Worker/.../. \ 354*1c60b9acSAndroid Build Coastguard Worker/...// \ 355*1c60b9acSAndroid Build Coastguard Worker/.../a \ 356*1c60b9acSAndroid Build Coastguard Worker/.../w \ 357*1c60b9acSAndroid Build Coastguard Worker"/.../?" \ 358*1c60b9acSAndroid Build Coastguard Worker/.../% \ 359*1c60b9acSAndroid Build Coastguard Worker/../.. \ 360*1c60b9acSAndroid Build Coastguard Worker/.././ \ 361*1c60b9acSAndroid Build Coastguard Worker/../.a \ 362*1c60b9acSAndroid Build Coastguard Worker/../.w \ 363*1c60b9acSAndroid Build Coastguard Worker/../.. \ 364*1c60b9acSAndroid Build Coastguard Worker/../.% \ 365*1c60b9acSAndroid Build Coastguard Worker/..//. \ 366*1c60b9acSAndroid Build Coastguard Worker/../// \ 367*1c60b9acSAndroid Build Coastguard Worker/..//a \ 368*1c60b9acSAndroid Build Coastguard Worker/..//w \ 369*1c60b9acSAndroid Build Coastguard Worker"/..//?" \ 370*1c60b9acSAndroid Build Coastguard Worker/..//% \ 371*1c60b9acSAndroid Build Coastguard Worker/../a. \ 372*1c60b9acSAndroid Build Coastguard Worker/../a/ \ 373*1c60b9acSAndroid Build Coastguard Worker/../aa \ 374*1c60b9acSAndroid Build Coastguard Worker/../aw \ 375*1c60b9acSAndroid Build Coastguard Worker/../a? \ 376*1c60b9acSAndroid Build Coastguard Worker/../a% \ 377*1c60b9acSAndroid Build Coastguard Worker/../w. \ 378*1c60b9acSAndroid Build Coastguard Worker/../w/ \ 379*1c60b9acSAndroid Build Coastguard Worker/../wa \ 380*1c60b9acSAndroid Build Coastguard Worker/../ww \ 381*1c60b9acSAndroid Build Coastguard Worker/../w? \ 382*1c60b9acSAndroid Build Coastguard Worker/../w% \ 383*1c60b9acSAndroid Build Coastguard Worker/../?. \ 384*1c60b9acSAndroid Build Coastguard Worker/../?/ \ 385*1c60b9acSAndroid Build Coastguard Worker/../?a \ 386*1c60b9acSAndroid Build Coastguard Worker/../?w \ 387*1c60b9acSAndroid Build Coastguard Worker/../?? \ 388*1c60b9acSAndroid Build Coastguard Worker/../?% \ 389*1c60b9acSAndroid Build Coastguard Worker/../%. \ 390*1c60b9acSAndroid Build Coastguard Worker/../%/ \ 391*1c60b9acSAndroid Build Coastguard Worker/../%a \ 392*1c60b9acSAndroid Build Coastguard Worker/../%w \ 393*1c60b9acSAndroid Build Coastguard Worker/../%? \ 394*1c60b9acSAndroid Build Coastguard Worker/../%% \ 395*1c60b9acSAndroid Build Coastguard Worker/./... \ 396*1c60b9acSAndroid Build Coastguard Worker/./../ \ 397*1c60b9acSAndroid Build Coastguard Worker/./..a \ 398*1c60b9acSAndroid Build Coastguard Worker/./..w \ 399*1c60b9acSAndroid Build Coastguard Worker/./..? \ 400*1c60b9acSAndroid Build Coastguard Worker/./..% \ 401*1c60b9acSAndroid Build Coastguard Worker/.//.. \ 402*1c60b9acSAndroid Build Coastguard Worker/.a../ \ 403*1c60b9acSAndroid Build Coastguard Worker/.a/.. \ 404*1c60b9acSAndroid Build Coastguard Worker/.w../ \ 405*1c60b9acSAndroid Build Coastguard Worker/.w/.. \ 406*1c60b9acSAndroid Build Coastguard Worker/.?../ \ 407*1c60b9acSAndroid Build Coastguard Worker/../.. \ 408*1c60b9acSAndroid Build Coastguard Worker/.%../ \ 409*1c60b9acSAndroid Build Coastguard Worker/.%/.. \ 410*1c60b9acSAndroid Build Coastguard Worker//.... \ 411*1c60b9acSAndroid Build Coastguard Worker//.../ \ 412*1c60b9acSAndroid Build Coastguard Worker//...a \ 413*1c60b9acSAndroid Build Coastguard Worker//...w \ 414*1c60b9acSAndroid Build Coastguard Worker//...? \ 415*1c60b9acSAndroid Build Coastguard Worker//...% \ 416*1c60b9acSAndroid Build Coastguard Worker//../. \ 417*1c60b9acSAndroid Build Coastguard Worker//..