1#!/bin/bash 2# 3# attack the test server and try to make it fall over 4# 5# Requires the library to have been built with 6# 7# cmake .. -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_MINIMAL_EXAMPLES=1 8# 9# run it from the build dir 10 11echo 12echo "----------------------------------------------" 13echo "------- tests: lws attack.sh" 14echo 15 16SERVER=127.0.0.1 17PORT=7681 18LOG=/tmp/lwslog 19 20A=`which libwebsockets-test-server` 21INSTALLED=`dirname $A` 22 23SHAREDIR=$INSTALLED/../share/libwebsockets-test-server 24CORPUS=$SHAREDIR/test.html 25 26LWS_NC=./bin/lws-minimal-raw-netcat 27 28CPID= 29LEN=0 30 31function check { 32 kill -0 $CPID 33 if [ $? -ne 0 ] ; then 34 echo "(killed it) *******" 35 exit 1 36 fi 37 #dd if=$LOG bs=1 skip=$LEN 2>/dev/null 38 39 if [ "$1" = "default" ] ; then 40 diff /tmp/lwscap $CORPUS > /dev/null 41 if [ $? -ne 0 ] ; then 42 echo "FAIL: got something other than $CORPUS back" 43 exit 1 44 fi 45 fi 46 if [ "$1" = "defaultplusforbidden" ] ; then 47 cat $CORPUS > /tmp/plusforb 48 echo -e -n "HTTP/1.0 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb 49 diff /tmp/lwscap /tmp/plusforb > /dev/null 50 if [ $? -ne 0 ] ; then 51 cat $CORPUS > /tmp/plusforb 52 53 echo -e -n "HTTP/1.1 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb 54 diff /tmp/lwscap /tmp/plusforb > /dev/null 55 if [ $? -ne 0 ] ; then 56 57 echo "FAIL: got something other than $CORPUS + forbidden back" 58 tail -n 10 /tmp/lwscap 59 tail -n 100 $LOG 60 exit 1 61 fi 62 fi 63 fi 64 65 if [ "$1" = "forbidden" ] ; then 66 if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then 67 echo "FAIL: should have told forbidden (test server has no dirs)" 68 exit 1 69 fi 70 fi 71 72 if [ "$1" = "notfound" ] ; then 73 if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then 74 echo "FAIL: should have told not found" 75 exit 1 76 fi 77 fi 78 79 80 if [ "$1" = "rejected" ] ; then 81 if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then 82 echo "FAIL: should have told forbidden (test server has no dirs)" 83 exit 1 84 fi 85 fi 86 87 88 if [ "$1" = "media" ] ; then 89 if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then 90 echo "FAIL: should have told unknown media type" 91 exit 1 92 fi 93 fi 94 95 if [ "$1" == "0" ] ; then 96 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep "get\ \ =" | tr -s ' ' | cut -d' ' -f4-`" 97 if [ "$a" != "$2" ] ; then 98 echo "URL path '$a' not $2" 99 exit 1 100 fi 101 fi 102 103 if [ "$1" == "1" ] ; then 104 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f7-`" 105 if [ "$a" != "$2" ] ; then 106 echo "Arg 1 '$a' not $2" 107 exit 1 108 fi 109 fi 110 111 if [ "$1" == "2" ] ; then 112 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f7-`" 113 if [ "$a" != "$2" ] ; then 114 echo "Arg 2 '$a' not $2" 115 exit 1 116 fi 117 fi 118 if [ "$1" == "3" ] ; then 119 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f7-`" 120 if [ "$a" != "$2" ] ; then 121 echo "Arg 3 '$a' not $2" 122 exit 1 123 fi 124 fi 125 126 if [ -z "$1" ] ; then 127 LEN=`stat $LOG -c %s` 128 fi 129} 130 131 132rm -rf $LOG 133killall libwebsockets-test-server 2>/dev/null 134libwebsockets-test-server -d15 2>> $LOG >/dev/null & 135CPID=$! 136 137echo "Started server on PID $CPID" 138 139while [ -z "`grep ort\ 7681 $LOG`" ] ; do 140 sleep 0.5s 141done 142check 143 144echo 145echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F" 146rm -f /tmp/lwscap 147echo -n -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 148cat /tmp/lwscap 149check 1 "UPDATE_SETTINGS=1" 150check 2 "Root_Channels_1_Channel_name_http_post=?" 