test/spec_file.rb in rack-1.2.8 vs test/spec_file.rb in rack-1.3.0.beta

@@ -29,16 +29,36 @@
     res.should.be.ok
     res.should =~ /ruby/
   end
 
   should "not allow directory traversal" do
-    res = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT))).
-      get("/cgi/../test")
+    req = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT)))
+    res = req.get("/cgi/../test")
+    res.should.be.forbidden
 
+    res = req.get("../test")
     res.should.be.forbidden
+
+    res = req.get("..")
+    res.should.be.forbidden
+
+    res = req.get("test/..")
+    res.should.be.forbidden
   end
 
+  should "allow files with .. in their name" do
+    req = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT)))
+    res = req.get("/cgi/..test")
+    res.should.be.not_found
+
+    res = req.get("/cgi/test..")
+    res.should.be.not_found
+
+    res = req.get("/cgi../test..")
+    res.should.be.not_found
+  end
+
   should "not allow directory traversal with encoded periods" do
     res = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT))).
       get("/%2E%2E/README")
 
     res.should.be.forbidden
@@ -58,14 +78,45 @@
     res.should.be.not_found
   end
 
   should "return bodies that respond to #to_path" do
     env = Rack::MockRequest.env_for("/cgi/test")
-    status, headers, body = Rack::File.new(DOCROOT).call(env)
+    status, _, body = Rack::File.new(DOCROOT).call(env)
 
     path = File.join(DOCROOT, "/cgi/test")
 
     status.should.equal 200
     body.should.respond_to :to_path
     body.to_path.should.equal path
   end
+
+  should "return correct byte range in body" do
+    env = Rack::MockRequest.env_for("/cgi/test")
+    env["HTTP_RANGE"] = "bytes=22-33"
+    res = Rack::MockResponse.new(*Rack::File.new(DOCROOT).call(env))
+
+    res.status.should.equal 206
+    res["Content-Length"].should.equal "12"
+    res["Content-Range"].should.equal "bytes 22-33/193"
+    res.body.should.equal "-*- ruby -*-"
+  end
+
+  should "return error for unsatisfiable byte range" do
+    env = Rack::MockRequest.env_for("/cgi/test")
+    env["HTTP_RANGE"] = "bytes=1234-5678"
+    res = Rack::MockResponse.new(*Rack::File.new(DOCROOT).call(env))
+
+    res.status.should.equal 416
+    res["Content-Range"].should.equal "bytes */193"
+  end
+
+  should "support cache control options" do
+    env = Rack::MockRequest.env_for("/cgi/test")
+    status, heads, _ = Rack::File.new(DOCROOT, 'public, max-age=38').call(env)
+
+    path = File.join(DOCROOT, "/cgi/test")
+
+    status.should.equal 200
+    heads['Cache-Control'].should.equal 'public, max-age=38'
+  end
+
 end