projects / platform / upstream / libwebsockets.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
libwebsockets-test-server-v2.0 showing how to use mounts and plugins
[platform/upstream/libwebsockets.git] / test-server / attack.sh
1 #!/bin/bash
2 #
3 # attack the test server and try to make it fall over
4 #
5 SERVER=127.0.0.1
6 PORT=7681
7 LOG=/tmp/lwslog
8
9 A=`which libwebsockets-test-server`
10 INSTALLED=`dirname $A`
11
12 CPID=
13 LEN=0
14
15 function check {
16         kill -0 $CPID
17         if [ $? -ne 0 ] ; then
18                 echo "(killed it) *******"
19                 exit 1
20         fi
21         dd if=$LOG bs=1 skip=$LEN 2>/dev/null
22
23         if [ "$1" = "default" ] ; then
24                 diff /tmp/lwscap $INSTALLED/../share/libwebsockets-test-server/test.html > /dev/null
25                 if [ $? -ne 0 ] ; then
26                         echo "FAIL: got something other than test.html back"
27                         exit 1
28                 fi
29         fi
30
31         if [ "$1" = "forbidden" ] ; then
32                 if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then
33                         echo "FAIL: should have told forbidden (test server has no dirs)"
34                         exit 1
35                 fi
36         fi
37
38         if [ "$1" = "rejected" ] ; then
39                 if [ -z "`grep '<h1>406</h1>' /tmp/lwscap`" ] ; then
40                         echo "FAIL: should have told forbidden (test server has no dirs)"
41                         exit 1
42                 fi
43         fi
44
45
46         if [ "$1" = "media" ] ; then
47                 if [ -z "`grep '<h1>415</h1>' /tmp/lwscap`" ] ; then
48                         echo "FAIL: should have told unknown media type"
49                         exit 1
50                 fi
51         fi
52
53         if [ "$1" == "1" ] ; then
54                 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f5-`"
55                 if [ "$a" != "$2" ] ; then
56                         echo "Arg 1 '$a' not $2"
57                         exit 1
58                 fi
59         fi
60
61         if [ "$1" == "2" ] ; then
62                 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f5-`"
63                 if [ "$a" != "$2" ] ; then
64                         echo "Arg 2 '$a' not $2"
65                         exit 1
66                 fi
67         fi
68         if [ "$1" == "3" ] ; then
69                 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f5-`"
70                 if [ "$a" != "$2" ] ; then
71                         echo "Arg 3 '$a' not $2"
72                         exit 1
73                 fi
74         fi
75
76         if [ -z "$1" ] ; then
77                 LEN=`stat $LOG -c %s`
78         fi
79 }
80
81
82 rm -rf $LOG
83 killall libwebsockets-test-server 2>/dev/null
84 libwebsockets-test-server -d15 2>> $LOG &
85 CPID=$!
86
87 while [ -z "`grep Listening $LOG`" ] ; do
88         sleep 0.5s
89 done
90 check
91
92 echo
93 echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F"
94 rm -f /tmp/lwscap
95 echo -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
96 check 1 "UPDATE_SETTINGS=1"
97 check 2 "Root_Channels_1_Channel_name_http_post=?"
98 check 3 "Root_Channels_1_Channel_location_http_post=?"
99 check
100
101 echo
102 echo "---- ? processing (/cgi-bin/settings.js?key1=value1)"
103 rm -f /tmp/lwscap
104 echo -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
105 check 1 "key1=value1"
106 check
107
108 echo
109 echo "---- ? processing (/test?key1%3d2=value1)"
110 rm -f /tmp/lwscap
111 echo -e "GET /test?key1%3d2=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
112 check 1 "key1_2=value1"
113 check
114
115 echo
116 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)"
117 rm -f /tmp/lwscap
118 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
119 check 1 "arg=1"
120 check
121
122 echo
123 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=/../.)"
124 rm -f /tmp/lwscap
125 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
126 check 1 "arg=/../."
