ronin-web 0.2.1 → 0.3.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +4 -0
- data/.gemtest +0 -0
- data/.rspec +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +674 -0
- data/{History.txt → ChangeLog.md} +39 -8
- data/Gemfile +49 -0
- data/{README.txt → README.md} +56 -40
- data/Rakefile +25 -24
- data/bin/ronin-web +18 -5
- data/gemspec.yml +30 -0
- data/lib/ronin/network/{helpers → mixins}/web.rb +74 -39
- data/lib/ronin/web.rb +7 -6
- data/lib/ronin/web/extensions.rb +7 -6
- data/lib/ronin/web/extensions/nokogiri.rb +22 -0
- data/lib/ronin/web/extensions/nokogiri/xml.rb +22 -0
- data/lib/ronin/web/extensions/nokogiri/xml/attr.rb +35 -1
- data/lib/ronin/web/extensions/nokogiri/xml/document.rb +34 -4
- data/lib/ronin/web/extensions/nokogiri/xml/element.rb +36 -2
- data/lib/ronin/web/extensions/nokogiri/xml/node.rb +59 -20
- data/lib/ronin/web/extensions/nokogiri/xml/text.rb +36 -2
- data/lib/ronin/web/middleware.rb +27 -0
- data/lib/ronin/web/middleware/base.rb +144 -0
- data/lib/ronin/web/middleware/directories.rb +177 -0
- data/lib/ronin/web/middleware/files.rb +142 -0
- data/lib/ronin/web/middleware/filters.rb +28 -0
- data/lib/ronin/web/middleware/filters/campaign_filter.rb +77 -0
- data/lib/ronin/web/middleware/filters/ip_filter.rb +73 -0
- data/lib/ronin/web/middleware/filters/path_filter.rb +73 -0
- data/lib/ronin/web/middleware/filters/referer_filter.rb +71 -0
- data/lib/ronin/web/middleware/filters/user_agent_filter.rb +71 -0
- data/lib/ronin/web/middleware/filters/vhost_filter.rb +71 -0
- data/lib/ronin/web/middleware/helpers.rb +145 -0
- data/lib/ronin/web/middleware/proxy.rb +265 -0
- data/lib/ronin/web/middleware/proxy_request.rb +262 -0
- data/lib/ronin/web/middleware/request.rb +58 -0
- data/lib/ronin/web/middleware/response.rb +33 -0
- data/lib/ronin/web/middleware/router.rb +167 -0
- data/lib/ronin/web/middleware/rule.rb +103 -0
- data/lib/ronin/web/proxy.rb +7 -6
- data/lib/ronin/web/proxy/app.rb +7 -6
- data/lib/ronin/web/proxy/base.rb +14 -9
- data/lib/ronin/web/proxy/web.rb +9 -6
- data/lib/ronin/web/server.rb +7 -6
- data/lib/ronin/web/server/app.rb +7 -6
- data/lib/ronin/web/server/base.rb +209 -82
- data/lib/ronin/web/server/web.rb +10 -6
- data/lib/ronin/web/spider.rb +38 -26
- data/lib/ronin/web/version.rb +8 -7
- data/lib/ronin/web/web.rb +122 -80
- data/ronin-web.gemspec +15 -0
- data/spec/helpers/output.rb +3 -0
- data/spec/spec_helper.rb +2 -3
- data/spec/web/extensions/nokogiri_spec.rb +7 -7
- data/spec/web/{server/helpers/server.rb → helpers/rack_app.rb} +3 -14
- data/spec/web/helpers/root.rb +15 -0
- data/spec/web/helpers/root/test1.txt +1 -0
- data/spec/web/helpers/root/test1/index.html +1 -0
- data/spec/web/helpers/root/test1/test1.txt +1 -0
- data/spec/web/helpers/root/test2.txt +1 -0
- data/spec/web/helpers/root/test2/test2.txt +1 -0
- data/spec/web/helpers/root/test3.txt +1 -0
- data/spec/web/helpers/root/test3/test3.txt +1 -0
- data/spec/web/middleware/directories_spec.rb +86 -0
- data/spec/web/middleware/files_spec.rb +57 -0
- data/spec/web/middleware/filters/campaign_filter_spec.rb +30 -0
- data/spec/web/middleware/filters/ip_filter_spec.rb +25 -0
- data/spec/web/middleware/filters/path_filter_spec.rb +29 -0
- data/spec/web/middleware/filters/referer_filter_spec.rb +25 -0