// \ 418*1c60b9acSAndroid Build Coastguard Worker//../a \ 419*1c60b9acSAndroid Build Coastguard Worker//../w \ 420*1c60b9acSAndroid Build Coastguard Worker//../? \ 421*1c60b9acSAndroid Build Coastguard Worker//../% \ 422*1c60b9acSAndroid Build Coastguard Worker//..a. \ 423*1c60b9acSAndroid Build Coastguard Worker//..a/ \ 424*1c60b9acSAndroid Build Coastguard Worker//..aa \ 425*1c60b9acSAndroid Build Coastguard Worker//..aw \ 426*1c60b9acSAndroid Build Coastguard Worker//..a? \ 427*1c60b9acSAndroid Build Coastguard Worker//..a% \ 428*1c60b9acSAndroid Build Coastguard Worker//..w. \ 429*1c60b9acSAndroid Build Coastguard Worker//..w/ \ 430*1c60b9acSAndroid Build Coastguard Worker//..wa \ 431*1c60b9acSAndroid Build Coastguard Worker//..ww \ 432*1c60b9acSAndroid Build Coastguard Worker//..w? \ 433*1c60b9acSAndroid Build Coastguard Worker//..w% \ 434*1c60b9acSAndroid Build Coastguard Worker//..?. \ 435*1c60b9acSAndroid Build Coastguard Worker//..?/ \ 436*1c60b9acSAndroid Build Coastguard Worker//..?a \ 437*1c60b9acSAndroid Build Coastguard Worker//..?w \ 438*1c60b9acSAndroid Build Coastguard Worker//..?? \ 439*1c60b9acSAndroid Build Coastguard Worker//..?% \ 440*1c60b9acSAndroid Build Coastguard Worker//..%. \ 441*1c60b9acSAndroid Build Coastguard Worker//..%/ \ 442*1c60b9acSAndroid Build Coastguard Worker//..%a \ 443*1c60b9acSAndroid Build Coastguard Worker//..%w \ 444*1c60b9acSAndroid Build Coastguard Worker//..%? \ 445*1c60b9acSAndroid Build Coastguard Worker//..%% \ 446*1c60b9acSAndroid Build Coastguard Worker//./.. \ 447*1c60b9acSAndroid Build Coastguard Worker///... \ 448*1c60b9acSAndroid Build Coastguard Worker///../ \ 449*1c60b9acSAndroid Build Coastguard Worker///..a \ 450*1c60b9acSAndroid Build Coastguard Worker///..w \ 451*1c60b9acSAndroid Build Coastguard Worker///..? \ 452*1c60b9acSAndroid Build Coastguard Worker///..% \ 453*1c60b9acSAndroid Build Coastguard Worker////.. \ 454*1c60b9acSAndroid Build Coastguard Worker//a../ \ 455*1c60b9acSAndroid Build Coastguard Worker//a/.. \ 456*1c60b9acSAndroid Build Coastguard Worker//w../ \ 457*1c60b9acSAndroid Build Coastguard Worker//w/.. \ 458*1c60b9acSAndroid Build Coastguard Worker//?../ \ 459*1c60b9acSAndroid Build Coastguard Worker//?/.. \ 460*1c60b9acSAndroid Build Coastguard Worker//%../ \ 461*1c60b9acSAndroid Build Coastguard Worker//%/.. \ 462*1c60b9acSAndroid Build Coastguard Worker/a.../ \ 463*1c60b9acSAndroid Build Coastguard Worker/a../. \ 464*1c60b9acSAndroid Build Coastguard Worker/a..// \ 465*1c60b9acSAndroid Build Coastguard Worker/a../a \ 466*1c60b9acSAndroid Build Coastguard Worker/a../w \ 467*1c60b9acSAndroid Build Coastguard Worker/a../? \ 468*1c60b9acSAndroid Build Coastguard Worker/a../% \ 469*1c60b9acSAndroid Build Coastguard Worker/a./.. \ 470*1c60b9acSAndroid Build Coastguard Worker/a/... \ 471*1c60b9acSAndroid Build Coastguard Worker/a/../ \ 472*1c60b9acSAndroid Build Coastguard Worker/a/..a \ 473*1c60b9acSAndroid Build Coastguard Worker/a/..w \ 474*1c60b9acSAndroid Build Coastguard Worker/a/..? \ 475*1c60b9acSAndroid Build Coastguard Worker/a/..% \ 476*1c60b9acSAndroid Build Coastguard Worker/a//.. \ 477*1c60b9acSAndroid Build Coastguard Worker/aa../ \ 478*1c60b9acSAndroid Build Coastguard Worker/aa/.. \ 479*1c60b9acSAndroid Build Coastguard Worker/aw../ \ 480*1c60b9acSAndroid Build Coastguard Worker/aw/.. \ 481*1c60b9acSAndroid Build Coastguard Worker/a?../ \ 482*1c60b9acSAndroid Build Coastguard Worker/a?