151check 3 "Root_Channels_1_Channel_location_http_post=?" 152check 153 154echo 155echo "---- ? processing (/cgi-bin/settings.js?key1=value1)" 156rm -f /tmp/lwscap 157echo -n -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 158check 1 "key1=value1" 159check 160 161echo 162echo "---- ? processing (/t%3dest?key1%3d2=value1)" 163rm -f /tmp/lwscap 164echo -n -e "GET /t%3dest?key1%3d2=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 165check 0 "/t=est" 166check 1 "key1_2=value1" 167check 168 169echo 170echo "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=1)" 171rm -f /tmp/lwscap 172echo -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 173check 1 "arg=1" 174check 175 176echo 177echo "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=/../.)" 178rm -f /tmp/lwscap 179echo -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 180check 1 "arg=/../." 181check 182 183echo 184echo "---- spam enough crap to not be GET" 185echo "not GET" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 186check 187 188echo 189echo "---- spam more than the name buffer of crap" 190dd if=/dev/urandom bs=1 count=80 2>/dev/null | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 191check 192 193echo 194echo "---- spam 10MB of crap" 195dd if=/dev/urandom bs=1 count=655360 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 196check 197 198echo 199echo "---- malformed URI" 200echo "GET nonsense................................................................................................................" \ 201 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap 202check 203 204echo 205echo "---- missing URI" 206echo -n -e "GET HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap 207check 208 209echo 210echo "---- repeated method" 211echo -n -e "GET blah HTTP/1.0\x0d\x0aGET blah HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap 212check 213 214echo 215echo "---- crazy header name part" 216echo -n -e "GET blah HTTP/1.0\x0d\x0a................................................................................................................" \ 217 "......................................................................................................................." \ 218 "......................................................................................................................." \ 219 "......................................................................................................................." \ 220 "......................................................................................................................." \ 221 "......................................................................................................................." \ 222 "......................................................................................................................." \ 223 "......................................................................................................................." \ 224 "......................................................................................................................." \ 225 "......................................................................................................................." \ 226 "......................................................................................................................." \ 227 "......................................................................................................................." \ 228 "......................................................................................................................." \ 229 "......................................................................................................................." \ 230 "......................................................................................................................." \ 231 "......................................................................................................................." \ 232 "......................................................................................................................." \ 233 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null 234check 235 236echo 237echo "---- excessive uri content" 238echo -n -e "GET ................................................................................................................" \ 239 "......................................................................................................................." \ 240 "......................................................................................................................." \ 241 "......................................................................................................................." \ 242 "......................................................................................................................." \ 243 "......................................................................................................................." \ 244 "......................................................................................................................." \ 245 "......................................................................................................................." \ 246 "......................................................................................................................." \ 247 "......................................................................................................................." \ 248 "......................................................................................................................." \ 249 "......................................................................................................................." \ 250 "......................................................................................................................." \ 251 "......................................................................................................................." \ 252 "......................................................................................................................." \ 253 "......................................................................................................................." \ 254 "......................................................................................................................." \ 255 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null 256check 257 258echo 259echo "---- good request but http payload coming too (test.html served then forbidden)" 260echo -n -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \ 261 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 262check defaultplusforbidden 263check 264 265echo 266echo "---- nonexistent file" 267rm -f /tmp/lwscap 268echo -n -e "GET /nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 269cat /tmp/lwscap 270check notfound 271check 272 273echo 274echo "---- relative uri path" 275rm -f /tmp/lwscap 276echo -n -e "GET nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 277check forbidden 278check 279 280echo 281echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)" 282rm -f /tmp/lwscap 283echo -n -e "GET /../../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 