- data/spec/web/middleware/filters/user_agent_filter_spec.rb +25 -0
- data/spec/web/middleware/filters/vhost_filter_spec.rb +23 -0
- data/spec/web/middleware/proxy_spec.rb +67 -0
- data/spec/web/middleware/response_spec.rb +20 -0
- data/spec/web/middleware/router_spec.rb +65 -0
- data/spec/web/middleware/rule_spec.rb +37 -0
- data/spec/web/proxy/base_spec.rb +1 -2
- data/spec/web/server/base_spec.rb +4 -13
- data/spec/web/server/classes/sub_app.rb +2 -2
- data/spec/web/server/classes/test_app.rb +1 -1
- data/spec/web/web_spec.rb +57 -67
- metadata +171 -146
- data.tar.gz.sig +0 -0
- data/Manifest.txt +0 -64
- data/lib/ronin/scanners/web.rb +0 -52
- data/lib/ronin/web/server/files.rb +0 -92
- data/lib/ronin/web/server/helpers.rb +0 -25
- data/lib/ronin/web/server/helpers/files.rb +0 -126
- data/lib/ronin/web/server/helpers/hosts.rb +0 -72
- data/lib/ronin/web/server/helpers/proxy.rb +0 -153
- data/lib/ronin/web/server/helpers/rendering.rb +0 -36
- data/lib/ronin/web/server/hosts.rb +0 -86
- data/lib/ronin/web/server/proxy.rb +0 -116
- data/spec/scanners/web_spec.rb +0 -24
- data/spec/web/helpers/root/index.html +0 -1
- data/spec/web/helpers/root/test.txt +0 -1
- data/spec/web/helpers/server.rb +0 -10
- data/spec/web/server/classes/files/dir/file.txt +0 -1
- data/spec/web/server/classes/files/dir/index.html +0 -1
- data/spec/web/server/classes/files/dir2/file2.txt +0 -1
- data/spec/web/server/classes/files/dir3/page.xml +0 -4
- data/spec/web/server/classes/files/file.txt +0 -1
- data/spec/web/server/classes/files_app.rb +0 -27
- data/spec/web/server/classes/hosts_app.rb +0 -40
- data/spec/web/server/classes/proxy_app.rb +0 -45
- data/spec/web/server/files_spec.rb +0 -74
- data/spec/web/server/hosts_spec.rb +0 -55
- data/spec/web/server/proxy_spec.rb +0 -49
- data/tasks/spec.rb +0 -10
- data/tasks/yard.rb +0 -13
- metadata.gz.sig +0 -3
@@ -1,36 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Ronin Web - A Ruby library for Ronin that provides support for web
|
3
|
-
# scraping and spidering functionality.
|
4
|
-
#
|
5
|
-
# Copyright (c) 2006-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
-
#
|
7
|
-
# This program is free software; you can redistribute it and/or modify
|
8
|
-
# it under the terms of the GNU General Public License as published by
|
9
|
-
# the Free Software Foundation; either version 2 of the License, or
|
10
|
-
# (at your option) any later version.
|
11
|
-
#
|
12
|
-
# This program is distributed in the hope that it will be useful,
|
13
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
-
# GNU General Public License for more details.
|
16
|
-
#
|
17
|
-
# You should have received a copy of the GNU General Public License
|
18
|
-
# along with this program; if not, write to the Free Software
|
19
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
20
|
-
#
|
21
|
-
|
22
|
-
require 'rack/utils'
|
23
|
-
|
24
|
-
module Ronin
|
25
|
-
module Web
|
26
|
-
module Server
|
27
|
-
module Helpers
|
28
|
-
module Rendering
|
29
|
-
include Rack::Utils
|
30
|
-
|
31
|
-
alias h escape_html
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,86 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Ronin Web - A Ruby library for Ronin that provides support for web