/.. \ 483*1c60b9acSAndroid Build Coastguard Worker/a%../ \ 484*1c60b9acSAndroid Build Coastguard Worker/a%/.. \ 485*1c60b9acSAndroid Build Coastguard Worker/w.../ \ 486*1c60b9acSAndroid Build Coastguard Worker/w../. \ 487*1c60b9acSAndroid Build Coastguard Worker/w..// \ 488*1c60b9acSAndroid Build Coastguard Worker/w../a \ 489*1c60b9acSAndroid Build Coastguard Worker/w../w \ 490*1c60b9acSAndroid Build Coastguard Worker/w../? \ 491*1c60b9acSAndroid Build Coastguard Worker/w../% \ 492*1c60b9acSAndroid Build Coastguard Worker/w./.. \ 493*1c60b9acSAndroid Build Coastguard Worker/w/... \ 494*1c60b9acSAndroid Build Coastguard Worker/w/../ \ 495*1c60b9acSAndroid Build Coastguard Worker/w/..a \ 496*1c60b9acSAndroid Build Coastguard Worker/w/..w \ 497*1c60b9acSAndroid Build Coastguard Worker/w/..? \ 498*1c60b9acSAndroid Build Coastguard Worker/w/..% \ 499*1c60b9acSAndroid Build Coastguard Worker/w//.. \ 500*1c60b9acSAndroid Build Coastguard Worker/wa../ \ 501*1c60b9acSAndroid Build Coastguard Worker/wa/.. \ 502*1c60b9acSAndroid Build Coastguard Worker/ww../ \ 503*1c60b9acSAndroid Build Coastguard Worker/ww/.. \ 504*1c60b9acSAndroid Build Coastguard Worker/w?../ \ 505*1c60b9acSAndroid Build Coastguard Worker/w?/.. \ 506*1c60b9acSAndroid Build Coastguard Worker/w%../ \ 507*1c60b9acSAndroid Build Coastguard Worker/w%/.. \ 508*1c60b9acSAndroid Build Coastguard Worker/?.../ \ 509*1c60b9acSAndroid Build Coastguard Worker/?../. \ 510*1c60b9acSAndroid Build Coastguard Worker/?..// \ 511*1c60b9acSAndroid Build Coastguard Worker/?../a \ 512*1c60b9acSAndroid Build Coastguard Worker/?../w \ 513*1c60b9acSAndroid Build Coastguard Worker/?../? \ 514*1c60b9acSAndroid Build Coastguard Worker/?../% \ 515*1c60b9acSAndroid Build Coastguard Worker/?./.. \ 516*1c60b9acSAndroid Build Coastguard Worker/?/... \ 517*1c60b9acSAndroid Build Coastguard Worker/?/../ \ 518*1c60b9acSAndroid Build Coastguard Worker/?/..a \ 519*1c60b9acSAndroid Build Coastguard Worker/?/..w \ 520*1c60b9acSAndroid Build Coastguard Worker/?/..? \ 521*1c60b9acSAndroid Build Coastguard Worker/?/..% \ 522*1c60b9acSAndroid Build Coastguard Worker/?//.. \ 523*1c60b9acSAndroid Build Coastguard Worker/?a../ \ 524*1c60b9acSAndroid Build Coastguard Worker/?a/.. \ 525*1c60b9acSAndroid Build Coastguard Worker/?w../ \ 526*1c60b9acSAndroid Build Coastguard Worker/?w/.. \ 527*1c60b9acSAndroid Build Coastguard Worker/??../ \ 528*1c60b9acSAndroid Build Coastguard Worker/??/.. \ 529*1c60b9acSAndroid Build Coastguard Worker/?%../ \ 530*1c60b9acSAndroid Build Coastguard Worker/?%/.. \ 531*1c60b9acSAndroid Build Coastguard Worker/%.../ \ 532*1c60b9acSAndroid Build Coastguard Worker/%../. \ 533*1c60b9acSAndroid Build Coastguard Worker/%..// \ 534*1c60b9acSAndroid Build Coastguard Worker/%../a \ 535*1c60b9acSAndroid Build Coastguard Worker/%../w \ 536*1c60b9acSAndroid Build Coastguard Worker/%../? \ 537*1c60b9acSAndroid Build Coastguard Worker/%../% \ 538*1c60b9acSAndroid Build Coastguard Worker/%./.. \ 539*1c60b9acSAndroid Build Coastguard Worker/%/... \ 540*1c60b9acSAndroid Build Coastguard Worker/%/../ \ 541*1c60b9acSAndroid Build Coastguard Worker/%/..a \ 542*1c60b9acSAndroid Build Coastguard Worker/%/..w \ 543*1c60b9acSAndroid Build Coastguard Worker/%/..? \ 544*1c60b9acSAndroid Build Coastguard Worker/%/..% \ 545*1c60b9acSAndroid Build Coastguard Worker/%//.. \ 546*1c60b9acSAndroid Build Coastguard Worker/%a../ \ 547*1c60b9acSAndroid Build Coastguard Worker/%a/.. \ 548*1c60b9acSAndroid Build Coastguard Worker/%w../ \ 549*1c60b9acSAndroid Build Coastguard Worker/%w/.. \ 550*1c60b9acSAndroid Build Coastguard Worker/%?../ \ 551*1c60b9acSAndroid Build Coastguard Worker/%?