284check notfound 285check 286 287echo 288echo "---- directory attack 2 (/../ should be /)" 289rm -f /tmp/lwscap 290echo -e -n "GET /../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 291check default 292check 293 294echo 295echo "---- directory attack 3 (/./ should be /)" 296rm -f /tmp/lwscap 297echo -e -n "GET /./ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 298check default 299check 300 301echo 302echo "---- directory attack 4 (/blah/.. should be /)" 303rm -f /tmp/lwscap 304echo -e -n "GET /blah/.. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 305check default 306check 307 308echo 309echo "---- directory attack 5 (/blah/../ should be /)" 310rm -f /tmp/lwscap 311echo -e -n "GET /blah/../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 312check default 313check 314 315echo 316echo "---- directory attack 6 (/blah/../. should be /)" 317rm -f /tmp/lwscap 318echo -e -n "GET /blah/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 319check default 320check 321 322echo 323echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)" 324rm -f /tmp/lwscap 325echo -e -n "GET /%2e%2e%2f../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 326check notfound 327check 328 329echo 330echo "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)" 331rm -f /tmp/lwscap 332echo -e -n "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap 333check notfound 334check 335 336echo 337echo "---- http/1.1 pipelining" 338rm -f /tmp/lwscap 339wget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap 340good=`cat $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS | md5sum | cut -d' ' -f1` 341if [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then 342 echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`" 343 exit 1 344fi 345 346echo 347echo "---- mass testing uri variations" 348 349rm -f /tmp/results 350 351for i in \ 352/..../ \ 353/.../. \ 354/...// \ 355/.../a \ 356/.../w \ 357"/.../?" \ 358/.../% \ 359/../.. \ 360/.././ \ 361/../.a \ 362/../.w \ 363/../.. \ 364/../.% \ 365/..//. \ 366/../// \ 367/..//a \ 368/..//w \ 369"/..//?" \ 370/..//% \ 371/../a. \ 372/../a/ \ 373/../aa \ 374/../aw \ 375/../a? \ 376/../a% \ 377/../w. \ 378/../w/ \ 379/../wa \ 380/../ww \ 381/../w? \ 382/../w% \ 383/../?. \ 384/../?/ \ 385/../?a \ 386/../?w \ 387/../?? \ 388/../?% \ 389/../%. \ 390/../%/ \ 391/../%a \ 392/../%w \ 393/../%? \ 394/../%% \ 395/./... \ 396/./../ \ 397/./..a \ 398/./..w \ 399/./..? \ 400/./..% \ 401/.//.. \ 402/.a../ \ 403/.a/.. \ 404/.w../ \ 405/.w/.. \ 406/.?../ \ 407/../.. \ 408/.%../ \ 409/.%/.. \ 410//.... \ 411//.../ \ 412//...a \ 413//...w \ 414//...? \ 415//...% \ 416//../. \ 417//..// \ 418//../a \ 419//../w \ 420//../? \ 421//../% \ 422//..a. \ 423//..a/ \ 424//..aa \ 425//..aw \ 426//..a? \ 427//..a% \ 428//..w. \ 429//..w/ \ 430//..wa \ 431//..ww \ 432//..w? \ 433//..w% \ 434//..?. \ 435//..?/ \ 436//..?a \ 437//..?w \ 438//..?? \ 439//..?% \ 440//..%. \ 441//..%/ \ 442//..%a \ 443//..%w \ 444//..%? \ 445//..%% \ 446//./.. \ 447///... \ 448///../ \ 449///..a \ 450///..w \ 451///..? \ 452///..% \ 453////.. \ 454//a../ \ 455//a/.. \ 456//w../ \ 457//w/.. \ 458//?../ \ 459//?/.. \ 460//%../ \ 461//%/.. \ 462/a.../ \ 463/a../. \ 464/a..// \ 465/a../a \ 466/a../w \ 467/a../? \ 468/a../% \ 469/a./.. \ 470/a/... \ 471/a/../ \ 472/a/..a \ 473/a/..w \ 474/a/..? \ 475/a/..% \ 476/a//.. \ 477/aa../ \ 478/aa/.. \ 479/aw../ \ 480/aw/.. \ 481/a?../ \ 482/a?/.. \ 483/a%../ \ 484/a%/.. \ 485/w.../ \ 486/w../. \ 487/w..// \ 488/w../a \ 489/w../w \ 490/w../? \ 491/w../% \ 492/w./.. \ 493/w/... \ 494/w/../ \ 495/w/..a \ 496/w/..w \ 497/w/..? \ 498/w/..