127 check
128
129 echo
130 echo "---- spam enough crap to not be GET"
131 echo "not GET" | nc $SERVER $PORT
132 check
133
134 echo
135 echo "---- spam more than the name buffer of crap"
136 dd if=/dev/urandom bs=1 count=80 2>/dev/null | nc -i1s $SERVER $PORT
137 check
138
139 echo
140 echo "---- spam 10MB of crap"
141 dd if=/dev/urandom bs=1 count=655360 | nc -i1s $SERVER $PORT
142 check
143
144 echo
145 echo "---- malformed URI"
146 echo "GET nonsense................................................................................................................" \
147         | nc -i1s $SERVER $PORT
148 check
149
150 echo
151 echo "---- missing URI"
152 echo -e "GET HTTP/1.1\x0d\x0a\x0d\x0a" | nc -i1s $SERVER $PORT >/tmp/lwscap
153 check
154
155 echo
156 echo "---- repeated method"
157 echo -e "GET blah HTTP/1.1\x0d\x0aGET blah HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT >/tmp/lwscap 
158 check
159
160 echo
161 echo "---- crazy header name part"
162 echo -e "GET blah HTTP/1.1\x0d\x0a................................................................................................................" \
163         "......................................................................................................................." \
164         "......................................................................................................................." \
165         "......................................................................................................................." \
166         "......................................................................................................................." \
167         "......................................................................................................................." \
168         "......................................................................................................................." \
169         "......................................................................................................................." \
170         "......................................................................................................................." \
171         "......................................................................................................................." \
172         "......................................................................................................................." \
173         "......................................................................................................................." \
174         "......................................................................................................................." \
175         "......................................................................................................................." \
176         "......................................................................................................................." \
177         "......................................................................................................................." \
178         "......................................................................................................................." \
179  | nc -i1s $SERVER $PORT
180 check
181
182 echo
183 echo "---- excessive uri content"
184 echo -e "GET ................................................................................................................" \
185         "......................................................................................................................." \
186         "......................................................................................................................." \
187         "......................................................................................................................." \
188         "......................................................................................................................." \
189         "......................................................................................................................." \
190         "......................................................................................................................." \
191         "......................................................................................................................." \
192         "......................................................................................................................." \
193         "......................................................................................................................." \