/.. \ 552*1c60b9acSAndroid Build Coastguard Worker/%%../ \ 553*1c60b9acSAndroid Build Coastguard Worker/%%/.. \ 554*1c60b9acSAndroid Build Coastguard Worker/a/w/../a \ 555*1c60b9acSAndroid Build Coastguard Worker/path/to/dir/../other/dir \ 556*1c60b9acSAndroid Build Coastguard Worker; do 557*1c60b9acSAndroid Build Coastguard WorkerLEN=`stat $LOG -c %s` 558*1c60b9acSAndroid Build Coastguard Workerrm -f /tmp/lwscap1 559*1c60b9acSAndroid Build Coastguard Workerecho -n -e "GET $i HTTP/1.0\r\n\r\n" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap1 560*1c60b9acSAndroid Build Coastguard WorkerR=`cat /tmp/lwscap1| head -n 1 | cut -d' ' -f 2` 561*1c60b9acSAndroid Build Coastguard Worker#cat $LOG 562*1c60b9acSAndroid Build Coastguard Worker#echo ==== $R 563*1c60b9acSAndroid Build Coastguard Worker 564*1c60b9acSAndroid Build Coastguard Worker 565*1c60b9acSAndroid Build Coastguard Workerif [ "$R" != "403" ]; then 566*1c60b9acSAndroid Build Coastguard Worker U=`dd if=$LOG bs=1 skip=$LEN 2>/dev/null| grep "Method:" | tr -s ' ' | cut -d"'" -f4` 567*1c60b9acSAndroid Build Coastguard Worker#dd if=$LOG bs=1 skip=$LEN 2>/dev/null 568*1c60b9acSAndroid Build Coastguard Worker echo "- \"$i\" -> $R \"$U\"" >>/tmp/results 569*1c60b9acSAndroid Build Coastguard Workerelse 570*1c60b9acSAndroid Build Coastguard Worker echo "- \"$i\" -> $R" >>/tmp/results 571*1c60b9acSAndroid Build Coastguard Workerfi 572*1c60b9acSAndroid Build Coastguard Workerdone 573*1c60b9acSAndroid Build Coastguard Worker 574*1c60b9acSAndroid Build Coastguard Workercat <<EOF >/tmp/lwsresult1 575*1c60b9acSAndroid Build Coastguard Worker- "/..../" -> 404 "/..../" 576*1c60b9acSAndroid Build Coastguard Worker- "/.../." -> 404 "/.../" 577*1c60b9acSAndroid Build Coastguard Worker- "/...//" -> 404 "/.../" 578*1c60b9acSAndroid Build Coastguard Worker- "/.../a" -> 404 "/.../a" 579*1c60b9acSAndroid Build Coastguard Worker- "/.../w" -> 404 "/.../w" 580*1c60b9acSAndroid Build Coastguard Worker- "/.../?" -> 404 "/.../" 581*1c60b9acSAndroid Build Coastguard Worker- "/.../%" -> 403 582*1c60b9acSAndroid Build Coastguard Worker- "/../.." -> 200 "/" 583*1c60b9acSAndroid Build Coastguard Worker- "/.././" -> 200 "/" 584*1c60b9acSAndroid Build Coastguard Worker- "/../.a" -> 404 "/.a" 585*1c60b9acSAndroid Build Coastguard Worker- "/../.w" -> 404 "/.w" 586*1c60b9acSAndroid Build Coastguard Worker- "/../.." -> 200 "/" 587*1c60b9acSAndroid Build Coastguard Worker- "/../.%" -> 403 588*1c60b9acSAndroid Build Coastguard Worker- "/..//." -> 200 "/" 589*1c60b9acSAndroid Build Coastguard Worker- "/..///" -> 200 "/" 590*1c60b9acSAndroid Build Coastguard Worker- "/..//a" -> 404 "/a" 591*1c60b9acSAndroid Build Coastguard Worker- "/..//w" -> 404 "/w" 592*1c60b9acSAndroid Build Coastguard Worker- "/..//?" -> 200 "/" 593*1c60b9acSAndroid Build Coastguard Worker- "/..//%" -> 403 594*1c60b9acSAndroid Build Coastguard Worker- "/../a." -> 404 "/a." 595*1c60b9acSAndroid Build Coastguard Worker- "/../a/" -> 404 "/a/" 596*1c60b9acSAndroid Build Coastguard Worker- "/../aa" -> 404 "/aa" 597*1c60b9acSAndroid Build Coastguard Worker- "/../aw" -> 404 "/aw" 598*1c60b9acSAndroid Build Coastguard Worker- "/../a?" -> 404 "/a" 599*1c60b9acSAndroid Build Coastguard Worker- "/../a%" -> 403 600*1c60b9acSAndroid Build Coastguard Worker- "/../w." -> 404 "/w." 601*1c60b9acSAndroid Build Coastguard Worker- "/../w/" -> 404 "/w/" 602*1c60b9acSAndroid Build Coastguard Worker- "/../wa" -> 404 "/wa" 603*1c60b9acSAndroid Build Coastguard Worker- "/../ww" -> 404 "/ww" 604*1c60b9acSAndroid Build Coastguard Worker- "/../w?" -> 404 "/w" 605*1c60b9acSAndroid Build Coastguard Worker- "/../w%" -> 403 606*1c60b9acSAndroid Build Coastguard Worker- "/../?." -> 200 "/" 607*1c60b9acSAndroid Build Coastguard Worker- "/../?