|
3
|
-
# scraping and spidering functionality.
|
4
|
-
#
|
5
|
-
# Copyright (c) 2006-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
-
#
|
7
|
-
# This program is free software; you can redistribute it and/or modify
|
8
|
-
# it under the terms of the GNU General Public License as published by
|
9
|
-
# the Free Software Foundation; either version 2 of the License, or
|
10
|
-
# (at your option) any later version.
|
11
|
-
#
|
12
|
-
# This program is distributed in the hope that it will be useful,
|
13
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
-
# GNU General Public License for more details.
|
16
|
-
#
|
17
|
-
# You should have received a copy of the GNU General Public License
|
18
|
-
# along with this program; if not, write to the Free Software
|
19
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
20
|
-
#
|
21
|
-
|
22
|
-
require 'ronin/web/server/helpers/hosts'
|
23
|
-
|
24
|
-
module Ronin
|
25
|
-
module Web
|
26
|
-
module Server
|
27
|
-
module Hosts
|
28
|
-
def self.included(base)
|
29
|
-
base.module_eval do
|
30
|
-
#
|
31
|
-
# Routes requests with a specific Host header to another
|
32
|
-
# web server.
|
33
|
-
#
|
34
|
-
# @param [String] name
|
35
|
-
# The host-name to route requests for.
|
36
|
-
#
|
37
|
-
# @param [Base, #call] server
|
38
|
-
# The web server to route the requests to.
|
39
|
-
#
|
40
|
-
# @example
|
41
|
-
# MyApp.host 'cdn.evil.com', EvilServer
|
42
|
-
#
|
43
|
-
# @since 0.2.0
|
44
|
-
#
|
45
|
-
def self.host(name,server)
|
46
|
-
name = name.to_s
|
47
|
-
|
48
|
-
before do
|
49
|
-
if request.host == name
|
50
|
-
halt(*server.call(request.env))
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
#
|
56
|
-
# Routes requests with a matching Host header to another web
|
57
|
-
# server.
|
58
|
-
#
|
59
|
-
# @param [Regexp, String] pattern
|
60
|
-
# The pattern to match Host headers of requests.
|
61
|
-
#
|
62
|
-
# @param [Base, #call] server
|
63
|
-
# The server to route the requests to.
|
64
|
-
#
|
65
|
-
# @example
|
66
|
-
# MyApp.hosts_like /^a[0-9]\./, FileProxy
|
67
|
-
#
|
68
|
-
# @since 0.2.0
|
69
|
-
#
|
70
|
-
def self.hosts_like(pattern,server)
|
71
|
-
before do
|
72
|
-
if request.host.match(pattern)
|
73
|
-
halt(*server.call(request.env))
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
protected
|
79
|
-
|
80
|
-
helpers Ronin::Web::Server::Helpers::Hosts
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
@@ -1,116 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Ronin Web - A Ruby library for Ronin that provides support for web
|
3
|
-
# scraping and spidering functionality.
|
4
|
-
#
|
5
|
-
# Copyright (c) 2006-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
-
#
|
7
|
-
# This program is free software; you can redistribute it and/or modify
|
8
|
-
# it under the terms of the GNU General Public License as published by
|
9
|
-
# the Free Software Foundation; either version 2 of the License, or
|
10
|
-
# (at your option) any later version.
|
11
|
-
#
|
12
|
-
# This program is distributed in the hope that it will be useful,
|
13
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
-
# GNU General Public License for more details.
|
16
|
-
#
|
17
|
-
# You should have received a copy of the GNU General Public License
|
18
|
-
# along with this program; if not, write to the Free Software
|
19
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
20
|
-
#
|
21
|
-
|
22
|
-
require 'ronin/web/server/helpers/proxy'
|
23
|
-
|
24
|
-
module Ronin
|
25
|
-
module Web
|
26
|
-
module Server
|
27
|
-
module Proxy
|
28
|
-
def self.included(base)
