webrick 1.3.1 → 1.4.3

data/test/webrick/test_filehandler.rb

@@ -1,285 +0,0 @@
-require "test/unit"
-require_relative "utils.rb"
-require "webrick"
-require "stringio"
-
-class WEBrick::TestFileHandler < Test::Unit::TestCase
-  def default_file_handler(filename)
-    klass = WEBrick::HTTPServlet::DefaultFileHandler
-    klass.new(WEBrick::Config::HTTP, filename)
-  end
-
-  def windows?
-    File.directory?("\\")
-  end
-
-  def get_res_body(res)
-    if defined? res.body.read
-      res.body.read
-    else
-      res.body
-    end
-  end
-
-  def make_range_request(range_spec)
-    msg = <<-END_OF_REQUEST
-      GET / HTTP/1.0
-      Range: #{range_spec}
-
-    END_OF_REQUEST
-    return StringIO.new(msg.gsub(/^ {6}/, ""))
-  end
-
-  def make_range_response(file, range_spec)
-    req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
-    req.parse(make_range_request(range_spec))
-    res = WEBrick::HTTPResponse.new(WEBrick::Config::HTTP)
-    size = File.size(file)
-    handler = default_file_handler(file)
-    handler.make_partial_content(req, res, file, size)
-    return res
-  end
-
-  def test_make_partial_content
-    filename = __FILE__
-    filesize = File.size(filename)
-
-    res = make_range_response(filename, "bytes=#{filesize-100}-")
-    assert_match(%r{^text/plain}, res["content-type"])
-    assert_equal(get_res_body(res).size, 100)
-
-    res = make_range_response(filename, "bytes=-100")
-    assert_match(%r{^text/plain}, res["content-type"])
-    assert_equal(get_res_body(res).size, 100)
-
-    res = make_range_response(filename, "bytes=0-99")
-    assert_match(%r{^text/plain}, res["content-type"])
-    assert_equal(get_res_body(res).size, 100)
-
-    res = make_range_response(filename, "bytes=100-199")
-    assert_match(%r{^text/plain}, res["content-type"])
-    assert_equal(get_res_body(res).size, 100)
-
-    res = make_range_response(filename, "bytes=0-0")
-    assert_match(%r{^text/plain}, res["content-type"])
-    assert_equal(get_res_body(res).size, 1)
-
-    res = make_range_response(filename, "bytes=-1")
-    assert_match(%r{^text/plain}, res["content-type"])
-    assert_equal(get_res_body(res).size, 1)
-
-    res = make_range_response(filename, "bytes=0-0, -2")
-    assert_match(%r{^multipart/byteranges}, res["content-type"])
-  end
-
-  def test_filehandler
-    config = { :DocumentRoot => File.dirname(__FILE__), }
-    this_file = File.basename(__FILE__)
-    filesize = File.size(__FILE__)
-    this_data = File.open(__FILE__, "rb") {|f| f.read}
-    range = nil
-    bug2593 = '[ruby-dev:40030]'
-
-    TestWEBrick.start_httpserver(config) do |server, addr, port, log|
-      http = Net::HTTP.new(addr, port)
-      req = Net::HTTP::Get.new("/")
-      http.request(req){|res|
-        assert_equal("200", res.code, log.call)
-        assert_equal("text/html", res.content_type, log.call)
-        assert_match(/HREF="#{this_file}"/, res.body, log.call)
-      }
-      req = Net::HTTP::Get.new("/#{this_file}")
-      http.request(req){|res|
-        assert_equal("200", res.code, log.call)
-        assert_equal("text/plain", res.content_type, log.call)
-        assert_equal(File.read(__FILE__), res.body, log.call)
-      }
-
-      req = Net::HTTP::Get.new("/#{this_file}", "range"=>"bytes=#{filesize-100}-")
-      http.request(req){|res|
-        assert_equal("206", res.code, log.call)
-        assert_equal("text/plain", res.content_type, log.call)
-        assert_nothing_raised(bug2593) {range = res.content_range}
-        assert_equal((filesize-100)..(filesize-1), range, log.call)
-        assert_equal(this_data[-100..-1], res.body, log.call)
-      }
-
-      req = Net::HTTP::Get.new("/#{this_file}", "range"=>"bytes=-100")
-      http.request(req){|res|
-        assert_equal("206", res.code, log.call)
-        assert_equal("text/plain", res.content_type, log.call)
-        assert_nothing_raised(bug2593) {range = res.content_range}
-        assert_equal((filesize-100)..(filesize-1), range, log.call)
-        assert_equal(this_data[-100..-1], res.body, log.call)
-      }
-
-      req = Net::HTTP::Get.new("/#{this_file}", "range"=>"bytes=0-99")