/" -> 200 "/" 608*1c60b9acSAndroid Build Coastguard Worker- "/../?a" -> 200 "/" 609*1c60b9acSAndroid Build Coastguard Worker- "/../?w" -> 200 "/" 610*1c60b9acSAndroid Build Coastguard Worker- "/../??" -> 200 "/" 611*1c60b9acSAndroid Build Coastguard Worker- "/../?%" -> 403 612*1c60b9acSAndroid Build Coastguard Worker- "/../%." -> 403 613*1c60b9acSAndroid Build Coastguard Worker- "/../%/" -> 403 614*1c60b9acSAndroid Build Coastguard Worker- "/../%a" -> 403 615*1c60b9acSAndroid Build Coastguard Worker- "/../%w" -> 403 616*1c60b9acSAndroid Build Coastguard Worker- "/../%?" -> 403 617*1c60b9acSAndroid Build Coastguard Worker- "/../%%" -> 403 618*1c60b9acSAndroid Build Coastguard Worker- "/./..." -> 404 "/..." 619*1c60b9acSAndroid Build Coastguard Worker- "/./../" -> 200 "/" 620*1c60b9acSAndroid Build Coastguard Worker- "/./..a" -> 404 "/..a" 621*1c60b9acSAndroid Build Coastguard Worker- "/./..w" -> 404 "/..w" 622*1c60b9acSAndroid Build Coastguard Worker- "/./..?" -> 200 "/" 623*1c60b9acSAndroid Build Coastguard Worker- "/./..%" -> 403 624*1c60b9acSAndroid Build Coastguard Worker- "/.//.." -> 200 "/" 625*1c60b9acSAndroid Build Coastguard Worker- "/.a../" -> 404 "/.a../" 626*1c60b9acSAndroid Build Coastguard Worker- "/.a/.." -> 200 "/" 627*1c60b9acSAndroid Build Coastguard Worker- "/.w../" -> 404 "/.w../" 628*1c60b9acSAndroid Build Coastguard Worker- "/.w/.." -> 200 "/" 629*1c60b9acSAndroid Build Coastguard Worker- "/.?../" -> 404 "/." 630*1c60b9acSAndroid Build Coastguard Worker- "/../.." -> 200 "/" 631*1c60b9acSAndroid Build Coastguard Worker- "/.%../" -> 403 632*1c60b9acSAndroid Build Coastguard Worker- "/.%/.." -> 403 633*1c60b9acSAndroid Build Coastguard Worker- "//...." -> 404 "/...." 634*1c60b9acSAndroid Build Coastguard Worker- "//.../" -> 404 "/.../" 635*1c60b9acSAndroid Build Coastguard Worker- "//...a" -> 404 "/...a" 636*1c60b9acSAndroid Build Coastguard Worker- "//...w" -> 404 "/...w" 637*1c60b9acSAndroid Build Coastguard Worker- "//...?" -> 404 "/..." 638*1c60b9acSAndroid Build Coastguard Worker- "//...%" -> 403 639*1c60b9acSAndroid Build Coastguard Worker- "//../." -> 200 "/" 640*1c60b9acSAndroid Build Coastguard Worker- "//..//" -> 200 "/" 641*1c60b9acSAndroid Build Coastguard Worker- "//../a" -> 404 "/a" 642*1c60b9acSAndroid Build Coastguard Worker- "//../w" -> 404 "/w" 643*1c60b9acSAndroid Build Coastguard Worker- "//../?" -> 200 "/" 644*1c60b9acSAndroid Build Coastguard Worker- "//../%" -> 403 645*1c60b9acSAndroid Build Coastguard Worker- "//..a." -> 404 "/..a." 646*1c60b9acSAndroid Build Coastguard Worker- "//..a/" -> 404 "/..a/" 647*1c60b9acSAndroid Build Coastguard Worker- "//..aa" -> 404 "/..aa" 648*1c60b9acSAndroid Build Coastguard Worker- "//..aw" -> 404 "/..aw" 649*1c60b9acSAndroid Build Coastguard Worker- "//..a?" -> 404 "/..a" 650*1c60b9acSAndroid Build Coastguard Worker- "//..a%" -> 403 651*1c60b9acSAndroid Build Coastguard Worker- "//..w." -> 404 "/..w." 652*1c60b9acSAndroid Build Coastguard Worker- "//..w/" -> 404 "/..w/" 653*1c60b9acSAndroid Build Coastguard Worker- "//..wa" -> 404 "/..wa" 654*1c60b9acSAndroid Build Coastguard Worker- "//..ww" -> 404 "/..ww" 655*1c60b9acSAndroid Build Coastguard Worker- "//..w?" -> 404 "/..w" 656*1c60b9acSAndroid Build Coastguard Worker- "//..w%" -> 403 657*1c60b9acSAndroid Build Coastguard Worker- "//..?." -> 200 "/" 658*1c60b9acSAndroid Build Coastguard Worker- "//..?