194         "......................................................................................................................." \
195         "......................................................................................................................." \
196         "......................................................................................................................." \
197         "......................................................................................................................." \
198         "......................................................................................................................." \
199         "......................................................................................................................." \
200         "......................................................................................................................." \
201  | nc -i1s $SERVER $PORT
202 check
203
204 echo
205 echo "---- good request but http payload coming too (should be ignored and test.html served)"
206 echo -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \
207         "......................................................................................................................." \
208         "......................................................................................................................." \
209         "......................................................................................................................." \
210         "......................................................................................................................." \
211         "......................................................................................................................." \
212         "......................................................................................................................." \
213         "......................................................................................................................." \
214         "......................................................................................................................." \
215         "......................................................................................................................." \
216         "......................................................................................................................." \
217         "......................................................................................................................." \
218         "......................................................................................................................." \
219         "......................................................................................................................." \
220         "......................................................................................................................." \
221         "......................................................................................................................." \
222          | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
223 check default
224 check
225
226 echo
227 echo "---- nonexistant file"
228 rm -f /tmp/lwscap
229 echo -e "GET /nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
230 check media
231 check
232
233 echo
234 echo "---- relative uri path"
235 rm -f /tmp/lwscap
236 echo -e "GET nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
237 check forbidden
238 check
239
240 echo
241 echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)"
242 rm -f /tmp/lwscap
243 echo -e "GET /../../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
244 check rejected
245 check
246
247 echo
248 echo "---- directory attack 2 (/../ should be /)"
249 rm -f /tmp/lwscap
250 echo -e "GET /../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
251 check default
252 check
253
254 echo
255 echo "---- directory attack 3 (/./ should be /)"
256 rm -f /tmp/lwscap
257 echo -e "GET /./ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
258 check default
259 check
260
261 echo
262 echo "---- directory attack 4 (/blah/.. should be /)"
263 rm -f /tmp/lwscap
264 echo -e "GET /blah/.. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
265 check default
266 check
267
268 echo
269 echo "---- directory attack 5 (/blah/../ should be /)"
270 rm -f /tmp/lwscap
271 echo -e "GET /blah/../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
272 check default
273 check
274
275 echo
276 echo "---- directory attack 6 (/blah/../. should be /)"
277 rm -f /tmp/lwscap
278 echo -e "GET /blah/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
279 check default
280 check
281
282 echo