|
29
|
-
base.module_eval do
|
30
|
-
#
|
31
|
-
# Proxies requests to a given path.
|
32
|
-
#
|
33
|
-
# @param [String] path
|
34
|
-
# The path to proxy requests for.
|
35
|
-
#
|
36
|
-
# @param [Hash] options
|
37
|
-
# Additional options.
|
38
|
-
#
|
39
|
-
# @yield [(response), body]
|
40
|
-
# If a block is given, it will be passed the optional
|
41
|
-
# response of the proxied request and the body received
|
42
|
-
# from the proxied request.
|
43
|
-
#
|
44
|
-
# @yieldparam [Net::HTTP::Response] response
|
45
|
-
# The response.
|
46
|
-
#
|
47
|
-
# @yieldparam [String] body
|
48
|
-
# The body from the response.
|
49
|
-
#
|
50
|
-
# @example
|
51
|
-
# proxy '/login.php' do |body|
|
52
|
-
# body.gsub(/https/,'http')
|
53
|
-
# end
|
54
|
-
#
|
55
|
-
# @example
|
56
|
-
# proxy '/login*' do |response,body|
|
57
|
-
# end
|
58
|
-
#
|
59
|
-
# @since 0.2.0
|
60
|
-
#
|
61
|
-
def self.proxy(path,options={},&block)
|
62
|
-
any(path) do
|
63
|
-
proxy(options,&block)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
#
|
68
|
-
# Proxies requests to a given path.
|
69
|
-
#
|
70
|
-
# @param [String] path
|
71
|
-
# The path to proxy requests for.
|
72
|
-
#
|
73
|
-
# @param [Hash] options
|
74
|
-
# Additional options.
|
75
|
-
#
|
76
|
-
# @yield [(response), page]
|
77
|
-
# If a block is given, it will be passed the optional
|
78
|
-
# response of the proxied request and the page from the
|
79
|
-
# proxied request.
|
80
|
-
#
|
81
|
-
# @yieldparam [Net::HTTP::Response] response
|
82
|
-
# The response.
|
83
|
-
#
|
84
|
-
# @yieldparam [Nokogiri::HTML, Nokogiri::XML] page
|
85
|
-
# The page from the response.
|
86
|
-
#
|
87
|
-
# @example
|
88
|
-
# proxy '/login.php' do |page|
|
89
|
-
# body.search('@action').each do |action|
|
90
|
-
# action.inner_text = action.inner_text.gsub(
|
91
|
-
# /https/, 'http'
|
92
|
-
# )
|
93
|
-
# end
|
94
|
-
# end
|
95
|
-
#
|
96
|
-
# @example
|
97
|
-
# proxy '/login*' do |response,body|
|
98
|
-
# end
|
99
|
-
#
|
100
|
-
# @since 0.2.0
|
101
|
-
#
|
102
|
-
def self.proxy_page(path,options={},&block)
|
103
|
-
any(path) do
|
104
|
-
proxy_page(options,&block)
|
105
|
-
end
|
106
|
-
end
|
107
|
-
|
108
|
-
protected
|
109
|
-
|
110
|
-
helpers Ronin::Web::Server::Helpers::Proxy
|
111
|
-
end
|
112
|
-
end
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
data/spec/scanners/web_spec.rb
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
require 'ronin/scanners/web'
|
2
|
-
|
3
|
-
require 'spec_helper'
|
4
|
-
|
5
|
-
describe Scanners::Web do
|
6
|
-
before(:all) do
|
7
|
-
Scanners::Web.class_eval do
|
8
|
-
scanner(:test) do |page,results,options|
|
9
|
-
results.call(page.url)
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
@scanner = Scanners::Web.new(:host => 'www.example.com')
|
14
|
-
end
|
15
|
-
|
16
|
-
it "should spider every page on a website" do
|
17
|
-
@scanner.enqueue('http://www.example.com/')
|
18
|
-
@scanner.scan.should == {:test => [URI('http://www.example.com/')]}
|
19
|
-
end
|
20
|
-
|
21
|
-
it "should start spidering the first acceptable host" do
|
22
|
-
@scanner.scan.should == {:test => [URI('http://www.example.com/')]}
|
23
|
-
end
|
24
|
-
end
|
@@ -1 +0,0 @@
|
|
1
|
-
Index of files.