-      http.request(req){|res|
-        assert_equal("206", res.code, log.call)
-        assert_equal("text/plain", res.content_type, log.call)
-        assert_nothing_raised(bug2593) {range = res.content_range}
-        assert_equal(0..99, range, log.call)
-        assert_equal(this_data[0..99], res.body, log.call)
-      }
-
-      req = Net::HTTP::Get.new("/#{this_file}", "range"=>"bytes=100-199")
-      http.request(req){|res|
-        assert_equal("206", res.code, log.call)
-        assert_equal("text/plain", res.content_type, log.call)
-        assert_nothing_raised(bug2593) {range = res.content_range}
-        assert_equal(100..199, range, log.call)
-        assert_equal(this_data[100..199], res.body, log.call)
-      }
-
-      req = Net::HTTP::Get.new("/#{this_file}", "range"=>"bytes=0-0")
-      http.request(req){|res|
-        assert_equal("206", res.code, log.call)
-        assert_equal("text/plain", res.content_type, log.call)
-        assert_nothing_raised(bug2593) {range = res.content_range}
-        assert_equal(0..0, range, log.call)
-        assert_equal(this_data[0..0], res.body, log.call)
-      }
-
-      req = Net::HTTP::Get.new("/#{this_file}", "range"=>"bytes=-1")
-      http.request(req){|res|
-        assert_equal("206", res.code, log.call)
-        assert_equal("text/plain", res.content_type, log.call)
-        assert_nothing_raised(bug2593) {range = res.content_range}
-        assert_equal((filesize-1)..(filesize-1), range, log.call)
-        assert_equal(this_data[-1, 1], res.body, log.call)
-      }
-
-      req = Net::HTTP::Get.new("/#{this_file}", "range"=>"bytes=0-0, -2")
-      http.request(req){|res|
-        assert_equal("206", res.code, log.call)
-        assert_equal("multipart/byteranges", res.content_type, log.call)
-      }
-
-    end
-  end
-
-  def test_non_disclosure_name
-    config = { :DocumentRoot => File.dirname(__FILE__), }
-    this_file = File.basename(__FILE__)
-    TestWEBrick.start_httpserver(config) do |server, addr, port, log|
-      http = Net::HTTP.new(addr, port)
-      doc_root_opts = server[:DocumentRootOptions]
-      doc_root_opts[:NondisclosureName] = %w(.ht* *~ test_*)
-      req = Net::HTTP::Get.new("/")
-      http.request(req){|res|
-        assert_equal("200", res.code, log.call)
-        assert_equal("text/html", res.content_type, log.call)
-        assert_no_match(/HREF="#{File.basename(__FILE__)}"/, res.body)
-      }
-      req = Net::HTTP::Get.new("/#{this_file}")
-      http.request(req){|res|
-        assert_equal("404", res.code, log.call)
-      }
-      doc_root_opts[:NondisclosureName] = %w(.ht* *~ TEST_*)
-      http.request(req){|res|
-        assert_equal("404", res.code, log.call)
-      }
-    end
-  end
-
-  def test_directory_traversal
-    config = { :DocumentRoot => File.dirname(__FILE__), }
-    this_file = File.basename(__FILE__)
-    TestWEBrick.start_httpserver(config) do |server, addr, port, log|
-      http = Net::HTTP.new(addr, port)
-      req = Net::HTTP::Get.new("/../../")
-      http.request(req){|res| assert_equal("400", res.code, log.call) }
-      req = Net::HTTP::Get.new("/..%5c../#{File.basename(__FILE__)}")
-      http.request(req){|res| assert_equal(windows? ? "200" : "404", res.code, log.call) }
-      req = Net::HTTP::Get.new("/..%5c..%5cruby.c")
-      http.request(req){|res| assert_equal("404", res.code, log.call) }
-    end
-  end
-
-  def test_unwise_in_path
-    if windows?
-      config = { :DocumentRoot => File.dirname(__FILE__), }
-      this_file = File.basename(__FILE__)
-      TestWEBrick.start_httpserver(config) do |server, addr, port, log|
-        http = Net::HTTP.new(addr, port)
-        req = Net::HTTP::Get.new("/..%5c..")
-        http.request(req){|res| assert_equal("301", res.code, log.call) }
-      end
-    end
-  end
-
-  def test_short_filename
-    config = {
-      :CGIInterpreter => TestWEBrick::RubyBin,
-      :DocumentRoot => File.dirname(__FILE__),
-      :CGIPathEnv => ENV['PATH'],
-    }
-    TestWEBrick.start_httpserver(config) do |server, addr, port, log|
-      http = Net::HTTP.new(addr, port)
-      if windows?