/" -> 200 "/" 659*1c60b9acSAndroid Build Coastguard Worker- "//..?a" -> 404 "/a" 660*1c60b9acSAndroid Build Coastguard Worker- "//..?w" -> 404 "/w" 661*1c60b9acSAndroid Build Coastguard Worker- "//..??" -> 200 "/" 662*1c60b9acSAndroid Build Coastguard Worker- "//..?%" -> 403 663*1c60b9acSAndroid Build Coastguard Worker- "//..%." -> 403 664*1c60b9acSAndroid Build Coastguard Worker- "//..%/" -> 403 665*1c60b9acSAndroid Build Coastguard Worker- "//..%a" -> 403 666*1c60b9acSAndroid Build Coastguard Worker- "//..%w" -> 403 667*1c60b9acSAndroid Build Coastguard Worker- "//..%?" -> 403 668*1c60b9acSAndroid Build Coastguard Worker- "//..%%" -> 403 669*1c60b9acSAndroid Build Coastguard Worker- "//./.." -> 200 "/" 670*1c60b9acSAndroid Build Coastguard Worker- "///..." -> 404 "/..." 671*1c60b9acSAndroid Build Coastguard Worker- "///../" -> 200 "/" 672*1c60b9acSAndroid Build Coastguard Worker- "///..a" -> 404 "/..a" 673*1c60b9acSAndroid Build Coastguard Worker- "///..w" -> 404 "/..w" 674*1c60b9acSAndroid Build Coastguard Worker- "///..?" -> 200 "/" 675*1c60b9acSAndroid Build Coastguard Worker- "///..%" -> 403 676*1c60b9acSAndroid Build Coastguard Worker- "////.." -> 200 "/" 677*1c60b9acSAndroid Build Coastguard Worker- "//a../" -> 404 "/a../" 678*1c60b9acSAndroid Build Coastguard Worker- "//a/.." -> 200 "/" 679*1c60b9acSAndroid Build Coastguard Worker- "//w../" -> 404 "/w../" 680*1c60b9acSAndroid Build Coastguard Worker- "//w/.." -> 200 "/" 681*1c60b9acSAndroid Build Coastguard Worker- "//?../" -> 200 "/" 682*1c60b9acSAndroid Build Coastguard Worker- "//?/.." -> 200 "/" 683*1c60b9acSAndroid Build Coastguard Worker- "//%../" -> 403 684*1c60b9acSAndroid Build Coastguard Worker- "//%/.." -> 403 685*1c60b9acSAndroid Build Coastguard Worker- "/a.../" -> 404 "/a.../" 686*1c60b9acSAndroid Build Coastguard Worker- "/a../." -> 404 "/a../" 687*1c60b9acSAndroid Build Coastguard Worker- "/a..//" -> 404 "/a../" 688*1c60b9acSAndroid Build Coastguard Worker- "/a../a" -> 404 "/a../a" 689*1c60b9acSAndroid Build Coastguard Worker- "/a../w" -> 404 "/a../w" 690*1c60b9acSAndroid Build Coastguard Worker- "/a../?" -> 404 "/a../" 691*1c60b9acSAndroid Build Coastguard Worker- "/a../%" -> 403 692*1c60b9acSAndroid Build Coastguard Worker- "/a./.." -> 200 "/" 693*1c60b9acSAndroid Build Coastguard Worker- "/a/..." -> 404 "/a/..." 694*1c60b9acSAndroid Build Coastguard Worker- "/a/../" -> 200 "/" 695*1c60b9acSAndroid Build Coastguard Worker- "/a/..a" -> 404 "/a/..a" 696*1c60b9acSAndroid Build Coastguard Worker- "/a/..w" -> 404 "/a/..w" 697*1c60b9acSAndroid Build Coastguard Worker- "/a/..?" -> 200 "/" 698*1c60b9acSAndroid Build Coastguard Worker- "/a/..%" -> 403 699*1c60b9acSAndroid Build Coastguard Worker- "/a//.." -> 200 "/" 700*1c60b9acSAndroid Build Coastguard Worker- "/aa../" -> 404 "/aa../" 701*1c60b9acSAndroid Build Coastguard Worker- "/aa/.." -> 200 "/" 702*1c60b9acSAndroid Build Coastguard Worker- "/aw../" -> 404 "/aw../" 703*1c60b9acSAndroid Build Coastguard Worker- "/aw/.." -> 200 "/" 704*1c60b9acSAndroid Build Coastguard Worker- "/a?../" -> 404 "/a" 705*1c60b9acSAndroid Build Coastguard Worker- "/a?