mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-02-01 12:03:41 +00:00
b107d2709f
redbean improvements:
- Explicitly disable corking
- Simulate Python regex API for Lua
- Send warmup requests in main process on startup
- Add Class-A granular IPv4 network classification
- Add /statusz page so you can monitor your redbean's health
- Fix regressions on OpenBSD/NetBSD caused by recent changes
- Plug Authorization header into Lua GetUser and GetPass APIs
- Recognize X-Forwarded-{For,Host} from local reverse proxies
- Add many additional functions to redbean Lua server page API
- Report resource usage of child processes on `/` listing page
- Introduce `-a` flag for logging child process resource usage
- Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API
- Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API
Cosmopolitan Libc improvements:
- Make strerror() simpler
- Make inet_pton() not depend on sscanf()
- Fix OpenExecutable() which broke .data section earlier
- Fix stdio in cases where it overflows kernel tty buffer
- Fix bugs in crash reporting w/o .com.dbg binary present
- Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO
- Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums
New netcat clone in examples/nc.c:
While testing some of the failure conditions for redbean, I noticed that
BusyBox's `nc` command is pretty busted, if you use it as an interactive
tool, rather than having it be part of a pipeline. Unfortunately this'll
only work on UNIX since Windows doesn't let us poll on stdio and sockets
at the same time because I don't think they want tools like this running
on their platform. So if you want forbidden fruit, it's here so enjoy it
91 lines
4.5 KiB
C
91 lines
4.5 KiB
C
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
|
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
|
╞══════════════════════════════════════════════════════════════════════════════╡
|
|
│ Copyright 2021 Justine Alexandra Roberts Tunney │
|
|
│ │
|
|
│ Permission to use, copy, modify, and/or distribute this software for │
|
|
│ any purpose with or without fee is hereby granted, provided that the │
|
|
│ above copyright notice and this permission notice appear in all copies. │
|
|
│ │
|
|
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
|
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
|
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
|
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
|
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
|
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
|
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
|
│ PERFORMANCE OF THIS SOFTWARE. │
|
|
╚─────────────────────────────────────────────────────────────────────────────*/
|
|
#include "libc/testlib/ezbench.h"
|
|
#include "libc/testlib/testlib.h"
|
|
#include "net/http/http.h"
|
|
|
|
TEST(IsReasonablePath, test) {
|
|
EXPECT_TRUE(IsReasonablePath("/", 1));
|
|
EXPECT_TRUE(IsReasonablePath("index.html", 10));
|
|
EXPECT_TRUE(IsReasonablePath("/index.html", 11));
|
|
EXPECT_TRUE(IsReasonablePath("/index.html", -1));
|
|
EXPECT_TRUE(IsReasonablePath("/redbean.png", -1));
|
|
}
|
|
|
|
TEST(IsReasonablePath, testEmptyString_allowedIfYouLikeImplicitLeadingSlash) {
|
|
EXPECT_TRUE(IsReasonablePath(0, 0));
|
|
EXPECT_TRUE(IsReasonablePath(0, -1));
|
|
EXPECT_TRUE(IsReasonablePath("", 0));
|
|
}
|
|
|
|
TEST(IsReasonablePath, testHiddenFiles_areAllowed) {
|
|
EXPECT_TRUE(IsReasonablePath("/.index.html", 12));
|
|
EXPECT_TRUE(IsReasonablePath("/x/.index.html", 14));
|
|
}
|
|
|
|
TEST(IsReasonablePath, testDoubleSlash_isAllowed) {
|
|
EXPECT_TRUE(IsReasonablePath("//", 2));
|
|
EXPECT_TRUE(IsReasonablePath("foo//", 5));
|
|
EXPECT_TRUE(IsReasonablePath("/foo//", 6));
|
|
EXPECT_TRUE(IsReasonablePath("/foo//bar", 9));
|
|
}
|
|
|
|
TEST(IsReasonablePath, testNoncanonicalDirectories_areForbidden) {
|
|
EXPECT_FALSE(IsReasonablePath(".", 1));
|
|
EXPECT_FALSE(IsReasonablePath("..", 2));
|
|
EXPECT_FALSE(IsReasonablePath("/.", 2));
|
|
EXPECT_FALSE(IsReasonablePath("/..", 3));
|
|
EXPECT_FALSE(IsReasonablePath("./", 2));
|
|
EXPECT_FALSE(IsReasonablePath("../", 3));
|
|
EXPECT_FALSE(IsReasonablePath("/./", 3));
|
|
EXPECT_FALSE(IsReasonablePath("/../", 4));
|
|
EXPECT_FALSE(IsReasonablePath("x/.", 3));
|
|
EXPECT_FALSE(IsReasonablePath("x/..", 4));
|
|
EXPECT_FALSE(IsReasonablePath("x/./", 4));
|
|
EXPECT_FALSE(IsReasonablePath("x/../", 5));
|
|
EXPECT_FALSE(IsReasonablePath("/x/./", 5));
|
|
EXPECT_FALSE(IsReasonablePath("/x/../", 6));
|
|
}
|
|
|
|
TEST(IsReasonablePath, testNoncanonicalWindowsDirs_areForbidden) {
|
|
EXPECT_FALSE(IsReasonablePath(".", 1));
|
|
EXPECT_FALSE(IsReasonablePath("..", 2));
|
|
EXPECT_FALSE(IsReasonablePath("\\.", 2));
|
|
EXPECT_FALSE(IsReasonablePath("\\..", 3));
|
|
EXPECT_FALSE(IsReasonablePath(".\\", 2));
|
|
EXPECT_FALSE(IsReasonablePath("..\\", 3));
|
|
EXPECT_FALSE(IsReasonablePath("\\.\\", 3));
|
|
EXPECT_FALSE(IsReasonablePath("\\..\\", 4));
|
|
EXPECT_FALSE(IsReasonablePath("x\\.", 3));
|
|
EXPECT_FALSE(IsReasonablePath("x\\..", 4));
|
|
EXPECT_FALSE(IsReasonablePath("x\\.\\", 4));
|
|
EXPECT_FALSE(IsReasonablePath("x\\..\\", 5));
|
|
EXPECT_FALSE(IsReasonablePath("\\x\\.\\", 5));
|
|
EXPECT_FALSE(IsReasonablePath("\\x\\..\\", 6));
|
|
}
|
|
|
|
TEST(IsReasonablePath, testOverlongSlashDot_isDetected) {
|
|
EXPECT_FALSE(IsReasonablePath("/\300\256", 3)); /* /. */
|
|
EXPECT_TRUE(IsReasonablePath("/\300\257", 3)); /* // */
|
|
EXPECT_FALSE(IsReasonablePath("\300\256\300\256", 4)); /* .. */
|
|
}
|
|
|
|
BENCH(IsReasonablePath, bench) {
|
|
EZBENCH2("IsReasonablePath", donothing, IsReasonablePath("/index.html", 11));
|
|
}
|