vendor/rack/test/spec_rack_file.rb in relevance-castronaut-0.5.4 vs vendor/rack/test/spec_rack_file.rb in relevance-castronaut-0.6.0
- old
+ new
@@ -39,12 +39,26 @@
get("/cgi/../test")
res.should.be.forbidden
end
+ specify "does not allow directory traversal with encoded periods" do
+ res = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT))).
+ get("/%2E%2E/README")
+
+ res.should.be.forbidden
+ end
+
specify "404s if it can't find the file" do
res = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT))).
get("/cgi/blubb")
+
+ res.should.be.not_found
+ end
+
+ specify "detects SystemCallErrors" do
+ res = Rack::MockRequest.new(Rack::Lint.new(Rack::File.new(DOCROOT))).
+ get("/cgi")
res.should.be.not_found
end
end