Author: musachy
Date: Fri Aug 22 08:22:56 2008
New Revision: 688095
URL: http://svn.apache.org/viewvc?rev=688095&view=rev
Log:
WW-2779 Directory traversal vulnerability while serving static content
Modified:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
Modified:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java?rev=688095&r1=688094&r2=688095&view=diff
==============================================================================
---
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
(original)
+++
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
Fri Aug 22 08:22:56 2008
@@ -69,6 +69,30 @@
assertEquals(0, res.getContentLength());
}
+ public void testInvalidRersources2() throws IOException {
+ contentLoader.findStaticResource("/struts/..", req, res);
+ assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+ assertEquals(0, res.getContentLength());
+ }
+
+ public void testInvalidRersources3() throws IOException {
+ contentLoader.findStaticResource("/struts/../othertest.properties",
req, res);
+ assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+ assertEquals(0, res.getContentLength());
+ }
+
+ public void testInvalidRersources4() throws IOException {
+ contentLoader.findStaticResource("/struts/..%252f", req, res);
+ assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+ assertEquals(0, res.getContentLength());
+ }
+
+ public void testInvalidRersources5() throws IOException {
+
contentLoader.findStaticResource("/struts/..%252fothertest.properties", req,
res);
+ assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+ assertEquals(0, res.getContentLength());
+ }
+
@Override
protected void setUp() throws Exception {
super.setUp();
