File: cve_2017_17742_spec.rb

package info (click to toggle)
ruby3.1 3.1.2-7%2Bdeb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 132,892 kB
  • sloc: ruby: 1,154,753; ansic: 736,782; yacc: 46,445; pascal: 10,401; sh: 3,931; cpp: 1,158; python: 838; makefile: 787; asm: 462; javascript: 382; lisp: 97; sed: 94; perl: 62; awk: 36; xml: 4
file content (37 lines) | stat: -rw-r--r-- 1,139 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
require_relative '../spec_helper'

# webrick is no longer in stdlib in Ruby 3+
ruby_version_is ""..."3.0" do
  require "webrick"
  require "stringio"
  require "net/http"

  describe "WEBrick" do
    describe "resists CVE-2017-17742" do
      it "for a response splitting headers" do
        config = WEBrick::Config::HTTP
        res = WEBrick::HTTPResponse.new config
        res['X-header'] = "malicious\r\nCookie: hack"
        io = StringIO.new
        res.send_response io
        io.rewind
        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
        res.code.should == '500'
        io.string.should_not =~ /hack/
      end

      it "for a response splitting cookie headers" do
        user_input = "malicious\r\nCookie: hack"
        config = WEBrick::Config::HTTP
        res = WEBrick::HTTPResponse.new config
        res.cookies << WEBrick::Cookie.new('author', user_input)
        io = StringIO.new
        res.send_response io
        io.rewind
        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
        res.code.should == '500'
        io.string.should_not =~ /hack/
      end
    end
  end
end