1#!/bin/bash
2#
3# attack the test server and try to make it fall over
4#
5# Requires the library to have been built with
6#
7# cmake .. -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_MINIMAL_EXAMPLES=1
8#
9# run it from the build dir
10
11echo
12echo "----------------------------------------------"
13echo "-------   tests: lws attack.sh"
14echo
15
16SERVER=127.0.0.1
17PORT=7681
18LOG=/tmp/lwslog
19
20A=`which libwebsockets-test-server`
21INSTALLED=`dirname $A`
22
23SHAREDIR=$INSTALLED/../share/libwebsockets-test-server
24CORPUS=$SHAREDIR/test.html
25
26LWS_NC=./bin/lws-minimal-raw-netcat
27
28CPID=
29LEN=0
30
31function check {
32	kill -0 $CPID
33	if [ $? -ne 0 ] ; then
34		echo "(killed it) *******"
35		exit 1
36	fi
37	#dd if=$LOG bs=1 skip=$LEN 2>/dev/null
38
39	if [ "$1" = "default" ] ; then
40		diff /tmp/lwscap $CORPUS > /dev/null
41		if [ $? -ne 0 ] ; then
42			echo "FAIL: got something other than $CORPUS back"
43			exit 1
44		fi
45	fi
46	if [ "$1" = "defaultplusforbidden" ] ; then
47	cat $CORPUS > /tmp/plusforb
48	echo -e -n "HTTP/1.0 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb
49		diff /tmp/lwscap /tmp/plusforb > /dev/null
50		if [ $? -ne 0 ] ; then
51			cat $CORPUS > /tmp/plusforb
52
53			echo -e -n "HTTP/1.1 403 Forbidden\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 173\x0d\x0a\x0d\x0a<html><head><meta charset=utf-8 http-equiv=\"Content-Language\" content=\"en\"/><link rel=\"stylesheet\" type=\"text/css\" href=\"/error.css\"/></head><body><h1>403</h1></body></html>" >> /tmp/plusforb
54			diff /tmp/lwscap /tmp/plusforb > /dev/null
55			if [ $? -ne 0 ] ; then
56
57				echo "FAIL: got something other than $CORPUS + forbidden back"
58				tail -n 10 /tmp/lwscap
59				tail -n 100 $LOG
60				exit 1
61			fi
62		fi
63	fi
64
65	if [ "$1" = "forbidden" ] ; then
66		if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then
67			echo "FAIL: should have told forbidden (test server has no dirs)"
68			exit 1
69		fi
70	fi
71
72	if [ "$1" = "notfound" ] ; then
73		if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then
74			echo "FAIL: should have told not found"
75			exit 1
76		fi
77	fi
78
79
80	if [ "$1" = "rejected" ] ; then
81		if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then
82			echo "FAIL: should have told forbidden (test server has no dirs)"
83			exit 1
84		fi
85	fi
86
87
88	if [ "$1" = "media" ] ; then
89		if [ -z "`grep '<h1>404</h1>' /tmp/lwscap`" ] ; then
90			echo "FAIL: should have told unknown media type"
91			exit 1
92		fi
93	fi
94
95	if [ "$1" == "0" ] ; then
96		a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep "get\ \ =" | tr -s ' ' | cut -d' ' -f4-`"
97		if [ "$a" != "$2" ] ; then
98			echo "URL path '$a' not $2"
99			exit 1
100		fi
101	fi
102
103	if [ "$1" == "1" ] ; then
104		a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f7-`"
105		if [ "$a" != "$2" ] ; then
106			echo "Arg 1 '$a' not $2"
107			exit 1
108		fi
109	fi
110
111	if [ "$1" == "2" ] ; then
112		a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f7-`"
113		if [ "$a" != "$2" ] ; then
114			echo "Arg 2 '$a' not $2"
115			exit 1
116		fi
117	fi
118	if [ "$1" == "3" ] ; then
119		a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f7-`"
120		if [ "$a" != "$2" ] ; then
121			echo "Arg 3 '$a' not $2"
122			exit 1
123		fi
124	fi
125
126	if [ -z "$1" ] ; then
127		LEN=`stat $LOG -c %s`
128	fi
129}
130
131
132rm -rf $LOG
133killall libwebsockets-test-server 2>/dev/null
134libwebsockets-test-server -d15 2>> $LOG >/dev/null &
135CPID=$!
136
137echo "Started server on PID $CPID"
138
139while [ -z "`grep ort\ 7681 $LOG`" ] ; do
140	sleep 0.5s
141done
142check
143
144echo
145echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F"
146rm -f /tmp/lwscap
147echo -n -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
148cat /tmp/lwscap
149check 1 "UPDATE_SETTINGS=1"
150check 2 "Root_Channels_1_Channel_name_http_post=?"
151check 3 "Root_Channels_1_Channel_location_http_post=?"
152check
153
154echo
155echo "---- ? processing (/cgi-bin/settings.js?key1=value1)"
156rm -f /tmp/lwscap
157echo -n -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
158check 1 "key1=value1"
159check
160
161echo
162echo "---- ? processing (/t%3dest?key1%3d2=value1)"
163rm -f /tmp/lwscap
164echo -n -e "GET /t%3dest?key1%3d2=value1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
165check 0 "/t=est"
166check 1 "key1_2=value1"
167check
168
169echo
170echo "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=1)"
171rm -f /tmp/lwscap
172echo  -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=1 HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
173check 1 "arg=1"
174check
175
176echo
177echo "---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg=/../.)"
178rm -f /tmp/lwscap
179echo -n -e "GET %2f%2e%2e%2f%2e./xxtest.html?arg=/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
180check 1 "arg=/../."