283 echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)"
284 rm -f /tmp/lwscap
285 echo -e "GET /%2e%2e%2f../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
286 check rejected
287 check
288
289 echo
290 echo "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)"
291 rm -f /tmp/lwscap
292 echo -e "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
293 check rejected
294 check
295
296 echo
297 echo "---- http/1.1 pipelining"
298 rm -f /tmp/lwscap
299 wget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap
300 good=`cat $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html | md5sum | cut -d' ' -f1`
301 if [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then
302         echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`"
303         exit 1
304 fi
305
306 echo
307 echo "---- mass testing uri variations"
308
309 rm -f /tmp/results
310
311 for i in \
312 /..../ \
313 /.../. \
314 /...// \
315 /.../a \
316 /.../w \
317 /.../? \
318 /.../% \
319 /../.. \
320 /.././ \
321 /../.a \
322 /../.w \
323 /../.. \
324 /../.% \
325 /..//. \
326 /../// \
327 /..//a \
328 /..//w \
329 /..//? \
330 /..//% \
331 /../a. \
332 /../a/ \
333 /../aa \
334 /../aw \
335 /../a? \
336 /../a% \
337 /../w. \
338 /../w/ \
339 /../wa \
340 /../ww \
341 /../w? \
342 /../w% \
343 /../?. \
344 /../?/ \
345 /../?a \
346 /../?w \
347 /../?? \
348 /../?% \
349 /../%. \
350 /../%/ \
351 /../%a \
352 /../%w \
353 /../%? \
354 /../%% \
355 /./... \
356 /./../ \
357 /./..a \
358 /./..w \
359 /./..? \
360 /./..% \
361 /.//.. \
362 /.a../ \
363 /.a/.. \
364 /.w../ \
365 /.w/.. \
366 /.?../ \
367 /../.. \
368 /.%../ \
369 /.%/.. \
370 //.... \
371 //.../ \
372 //...a \
373 //...w \
374 //...? \
375 //...% \
376 //../. \
377 //..// \
378 //../a \
379 //../w \
380 //../? \
381 //../% \
382 //..a. \
383 //..a/ \
384 //..aa \
385 //..aw \
386 //..a? \
387 //..a% \
388 //..w. \
389 //..w/ \
390 //..wa \
391 //..ww \
392 //..w? \
393 //..w% \
394 //..?. \
395 //..?/ \
396 //..?a \
397 //..?w \
398 //..?? \
399 //..?% \
400 //..%. \
401 //..%/ \
402 //..%a \
403 //..%w \
404 //..%? \
405 //..%% \
406 //./.. \
407 ///... \
408 ///../ \
409 ///..a \
410 ///..w \
411 ///..? \
412 ///..% \
413 ////.. \
414 //a../ \
415 //a/.. \
416 //w../ \
417 //w/.. \
418 //?../ \
419 //?/.. \
420 //%../ \
421 //%/.. \
422 /a.../ \
423 /a../. \
424 /a..// \
425 /a../a \
426 /a../w \
427 /a../? \
428 /a../% \
429 /a./.. \
430 /a/... \
431 /a/../ \
432 /a/..a \
433 /a/..w \
434 /a/..? \
435 /a/..% \
436 /a//.. \
437 /aa../ \
438 /aa/.. \
439 /aw../ \
440 /aw/.. \
441 /a?../ \
442 /a?/.. \
443 /a%../ \
444 /a%/.. \
445 /w.../ \
446 /w../. \
447 /w..// \
448 /w../a \
449 /w../w \
450 /w../? \
451 /w../% \
452 /w./.. \
453 /w/... \
454 /w/../ \
455 /w/..a \
456 /w/..w \
457 /w/..? \
458 /w/..% \
459 /w//.. \
460 /wa../ \
461 /wa/.. \
462 /ww../ \
463 /ww/.. \
464 /w?../ \
465 /w?/.. \
466 /w%../ \
467 /w%/.. \
468 /?.../ \
469 /?../. \
470 /?..// \
471 /?../a \
472 /?../w \
473 /?../? \
474 /?../% \
475 /?./.. \
476 /?/... \
477 /?/../ \
478 /?/..a \
479 /?/..w \
480 /?/..? \
481 /?/..% \
482 /?//.. \
483 /?a../ \
484 /?a/.. \
485 /?w../ \
486 /?w/.. \
487 /??../ \
488 /??/.. \
489 /?%../ \
490 /?%/.. \
491 /%.../ \
492 /%../. \
493 /%..// \
494 /%../a \
495 /%../w \
496 /%../? \
497 /%../% \
498 /%./.. \
499 /%/... \
500 /%/../ \
501 /%/..a \
502 /%/..w \
503 /%/..? \
504 /%/..% \
505 /%//.. \
506 /%a../ \
507 /%a/.. \
508 /%w../ \
509 /%w/.. \
510 /%?../ \
511 /%?/.. \
512 /%%../ \
513 /%%/.. \
514 /a/w/../a \
515 /path/to/dir/../other/dir \
516 ; do
517
518 R=`rm -f /tmp/lwscap ; echo -n -e "GET $i HTTP/1.0\r\n\r\n" | nc localhost 7681 2>/dev/null >/tmp/lwscap; head -n1 /tmp/lwscap| cut -d' ' -f2`
519
520 cat /tmp/lwscap | head -n1
521 echo ==== $R
522
523
524 if [ "$R" != "403" ]; then
525         U=`cat $LOG | grep lws_http_serve | tail -n 1 | cut -d':' -f3 | cut -d' ' -f2`
526         echo $U
527         echo "- \"$i\" -> $R \"$U\"" >>/tmp/results
528 else
529         echo "- \"$i\" -> $R" >>/tmp/results
530 fi
531 done
532
533 cat <<EOF >/tmp/lwsresult1
534 - "/..../" -> 406 "/..../"
535 - "/.../." -> 406 "/.../"
536 - "/...//" -> 406 "/.../"
537 - "/.../a" -> 406 "/.../a"
538 - "/.../w" -> 406 "/.../w"
539 - "/.../?" -> 406 "/.../"
540 - "/.../%" -> 403
541 - "/../.." -> 200 "/"
542 - "/.././" -> 200 "/"
543 - "/../.a" -> 415 "/.a"
544 - "/../.w" -> 415 "/.w"
545 - "/../.." -> 200 "/"
546 - "/../.%" -> 403
547 - "/..//." -> 200 "/"
548 - "/..///" -> 200 "/"
549 - "/..//a" -> 415 "/a"
550 - "/..//w" -> 415 "/w"
551 - "/..//?" -> 200 "/"
552 - "/..//%" -> 403
553 - "/../a." -> 415 "/a."
554 - "/../a/" -> 406 "/a/"
555 - "/../aa" -> 415 "/aa"
556 - "/../aw" -> 415 "/aw"
557 - "/../a?" -> 415 "/a"
558 - "/../a%" -> 403
559 - "/../w." -> 415 "/w."