-        fname = nil
-        Dir.chdir(config[:DocumentRoot]) do
-          fname = IO.popen("dir /x webrick_long_filename.cgi", "r").read.match(/\s(w.+?cgi)\s/i)[1].downcase
-        end
-      else
-        fname = "webric~1.cgi"
-      end
-      req = Net::HTTP::Get.new("/#{fname}/test")
-      http.request(req) do |res|
-        if windows?
-          assert_equal("200", res.code, log.call)
-          assert_equal("/test", res.body, log.call)
-        else
-          assert_equal("404", res.code, log.call)
-        end
-      end
-
-      req = Net::HTTP::Get.new("/.htaccess")
-      http.request(req) {|res| assert_equal("404", res.code, log.call) }
-      req = Net::HTTP::Get.new("/htacce~1")
-      http.request(req) {|res| assert_equal("404", res.code, log.call) }
-      req = Net::HTTP::Get.new("/HTACCE~1")
-      http.request(req) {|res| assert_equal("404", res.code, log.call) }
-    end
-  end
-
-  def test_script_disclosure
-    config = {
-      :CGIInterpreter => TestWEBrick::RubyBin,
-      :DocumentRoot => File.dirname(__FILE__),
-      :CGIPathEnv => ENV['PATH'],
-      :RequestCallback => Proc.new{|req, res|
-        def req.meta_vars
-          meta = super
-          meta["RUBYLIB"] = $:.join(File::PATH_SEPARATOR)
-          meta[RbConfig::CONFIG['LIBPATHENV']] = ENV[RbConfig::CONFIG['LIBPATHENV']] if RbConfig::CONFIG['LIBPATHENV']
-          return meta
-        end
-      },
-    }
-    TestWEBrick.start_httpserver(config) do |server, addr, port, log|
-      http = Net::HTTP.new(addr, port)
-
-      req = Net::HTTP::Get.new("/webrick.cgi/test")
-      http.request(req) do |res|
-        assert_equal("200", res.code, log.call)
-        assert_equal("/test", res.body, log.call)
-      end
-
-      response_assertion = Proc.new do |res|
-        if windows?
-          assert_equal("200", res.code, log.call)
-          assert_equal("/test", res.body, log.call)
-        else
-          assert_equal("404", res.code, log.call)
-        end
-      end
-      req = Net::HTTP::Get.new("/webrick.cgi%20/test")
-      http.request(req, &response_assertion)
-      req = Net::HTTP::Get.new("/webrick.cgi./test")
-      http.request(req, &response_assertion)
-      req = Net::HTTP::Get.new("/webrick.cgi::$DATA/test")
-      http.request(req, &response_assertion)
-    end
-  end
-end

data/test/webrick/test_httpauth.rb

@@ -1,167 +0,0 @@
-require "test/unit"
-require "net/http"
-require "tempfile"
-require "webrick"
-require "webrick/httpauth/basicauth"
-require_relative "utils"
-
-class TestWEBrickHTTPAuth < Test::Unit::TestCase
-  def test_basic_auth
-    TestWEBrick.start_httpserver{|server, addr, port, log|
-      realm = "WEBrick's realm"
-      path = "/basic_auth"
-
-      server.mount_proc(path){|req, res|
-        WEBrick::HTTPAuth.basic_auth(req, res, realm){|user, pass|
-          user == "webrick" && pass == "supersecretpassword"
-        }
-        res.body = "hoge"
-      }
-      http = Net::HTTP.new(addr, port)
-      g = Net::HTTP::Get.new(path)
-      g.basic_auth("webrick", "supersecretpassword")
-      http.request(g){|res| assert_equal("hoge", res.body, log.call)}
-      g.basic_auth("webrick", "not super")
-      http.request(g){|res| assert_not_equal("hoge", res.body, log.call)}
-    }
-  end
-
-  def test_basic_auth2
-    TestWEBrick.start_httpserver{|server, addr, port, log|
-      realm = "WEBrick's realm"
-      path = "/basic_auth2"
-
-      tmpfile = Tempfile.new("test_webrick_auth")
-      tmpfile.close
-      tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
-      tmp_pass.set_passwd(realm, "webrick", "supersecretpassword")
-      tmp_pass.set_passwd(realm, "foo", "supersecretpassword")
-      tmp_pass.flush
-
-      htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
-      users = []
-      htpasswd.each{|user, pass| users << user }
-      assert_equal(2, users.size, log.call)
-      assert(users.member?("webrick"), log.call)
-      assert(users.member?("foo"), log.call)
-
-      server.mount_proc(path){|req, res|
-        auth = WEBrick::HTTPAuth::BasicAuth.new(