% \ 499/w//.. \ 500/wa../ \ 501/wa/.. \ 502/ww../ \ 503/ww/.. \ 504/w?../ \ 505/w?/.. \ 506/w%../ \ 507/w%/.. \ 508/?.../ \ 509/?../. \ 510/?..// \ 511/?../a \ 512/?../w \ 513/?../? \ 514/?../% \ 515/?./.. \ 516/?/... \ 517/?/../ \ 518/?/..a \ 519/?/..w \ 520/?/..? \ 521/?/..% \ 522/?//.. \ 523/?a../ \ 524/?a/.. \ 525/?w../ \ 526/?w/.. \ 527/??../ \ 528/??/.. \ 529/?%../ \ 530/?%/.. \ 531/%.../ \ 532/%../. \ 533/%..// \ 534/%../a \ 535/%../w \ 536/%../? \ 537/%../% \ 538/%./.. \ 539/%/... \ 540/%/../ \ 541/%/..a \ 542/%/..w \ 543/%/..? \ 544/%/..% \ 545/%//.. \ 546/%a../ \ 547/%a/.. \ 548/%w../ \ 549/%w/.. \ 550/%?../ \ 551/%?/.. \ 552/%%../ \ 553/%%/.. \ 554/a/w/../a \ 555/path/to/dir/../other/dir \ 556; do 557LEN=`stat $LOG -c %s` 558rm -f /tmp/lwscap1 559echo -n -e "GET $i HTTP/1.0\r\n\r\n" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap1 560R=`cat /tmp/lwscap1| head -n 1 | cut -d' ' -f 2` 561#cat $LOG 562#echo ==== $R 563 564 565if [ "$R" != "403" ]; then 566 U=`dd if=$LOG bs=1 skip=$LEN 2>/dev/null| grep "Method:" | tr -s ' ' | cut -d"'" -f4` 567#dd if=$LOG bs=1 skip=$LEN 2>/dev/null 568 echo "- \"$i\" -> $R \"$U\"" >>/tmp/results 569else 570 echo "- \"$i\" -> $R" >>/tmp/results 571fi 572done 573 574cat <<EOF >/tmp/lwsresult1 575- "/..../" -> 404 "/..../" 576- "/.../." -> 404 "/.../" 577- "/...//" -> 404 "/.../" 578- "/.../a" -> 404 "/.../a" 579- "/.../w" -> 404 "/.../w" 580- "/.../?" -> 404 "/.../" 581- "/.../%" -> 403 582- "/../.." -> 200 "/" 583- "/.././" -> 200 "/" 584- "/../.a" -> 404 "/.a" 585- "/../.w" -> 404 "/.w" 586- "/../.." -> 200 "/" 587- "/../.%" -> 403 588- "/..//." -> 200 "/" 589- "/..///" -> 200 "/" 590- "/..//a" -> 404 "/a" 591- "/..//w" -> 404 "/w" 592- "/..//?" -> 200 "/" 593- "/..//%" -> 403 594- "/../a." -> 404 "/a." 595- "/../a/" -> 404 "/a/" 596- "/../aa" -> 404 "/aa" 597- "/../aw" -> 404 "/aw" 598- "/../a?" -> 404 "/a" 599- "/../a%" -> 403 600- "/../w." -> 404 "/w." 601- "/../w/" -> 404 "/w/" 602- "/../wa" -> 404 "/wa" 603- "/../ww" -> 404 "/ww" 604- "/../w?" -> 404 "/w" 605- "/../w%" -> 403 606- "/../?." -> 200 "/" 607- "/../?/" -> 200 "/" 608- "/../?a" -> 200 "/" 609- "/../?w" -> 200 "/" 610- "/../??" -> 200 "/" 611- "/../?%" -> 403 612- "/../%." -> 403 613- "/../%/" -> 403 614- "/../%a" -> 403 615- "/../%w" -> 403 616- "/../%?" -> 403 617- "/../%%" -> 403 618- "/./..." -> 404 "/..." 619- "/./../" -> 200 "/" 620- "/./..a" -> 404 "/..a" 621- "/./..w" -> 404 "/..w" 622- "/./..?" -> 200 "/" 623- "/./..%" -> 403 624- "/.//.." -> 200 "/" 625- "/.a../" -> 404 "/.a../" 626- "/.a/.." -> 200 "/" 627- "/.w../" -> 404 "/.w../" 628- "/.w/.." -> 200 "/" 629- "/.?../" -> 404 "/." 630- "/../.." -> 200 "/" 631- "/.%../" -> 403 632- "/.%/.." -> 403 633- "//...." -> 404 "/...." 634- "//.../" -> 404 "/.../" 635- "//...a" -> 404 "/...a" 636- "//...w" -> 404 "/...w" 637- "//...?" -> 404 "/..." 638- "//...%" -> 403 639- "//../." -> 200 "/" 640- "//..//" -> 200 "/" 641- "//../a" -> 404 "/a" 642- "//../w" -> 404 "/w" 643- "//../?" -> 200 "/" 644- "//../%" -> 403 645- "//..a." -> 404 "/..a." 646- "//..a/" -> 404 "/..a/" 647- "//..aa" -> 404 "/..aa" 648- "//..aw" -> 404 "/..aw" 649- "//..a?" -> 404 "/..a" 650- "//..a%" -> 403 651- "//..w." -> 404 "/..w." 652- "//..w/" -> 404 "/..w/" 653- "//..wa" -> 404 "/..wa" 654- "//..ww" -> 404 "/..ww" 655- "//..w?" -> 404 "/..w" 656- "//..w%" -> 403 657- "//..?." -> 200 "/" 658- "//..?/" -> 200 "/" 659- "//..?a" -> 404 "/a" 660- "//..?w" -> 404 "/w" 661- "//..??" -> 200 "/" 662- "//..?%" -> 403 663- "//..%." -> 403 664- "//..%/" -> 403 665- "//..%a" -> 403 666- "//..