560 - "/../w/" -> 406 "/w/"
561 - "/../wa" -> 415 "/wa"
562 - "/../ww" -> 415 "/ww"
563 - "/../w?" -> 415 "/w"
564 - "/../w%" -> 403
565 - "/../?." -> 200 "/"
566 - "/../?/" -> 200 "/"
567 - "/../?a" -> 200 "/"
568 - "/../?w" -> 200 "/"
569 - "/../??" -> 200 "/"
570 - "/../?%" -> 403
571 - "/../%." -> 403
572 - "/../%/" -> 403
573 - "/../%a" -> 403
574 - "/../%w" -> 403
575 - "/../%?" -> 403
576 - "/../%%" -> 403
577 - "/./..." -> 415 "/..."
578 - "/./../" -> 200 "/"
579 - "/./..a" -> 415 "/..a"
580 - "/./..w" -> 415 "/..w"
581 - "/./..?" -> 200 "/"
582 - "/./..%" -> 403
583 - "/.//.." -> 200 "/"
584 - "/.a../" -> 406 "/.a../"
585 - "/.a/.." -> 200 "/"
586 - "/.w../" -> 406 "/.w../"
587 - "/.w/.." -> 200 "/"
588 - "/.?../" -> 415 "/."
589 - "/../.." -> 200 "/"
590 - "/.%../" -> 403
591 - "/.%/.." -> 403
592 - "//...." -> 415 "/...."
593 - "//.../" -> 406 "/.../"
594 - "//...a" -> 415 "/...a"
595 - "//...w" -> 415 "/...w"
596 - "//...?" -> 415 "/..."
597 - "//...%" -> 403
598 - "//../." -> 200 "/"
599 - "//..//" -> 200 "/"
600 - "//../a" -> 415 "/a"
601 - "//../w" -> 415 "/w"
602 - "//../?" -> 200 "/"
603 - "//../%" -> 403
604 - "//..a." -> 415 "/..a."
605 - "//..a/" -> 406 "/..a/"
606 - "//..aa" -> 415 "/..aa"
607 - "//..aw" -> 415 "/..aw"
608 - "//..a?" -> 415 "/..a"
609 - "//..a%" -> 403
610 - "//..w." -> 415 "/..w."
611 - "//..w/" -> 406 "/..w/"
612 - "//..wa" -> 415 "/..wa"
613 - "//..ww" -> 415 "/..ww"
614 - "//..w?" -> 415 "/..w"
615 - "//..w%" -> 403
616 - "//..?." -> 200 "/"
617 - "//..?/" -> 200 "/"
618 - "//..?a" -> 415 "/a"
619 - "//..?w" -> 415 "/w"
620 - "//..??" -> 200 "/"
621 - "//..?%" -> 403
622 - "//..%." -> 403
623 - "//..%/" -> 403
624 - "//..%a" -> 403
625 - "//..%w" -> 403
626 - "//..%?" -> 403
627 - "//..%%" -> 403
628 - "//./.." -> 200 "/"
629 - "///..." -> 415 "/..."
630 - "///../" -> 200 "/"
631 - "///..a" -> 415 "/..a"
632 - "///..w" -> 415 "/..w"
633 - "///..?" -> 200 "/"
634 - "///..%" -> 403
635 - "////.." -> 200 "/"
636 - "//a../" -> 406 "/a../"
637 - "//a/.." -> 200 "/"
638 - "//w../" -> 406 "/w../"
639 - "//w/.." -> 200 "/"
640 - "//?../" -> 200 "/"
641 - "//?/.." -> 200 "/"
642 - "//%../" -> 403
643 - "//%/.." -> 403
644 - "/a.../" -> 406 "/a.../"
645 - "/a../." -> 406 "/a../"
646 - "/a..//" -> 406 "/a../"
647 - "/a../a" -> 406 "/a../a"
648 - "/a../w" -> 406 "/a../w"
649 - "/a../?" -> 406 "/a../"
650 - "/a../%" -> 403
651 - "/a./.." -> 200 "/"
652 - "/a/..." -> 406 "/a/..."