-          :Realm => realm, :UserDB => htpasswd,
-          :Logger => server.logger
-        )
-        auth.authenticate(req, res)
-        res.body = "hoge"
-      }
-      http = Net::HTTP.new(addr, port)
-      g = Net::HTTP::Get.new(path)
-      g.basic_auth("webrick", "supersecretpassword")
-      http.request(g){|res| assert_equal("hoge", res.body, log.call)}
-      g.basic_auth("webrick", "not super")
-      http.request(g){|res| assert_not_equal("hoge", res.body, log.call)}
-    }
-  end
-
-  def test_basic_auth3
-    tmpfile = Tempfile.new("test_webrick_auth")
-    tmpfile.puts("webrick:{SHA}GJYFRpBbdchp595jlh3Bhfmgp8k=")
-    tmpfile.flush
-    assert_raise(NotImplementedError){
-      WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
-    }
-    tmpfile.close(true)
-
-    tmpfile = Tempfile.new("test_webrick_auth")
-    tmpfile.puts("webrick:$apr1$IOVMD/..$rmnOSPXr0.wwrLPZHBQZy0")
-    tmpfile.flush
-    assert_raise(NotImplementedError){
-      WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
-    }
-    tmpfile.close(true)
-  end
-
-  DIGESTRES_ = /
-    ([a-zA-z\-]+)
-      [\s\t]*(?:\r\n[\s\t]*)*
-      =
-      [\s\t]*(?:\r\n[\s\t]*)*
-      (?:
-       "((?:[^"]+|\\[\x00-\x7F])*)" |
-       ([!\#$%&'*+\-.0-9A-Z^_`a-z|~]+)
-      )/x
-
-  def test_digest_auth
-    TestWEBrick.start_httpserver{|server, addr, port, log|
-      realm = "WEBrick's realm"
-      path = "/digest_auth"
-
-      tmpfile = Tempfile.new("test_webrick_auth")
-      tmpfile.close
-      tmp_pass = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path)
-      tmp_pass.set_passwd(realm, "webrick", "supersecretpassword")
-      tmp_pass.set_passwd(realm, "foo", "supersecretpassword")
-      tmp_pass.flush
-
-      htdigest = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path)
-      users = []
-      htdigest.each{|user, pass| users << user }
-      assert_equal(2, users.size, log.call)
-      assert(users.member?("webrick"), log.call)
-      assert(users.member?("foo"), log.call)
-
-      auth = WEBrick::HTTPAuth::DigestAuth.new(
-        :Realm => realm, :UserDB => htdigest,
-        :Algorithm => 'MD5',
-        :Logger => server.logger
-      )
-      server.mount_proc(path){|req, res|
-        auth.authenticate(req, res)
-        res.body = "hoge"
-      }
-
-      Net::HTTP.start(addr, port) do |http|
-        g = Net::HTTP::Get.new(path)
-        params = {}
-        http.request(g) do |res|
-          assert_equal('401', res.code, log.call)
-          res["www-authenticate"].scan(DIGESTRES_) do |key, quoted, token|
-            params[key.downcase] = token || quoted.delete('\\')
-          end
-           params['uri'] = "http://#{addr}:#{port}#{path}"
-        end
-
-        g['Authorization'] = credentials_for_request('webrick', "supersecretpassword", params)
-        http.request(g){|res| assert_equal("hoge", res.body, log.call)}
-
-        params['algorithm'].downcase! #4936
-        g['Authorization'] = credentials_for_request('webrick', "supersecretpassword", params)
-        http.request(g){|res| assert_equal("hoge", res.body, log.call)}
-
-        g['Authorization'] = credentials_for_request('webrick', "not super", params)
-        http.request(g){|res| assert_not_equal("hoge", res.body, log.call)}
-      end
-    }
-  end
-
-  private
-  def credentials_for_request(user, password, params)
-    cnonce = "hoge"
-    nonce_count = 1
-    ha1 = "#{user}:#{params['realm']}:#{password}"
-    ha2 = "GET:#{params['uri']}"
-    request_digest =
-      "#{Digest::MD5.hexdigest(ha1)}:" \
-      "#{params['nonce']}:#{'%08x' % nonce_count}:#{cnonce}:#{params['qop']}:" \
-      "#{Digest::MD5.hexdigest(ha2)}"
-    "Digest username=\"#{user}\"" \
-      ", realm=\"#{params['realm']}\"" \
-      ", nonce=\"#{params['nonce']}\"" \
-      ", uri=\"#{params['uri']}\"" \
-      ", qop=#{params['qop']}" \
-      ", nc=#{'%08x' % nonce_count}" \
-      ", cnonce=\"#{cnonce}\"" \
-      ", response=\"#{Digest::MD5.hexdigest(request_digest)}\"" \
-      ", opaque=\"#{params['opaque']}\"" \
-      ", algorithm=#{params['algorithm']}"
-  end
-end