|
@@ -1 +0,0 @@
|
|
1
|
-
This is a test.
|
data/spec/web/helpers/server.rb
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
Another file.
|
@@ -1 +0,0 @@
|
|
1
|
-
The index.
|
@@ -1 +0,0 @@
|
|
1
|
-
Second file.
|
@@ -1 +0,0 @@
|
|
1
|
-
A file.
|
@@ -1,27 +0,0 @@
|
|
1
|
-
require 'ronin/web/server/base'
|
2
|
-
|
3
|
-
class FilesApp < Ronin::Web::Server::Base
|
4
|
-
|
5
|
-
file '/tests/file',
|
6
|
-
File.join(File.dirname(__FILE__),'files','file.txt')
|
7
|
-
|
8
|
-
file '/tests/file/missing', 'should_be_missing'
|
9
|
-
|
10
|
-
get '/tests/content_type/custom' do
|
11
|
-
return_file File.join(File.dirname(__FILE__),'files','dir3','page.xml'),
|
12
|
-
'text/plain'
|
13
|
-
end
|
14
|
-
|
15
|
-
file '/tests/content_type',
|
16
|
-
File.join(File.dirname(__FILE__),'files','dir3','page.xml')
|
17
|
-
|
18
|
-
directory '/tests/directory',
|
19
|
-
File.join(File.dirname(__FILE__),'files','dir')
|
20
|
-
|
21
|
-
directory '/tests/directory',
|
22
|
-
File.join(File.dirname(__FILE__),'files','dir2')
|
23
|
-
|
24
|
-
directory '/tests/directory/no_index',
|
25
|
-
File.join(File.dirname(__FILE__),'files','dir3')
|
26
|
-
|
27
|
-
end
|
@@ -1,40 +0,0 @@
|
|
1
|
-
require 'ronin/web/server/base'
|
2
|
-
|
3
|
-
class FTPApp < Ronin::Web::Server::Base
|
4
|
-
|
5
|
-
get '/file' do
|
6
|
-
'FTP File'
|
7
|
-
end
|
8
|
-
|
9
|
-
end
|
10
|
-
|
11
|
-
class WWWApp < Ronin::Web::Server::Base
|
12
|
-
|
13
|
-
get '/file' do
|
14
|
-
'WWW File'
|
15
|
-
end
|
16
|
-
|
17
|
-
end
|
18
|
-
|
19
|
-
class HostsApp < Ronin::Web::Server::Base
|
20
|
-
|
21
|
-
get '/tests/for_host' do
|
22
|
-
for_host('localhost') do
|
23
|
-
'Admin Response'
|
24
|
-
end
|
25
|
-
|
26
|
-
for_host(/downloads/) do
|
27
|
-
'Download Response'
|
28
|
-
end
|
29
|
-
|
30
|
-
'Generic Response'
|
31
|
-
end
|
32
|
-
|
33
|
-
host 'example.com', WWWApp
|
34
|
-
hosts_like /^ftp\./, FTPApp
|
35
|
-
|
36
|
-
get '/file' do
|
37
|
-
'Generic File'
|
38
|
-
end
|
39
|
-
|
40
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
require 'ronin/web/server/base'
|
2
|
-
|
3
|
-
class ProxyApp < Ronin::Web::Server::Base
|
4
|
-
|
5
|
-
get '/' do
|
6
|
-
proxy
|
7
|
-
end
|
8
|
-
|
9
|
-
get '/reddit/erlang' do
|
10
|
-
proxy(:host => 'www.reddit.com', :path => '/r/erlang')
|
11
|
-
end
|
12
|
-
|
13
|
-
get '/r/erlang' do
|
14
|
-
proxy do |body|
|
15
|
-
for_host(/reddit\./) do
|
16
|
-
body.gsub(/erlang/i,'Fixed Gear Bicycle')
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
get '/r/ruby' do
|
22
|
-
proxy_doc do |response,doc|
|
23
|
-
for_host(/reddit\.com/) do
|
24
|
-
doc.search('div.link').each do |link|
|
25
|
-
if link.at('a.title').inner_text =~ /rails/i