/.." -> 404 "/a" 706*1c60b9acSAndroid Build Coastguard Worker- "/a%../" -> 403 707*1c60b9acSAndroid Build Coastguard Worker- "/a%/.." -> 403 708*1c60b9acSAndroid Build Coastguard Worker- "/w.../" -> 404 "/w.../" 709*1c60b9acSAndroid Build Coastguard Worker- "/w../." -> 404 "/w../" 710*1c60b9acSAndroid Build Coastguard Worker- "/w..//" -> 404 "/w../" 711*1c60b9acSAndroid Build Coastguard Worker- "/w../a" -> 404 "/w../a" 712*1c60b9acSAndroid Build Coastguard Worker- "/w../w" -> 404 "/w../w" 713*1c60b9acSAndroid Build Coastguard Worker- "/w../?" -> 404 "/w../" 714*1c60b9acSAndroid Build Coastguard Worker- "/w../%" -> 403 715*1c60b9acSAndroid Build Coastguard Worker- "/w./.." -> 200 "/" 716*1c60b9acSAndroid Build Coastguard Worker- "/w/..." -> 404 "/w/..." 717*1c60b9acSAndroid Build Coastguard Worker- "/w/../" -> 200 "/" 718*1c60b9acSAndroid Build Coastguard Worker- "/w/..a" -> 404 "/w/..a" 719*1c60b9acSAndroid Build Coastguard Worker- "/w/..w" -> 404 "/w/..w" 720*1c60b9acSAndroid Build Coastguard Worker- "/w/..?" -> 200 "/" 721*1c60b9acSAndroid Build Coastguard Worker- "/w/..%" -> 403 722*1c60b9acSAndroid Build Coastguard Worker- "/w//.." -> 200 "/" 723*1c60b9acSAndroid Build Coastguard Worker- "/wa../" -> 404 "/wa../" 724*1c60b9acSAndroid Build Coastguard Worker- "/wa/.." -> 200 "/" 725*1c60b9acSAndroid Build Coastguard Worker- "/ww../" -> 404 "/ww../" 726*1c60b9acSAndroid Build Coastguard Worker- "/ww/.." -> 200 "/" 727*1c60b9acSAndroid Build Coastguard Worker- "/w?../" -> 404 "/w" 728*1c60b9acSAndroid Build Coastguard Worker- "/w?/.." -> 404 "/w" 729*1c60b9acSAndroid Build Coastguard Worker- "/w%../" -> 403 730*1c60b9acSAndroid Build Coastguard Worker- "/w%/.." -> 403 731*1c60b9acSAndroid Build Coastguard Worker- "/?.../" -> 200 "/" 732*1c60b9acSAndroid Build Coastguard Worker- "/?../." -> 200 "/" 733*1c60b9acSAndroid Build Coastguard Worker- "/?..//" -> 200 "/" 734*1c60b9acSAndroid Build Coastguard Worker- "/?../a" -> 200 "/" 735*1c60b9acSAndroid Build Coastguard Worker- "/?../w" -> 200 "/" 736*1c60b9acSAndroid Build Coastguard Worker- "/?../?" -> 200 "/" 737*1c60b9acSAndroid Build Coastguard Worker- "/?../%" -> 403 738*1c60b9acSAndroid Build Coastguard Worker- "/?./.." -> 200 "/" 739*1c60b9acSAndroid Build Coastguard Worker- "/?/..." -> 200 "/" 740*1c60b9acSAndroid Build Coastguard Worker- "/?/../" -> 200 "/" 741*1c60b9acSAndroid Build Coastguard Worker- "/?/..a" -> 200 "/" 742*1c60b9acSAndroid Build Coastguard Worker- "/?/..w" -> 200 "/" 743*1c60b9acSAndroid Build Coastguard Worker- "/?/..?" -> 200 "/" 744*1c60b9acSAndroid Build Coastguard Worker- "/?/..%" -> 403 745*1c60b9acSAndroid Build Coastguard Worker- "/?//.." -> 200 "/" 746*1c60b9acSAndroid Build Coastguard Worker- "/?a../" -> 200 "/" 747*1c60b9acSAndroid Build Coastguard Worker- "/?a/.." -> 200 "/" 748*1c60b9acSAndroid Build Coastguard Worker- "/?w../" -> 200 "/" 749*1c60b9acSAndroid Build Coastguard Worker- "/?w/.." -> 200 "/" 750*1c60b9acSAndroid Build Coastguard Worker- "/??../" -> 200 "/" 751*1c60b9acSAndroid Build Coastguard Worker- "/??/.." -> 200 "/" 752*1c60b9acSAndroid Build Coastguard Worker- "/?%../" -> 403 753*1c60b9acSAndroid Build Coastguard Worker- "/?%/.." -> 403 754*1c60b9acSAndroid Build Coastguard Worker- "/%.../" -> 403 755*1c60b9acSAndroid Build Coastguard Worker- "/%../." -> 403 756*1c60b9acSAndroid Build Coastguard Worker- "/%..