%w" -> 403 667- "//..%?" -> 403 668- "//..%%" -> 403 669- "//./.." -> 200 "/" 670- "///..." -> 404 "/..." 671- "///../" -> 200 "/" 672- "///..a" -> 404 "/..a" 673- "///..w" -> 404 "/..w" 674- "///..?" -> 200 "/" 675- "///..%" -> 403 676- "////.." -> 200 "/" 677- "//a../" -> 404 "/a../" 678- "//a/.." -> 200 "/" 679- "//w../" -> 404 "/w../" 680- "//w/.." -> 200 "/" 681- "//?../" -> 200 "/" 682- "//?/.." -> 200 "/" 683- "//%../" -> 403 684- "//%/.." -> 403 685- "/a.../" -> 404 "/a.../" 686- "/a../." -> 404 "/a../" 687- "/a..//" -> 404 "/a../" 688- "/a../a" -> 404 "/a../a" 689- "/a../w" -> 404 "/a../w" 690- "/a../?" -> 404 "/a../" 691- "/a../%" -> 403 692- "/a./.." -> 200 "/" 693- "/a/..." -> 404 "/a/..." 694- "/a/../" -> 200 "/" 695- "/a/..a" -> 404 "/a/..a" 696- "/a/..w" -> 404 "/a/..w" 697- "/a/..?" -> 200 "/" 698- "/a/..%" -> 403 699- "/a//.." -> 200 "/" 700- "/aa../" -> 404 "/aa../" 701- "/aa/.." -> 200 "/" 702- "/aw../" -> 404 "/aw../" 703- "/aw/.." -> 200 "/" 704- "/a?../" -> 404 "/a" 705- "/a?/.." -> 404 "/a" 706- "/a%../" -> 403 707- "/a%/.." -> 403 708- "/w.../" -> 404 "/w.../" 709- "/w../." -> 404 "/w../" 710- "/w..//" -> 404 "/w../" 711- "/w../a" -> 404 "/w../a" 712- "/w../w" -> 404 "/w../w" 713- "/w../?" -> 404 "/w../" 714- "/w../%" -> 403 715- "/w./.." -> 200 "/" 716- "/w/..." -> 404 "/w/..." 717- "/w/../" -> 200 "/" 718- "/w/..a" -> 404 "/w/..a" 719- "/w/..w" -> 404 "/w/..w" 720- "/w/..?" -> 200 "/" 721- "/w/..%" -> 403 722- "/w//.." -> 200 "/" 723- "/wa../" -> 404 "/wa../" 724- "/wa/.." -> 200 "/" 725- "/ww../" -> 404 "/ww../" 726- "/ww/.." -> 200 "/" 727- "/w?../" -> 404 "/w" 728- "/w?/.." -> 404 "/w" 729- "/w%../" -> 403 730- "/w%/.." -> 403 731- "/?.../" -> 200 "/" 732- "/?../." -> 200 "/" 733- "/?..//" -> 200 "/" 734- "/?../a" -> 200 "/" 735- "/?../w" -> 200 "/" 736- "/?../?" -> 200 "/" 737- "/?../%" -> 403 738- "/?./.." -> 200 "/" 739- "/?/..." -> 200 "/" 740- "/?/../" -> 200 "/" 741- "/?/..a" -> 200 "/" 742- "/?/..w" -> 200 "/" 743- "/?/..?" -> 200 "/" 744- "/?/..%" -> 403 745- "/?//.." -> 200 "/" 746- "/?a../" -> 200 "/" 747- "/?a/.." -> 200 "/" 748- "/?w../" -> 200 "/" 749- "/?w/.." -> 200 "/" 750- "/??../" -> 200 "/" 751- "/??/.." -> 200 "/" 752- "/?%../" -> 403 753- "/?%/.." -> 403 754- "/%.../" -> 403 755- "/%../." -> 403 756- "/%..//" -> 403 757- "/%../a" -> 403 758- "/%../w" -> 403 759- "/%../?" -> 403 760- "/%../%" -> 403 761- "/%./.." -> 403 762- "/%/..." -> 403 763- "/%/../" -> 403 764- "/%/..a" -> 403 765- "/%/..w" -> 403 766- "/%/..?" -> 403 767- "/%/..%" -> 403 768- "/%//.." -> 403 769- "/%a../" -> 403 770- "/%a/.." -> 403 771- "/%w../" -> 403 772- "/%w/.." -> 403 773- "/%?../" -> 403 774- "/%?/.." -> 403 775- "/%%../" -> 403 776- "/%%/.." -> 403 777- "/a/w/../a" -> 404 "/a/a" 778- "/path/to/dir/../other/dir" -> 404 "/path/to/other/dir" 779EOF 780 781if [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then 782 echo "Differences..." 783 diff -urN /tmp/lwsresult1 /tmp/results 784 cat /tmp/lwscap1 785 ls -l /tmp/results 786 cat /tmp/results 787# this is currently broken on travis 788# exit 1 789else 790 echo "OK" 791fi 792 793 794echo 795echo "--- survived OK ---" 796kill -2 $CPID 797 798exit 0 799 800# coverage... 801# run the test client against mirror for one period and exit 802killall libwebsockets-test-server 2>/dev/null 803libwebsockets-test-server -s 2>> $LOG & 804CPID=$! 805sleep 1s 806libwebsockets-test-client 127.0.0.1 -s -O 807 808# https://github.com/curl/curl/issues/1587 809curl -v -F text=hello -F send=SEND -F upload=@../README.md https://127.0.0.1:7681/formtest -k 810 811kill -2 $CPID 812 813exit 0 814 815 816