|
26
|
-
link.remove
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
get '/feed/vulnerabilities/latest.rss' do
|
34
|
-
proxy_doc do |response,doc|
|
35
|
-
for_host('osvdb.org') do
|
36
|
-
doc.search('//item').each do |item|
|
37
|
-
if item.inner_text =~ /(XSS|SQLi|SQL\s+Injection)/i
|
38
|
-
item.remove
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
end
|
@@ -1,74 +0,0 @@
|
|
1
|
-
require 'ronin/web/server/files'
|
2
|
-
require 'ronin/web/server/base'
|
3
|
-
|
4
|
-
require 'spec_helper'
|
5
|
-
require 'web/server/helpers/server'
|
6
|
-
require 'web/server/classes/files_app'
|
7
|
-
|
8
|
-
describe Web::Server::Files do
|
9
|
-
include Helpers::Web::Server
|
10
|
-
|
11
|
-
before(:all) do
|
12
|
-
self.app = FilesApp
|
13
|
-
end
|
14
|
-
|
15
|
-
it "should host individual files" do
|
16
|
-
get '/tests/file'
|
17
|
-
|
18
|
-
last_response.should be_ok
|
19
|
-
last_response.body.should == "A file.\n"
|
20
|
-
end
|
21
|
-
|
22
|
-
it "should automatically set the content_type for files" do
|
23
|
-
get '/tests/content_type'
|
24
|
-
|
25
|
-
last_response.should be_ok
|
26
|
-
last_response.content_type.should =~ /\/xml$/
|
27
|
-
end
|
28
|
-
|
29
|
-
it "should allow overriding the content_type of files" do
|
30
|
-
get '/tests/content_type/custom'
|
31
|
-
|
32
|
-
last_response.should be_ok
|
33
|
-
last_response.content_type.should == 'text/plain'
|
34
|
-
end
|
35
|
-
|
36
|
-
it "should ignore missing files that are hosted" do
|
37
|
-
get '/test/missing'
|
38
|
-
|
39
|
-
last_response.should_not be_ok
|
40
|
-
end
|
41
|
-
|
42
|
-
it "should host the contents of a directory" do
|
43
|
-
get '/tests/directory/file.txt'
|
44
|
-
|
45
|
-
last_response.should be_ok
|
46
|
-
last_response.body.should == "Another file.\n"
|
47
|
-
end
|
48
|
-
|
49
|
-
it "should prevent directory traversal when hosting a directory" do
|
50
|
-
get '/test/directory/./././//..///.///..///./../files_spec.rb'
|
51
|
-
|
52
|
-
last_response.should_not be_ok
|
53
|
-
end
|
54
|
-
|
55
|
-
it "should host the contents of directories that share a common path" do
|
56
|
-
get '/tests/directory/file2.txt'
|
57
|
-
|
58
|
-
last_response.should be_ok
|
59
|
-
last_response.body.should == "Second file.\n"
|
60
|
-
end
|
61
|
-
|
62
|
-
it "should search for index files within a directory" do
|
63
|
-
get '/tests/directory/'
|
64
|
-
|
65
|
-
last_response.should be_ok
|
66
|
-
last_response.body.should == "The index.\n"
|
67
|
-
end
|
68
|
-
|
69
|
-
it "should not return anything if there is no index file was found" do
|
70
|
-
get '/tests/directory/no_index/'
|
71
|
-
|
72
|
-
last_response.should_not be_ok
|
73
|
-
end
|
74
|
-
end
|