//" -> 403 757*1c60b9acSAndroid Build Coastguard Worker- "/%../a" -> 403 758*1c60b9acSAndroid Build Coastguard Worker- "/%../w" -> 403 759*1c60b9acSAndroid Build Coastguard Worker- "/%../?" -> 403 760*1c60b9acSAndroid Build Coastguard Worker- "/%../%" -> 403 761*1c60b9acSAndroid Build Coastguard Worker- "/%./.." -> 403 762*1c60b9acSAndroid Build Coastguard Worker- "/%/..." -> 403 763*1c60b9acSAndroid Build Coastguard Worker- "/%/../" -> 403 764*1c60b9acSAndroid Build Coastguard Worker- "/%/..a" -> 403 765*1c60b9acSAndroid Build Coastguard Worker- "/%/..w" -> 403 766*1c60b9acSAndroid Build Coastguard Worker- "/%/..?" -> 403 767*1c60b9acSAndroid Build Coastguard Worker- "/%/..%" -> 403 768*1c60b9acSAndroid Build Coastguard Worker- "/%//.." -> 403 769*1c60b9acSAndroid Build Coastguard Worker- "/%a../" -> 403 770*1c60b9acSAndroid Build Coastguard Worker- "/%a/.." -> 403 771*1c60b9acSAndroid Build Coastguard Worker- "/%w../" -> 403 772*1c60b9acSAndroid Build Coastguard Worker- "/%w/.." -> 403 773*1c60b9acSAndroid Build Coastguard Worker- "/%?../" -> 403 774*1c60b9acSAndroid Build Coastguard Worker- "/%?/.." -> 403 775*1c60b9acSAndroid Build Coastguard Worker- "/%%../" -> 403 776*1c60b9acSAndroid Build Coastguard Worker- "/%%/.." -> 403 777*1c60b9acSAndroid Build Coastguard Worker- "/a/w/../a" -> 404 "/a/a" 778*1c60b9acSAndroid Build Coastguard Worker- "/path/to/dir/../other/dir" -> 404 "/path/to/other/dir" 779*1c60b9acSAndroid Build Coastguard WorkerEOF 780*1c60b9acSAndroid Build Coastguard Worker 781*1c60b9acSAndroid Build Coastguard Workerif [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then 782*1c60b9acSAndroid Build Coastguard Worker echo "Differences..." 783*1c60b9acSAndroid Build Coastguard Worker diff -urN /tmp/lwsresult1 /tmp/results 784*1c60b9acSAndroid Build Coastguard Worker cat /tmp/lwscap1 785*1c60b9acSAndroid Build Coastguard Worker ls -l /tmp/results 786*1c60b9acSAndroid Build Coastguard Worker cat /tmp/results 787*1c60b9acSAndroid Build Coastguard Worker# this is currently broken on travis 788*1c60b9acSAndroid Build Coastguard Worker# exit 1 789*1c60b9acSAndroid Build Coastguard Workerelse 790*1c60b9acSAndroid Build Coastguard Worker echo "OK" 791*1c60b9acSAndroid Build Coastguard Workerfi 792*1c60b9acSAndroid Build Coastguard Worker 793*1c60b9acSAndroid Build Coastguard Worker 794*1c60b9acSAndroid Build Coastguard Workerecho 795*1c60b9acSAndroid Build Coastguard Workerecho "--- survived OK ---" 796*1c60b9acSAndroid Build Coastguard Workerkill -2 $CPID 797*1c60b9acSAndroid Build Coastguard Worker 798*1c60b9acSAndroid Build Coastguard Workerexit 0 799*1c60b9acSAndroid Build Coastguard Worker 800*1c60b9acSAndroid Build Coastguard Worker# coverage... 801*1c60b9acSAndroid Build Coastguard Worker# run the test client against mirror for one period and exit 802*1c60b9acSAndroid Build Coastguard Workerkillall libwebsockets-test-server 2>/dev/null 803*1c60b9acSAndroid Build Coastguard Workerlibwebsockets-test-server -s 2>> $LOG & 804*1c60b9acSAndroid Build Coastguard WorkerCPID=$! 805*1c60b9acSAndroid Build Coastguard Workersleep 1s 806*1c60b9acSAndroid Build Coastguard Workerlibwebsockets-test-client 127.0.0.1 -s -O 807*1c60b9acSAndroid Build Coastguard Worker 808*1c60b9acSAndroid Build Coastguard Worker# https://github.com/curl/curl/issues/1587 809*1c60b9acSAndroid Build Coastguard Workercurl -v -F text=hello -F send=SEND -F upload=@../README.md https://127.0.0.1:7681/formtest -k 810*1c60b9acSAndroid Build Coastguard Worker 811*1c60b9acSAndroid Build Coastguard Workerkill -2 $CPID 812*1c60b9acSAndroid Build Coastguard Worker 813*1c60b9acSAndroid Build Coastguard Workerexit 0 814*1c60b9acSAndroid Build Coastguard Worker 815*1c60b9acSAndroid Build Coastguard Worker 816