653 - "/a/../" -> 200 "/"
654 - "/a/..a" -> 406 "/a/..a"
655 - "/a/..w" -> 406 "/a/..w"
656 - "/a/..?" -> 200 "/"
657 - "/a/..%" -> 403
658 - "/a//.." -> 200 "/"
659 - "/aa../" -> 406 "/aa../"
660 - "/aa/.." -> 200 "/"
661 - "/aw../" -> 406 "/aw../"
662 - "/aw/.." -> 200 "/"
663 - "/a?../" -> 415 "/a"
664 - "/a?/.." -> 415 "/a"
665 - "/a%../" -> 403
666 - "/a%/.." -> 403
667 - "/w.../" -> 406 "/w.../"
668 - "/w../." -> 406 "/w../"
669 - "/w..//" -> 406 "/w../"
670 - "/w../a" -> 406 "/w../a"
671 - "/w../w" -> 406 "/w../w"
672 - "/w../?" -> 406 "/w../"
673 - "/w../%" -> 403
674 - "/w./.." -> 200 "/"
675 - "/w/..." -> 406 "/w/..."
676 - "/w/../" -> 200 "/"
677 - "/w/..a" -> 406 "/w/..a"
678 - "/w/..w" -> 406 "/w/..w"
679 - "/w/..?" -> 200 "/"
680 - "/w/..%" -> 403
681 - "/w//.." -> 200 "/"
682 - "/wa../" -> 406 "/wa../"
683 - "/wa/.." -> 200 "/"
684 - "/ww../" -> 406 "/ww../"
685 - "/ww/.." -> 200 "/"
686 - "/w?../" -> 415 "/w"
687 - "/w?/.." -> 415 "/w"
688 - "/w%../" -> 403
689 - "/w%/.." -> 403
690 - "/?.../" -> 200 "/"
691 - "/?../." -> 200 "/"
692 - "/?..//" -> 200 "/"
693 - "/?../a" -> 200 "/"
694 - "/?../w" -> 200 "/"
695 - "/?../?" -> 200 "/"
696 - "/?../%" -> 403
697 - "/?./.." -> 200 "/"
698 - "/?/..." -> 200 "/"
699 - "/?/../" -> 200 "/"
700 - "/?/..a" -> 200 "/"
701 - "/?/..w" -> 200 "/"
702 - "/?/..?" -> 200 "/"
703 - "/?/..%" -> 403
704 - "/?//.." -> 200 "/"
705 - "/?a../" -> 200 "/"
706 - "/?a/.." -> 200 "/"
707 - "/?w../" -> 200 "/"
708 - "/?w/.." -> 200 "/"
709 - "/??../" -> 200 "/"
710 - "/??/.." -> 200 "/"
711 - "/?%../" -> 403
712 - "/?%/.." -> 403
713 - "/%.../" -> 403
714 - "/%../." -> 403
715 - "/%..//" -> 403
716 - "/%../a" -> 403
717 - "/%../w" -> 403
718 - "/%../?" -> 403
719 - "/%../%" -> 403
720 - "/%./.." -> 403
721 - "/%/..." -> 403
722 - "/%/../" -> 403
723 - "/%/..a" -> 403
724 - "/%/..w" -> 403
725 - "/%/..?" -> 403
726 - "/%/..%" -> 403
727 - "/%//.." -> 403
728 - "/%a../" -> 403
729 - "/%a/.." -> 403
730 - "/%w../" -> 403
731 - "/%w/.." -> 403
732 - "/%?../" -> 403
733 - "/%?/.." -> 403
734 - "/%%../" -> 403
735 - "/%%/.." -> 403
736 - "/a/w/../a" -> 406 "/a/a"
737 - "/path/to/dir/../other/dir" -> 406 "/path/to/other/dir"
738 EOF
739
740 if [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then
741         echo "Differences..."
742         diff -urN /tmp/results /tmp/lwsresult1
743         exit 1
744 else
745         echo "OK"
746 fi
747
748
749 echo
750 echo "--- survived OK ---"
751 kill -2 $CPID
752
753 exit 0
754
755
Domain: Network & Connectivity / Data Network;