181check
182
183echo
184echo "---- spam enough crap to not be GET"
185echo "not GET" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
186check
187
188echo
189echo "---- spam more than the name buffer of crap"
190dd if=/dev/urandom bs=1 count=80 2>/dev/null | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
191check
192
193echo
194echo "---- spam 10MB of crap"
195dd if=/dev/urandom bs=1 count=655360 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
196check
197
198echo
199echo "---- malformed URI"
200echo "GET nonsense................................................................................................................" \
201	| $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap
202check
203
204echo
205echo "---- missing URI"
206echo -n -e "GET HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap
207check
208
209echo
210echo "---- repeated method"
211echo -n -e "GET blah HTTP/1.0\x0d\x0aGET blah HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null >/tmp/lwscap
212check
213
214echo
215echo "---- crazy header name part"
216echo -n -e "GET blah HTTP/1.0\x0d\x0a................................................................................................................" \
217	"......................................................................................................................." \
218 	"......................................................................................................................." \
219 	"......................................................................................................................." \
220 	"......................................................................................................................." \
221 	"......................................................................................................................." \
222 	"......................................................................................................................." \
223 	"......................................................................................................................." \
224 	"......................................................................................................................." \
225 	"......................................................................................................................." \
226	"......................................................................................................................." \
227 	"......................................................................................................................." \
228 	"......................................................................................................................." \
229 	"......................................................................................................................." \
230 	"......................................................................................................................." \
231 	"......................................................................................................................." \
232 	"......................................................................................................................." \
233 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null
234check
235
236echo
237echo "---- excessive uri content"
238echo -n -e "GET ................................................................................................................" \
239	"......................................................................................................................." \
240 	"......................................................................................................................." \
241 	"......................................................................................................................." \
242 	"......................................................................................................................." \
243 	"......................................................................................................................." \
244 	"......................................................................................................................." \
245 	"......................................................................................................................." \
246 	"......................................................................................................................." \
247 	"......................................................................................................................." \
248	"......................................................................................................................." \
249 	"......................................................................................................................." \
250 	"......................................................................................................................." \
251 	"......................................................................................................................." \
252 	"......................................................................................................................." \
253 	"......................................................................................................................." \
254 	"......................................................................................................................." \
255 | $LWS_NC --server $SERVER --port $PORT 2>/dev/null
256check
257
258echo
259echo "---- good request but http payload coming too (test.html served then forbidden)"
260echo -n -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \
261	| $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
262check defaultplusforbidden
263check
264
265echo
266echo "---- nonexistent file"
267rm -f /tmp/lwscap
268echo -n -e "GET /nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
269cat /tmp/lwscap
270check notfound
271check
272
273echo
274echo "---- relative uri path"
275rm -f /tmp/lwscap
276echo -n -e "GET nope HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
277check forbidden
278check
279
280echo
281echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)"
282rm -f /tmp/lwscap
283echo -n -e "GET /../../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
284check notfound
285check
286
287echo
288echo "---- directory attack 2 (/../ should be /)"
289rm -f /tmp/lwscap
290echo -e -n "GET /../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
291check default
292check
293
294echo
295echo "---- directory attack 3 (/./ should be /)"
296rm -f /tmp/lwscap
297echo -e -n "GET /./ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
298check default
299check
300
301echo
302echo "---- directory attack 4 (/blah/.. should be /)"
303rm -f /tmp/lwscap
304echo -e -n "GET /blah/.. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
305check default
306check
307
308echo
309echo "---- directory attack 5 (/blah/../ should be /)"
310rm -f /tmp/lwscap
311echo -e -n "GET /blah/../ HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
312check default
313check
314
315echo
316echo "---- directory attack 6 (/blah/../. should be /)"
317rm -f /tmp/lwscap
318echo -e -n "GET /blah/../. HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
319check default
320check
321
322echo
323echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)"
324rm -f /tmp/lwscap
325echo -e -n "GET /%2e%2e%2f../../../etc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
326check notfound
327check
328
329echo
330echo "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)"
331rm -f /tmp/lwscap
332echo -e -n "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.0\x0d\x0a\x0d\x0a" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null | sed '1,/^\r$/d'> /tmp/lwscap
333check notfound
334check
335
336echo
337echo "---- http/1.1 pipelining"
338rm -f /tmp/lwscap
339wget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap
340good=`cat $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS | md5sum | cut -d' ' -f1`
341if [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then
342	echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`"
343	exit 1
344fi
345
346echo
347echo "---- mass testing uri variations"
348
349rm -f /tmp/results
350
351for i in \
352/..../ \
353/.../. \
354/...// \
355/.../a \
356/.../w \
357"/.../?" \
358/.../% \
359/../.. \
360/.././ \
361/../.a \
362/../.w \
363/../.. \
364/../.% \
365/..//. \
366/../// \
367/..//a \
368/..//w \
369"/..//?" \
370/..//% \
371/../a. \
372/../a/ \
373/../aa \
374/../aw \
375/../a? \
376/../a% \
377/../w. \
378/../w/ \
379/../wa \
380/../ww \
381/../w? \
382/../w% \
383/../?. \
384/../?/ \
385/../?a \
386/../?w \
387/../?? \
388/../?% \
389/../%. \
390/../%/ \
391/../%a \
392/../%w \
393/../%? \
394/../%% \
395/./... \
396/./../ \
397/./..a \
398/./..w \
399/./..? \
400/./..% \
401/.//.. \
402/.a../ \
403/.a/.. \
404/.w../ \
405/.w/.. \
406/.?../ \
407/../.. \
408/.%../ \
409/.%/.. \
410//.... \
411//.../ \
412//...a \
413//...w \
414//...? \
415//...% \
416//../. \
417//..// \
418//../a \
419//../w \
420//../? \
421//../% \
422//..a. \
423//..a/ \
424//..aa \
425//..aw \
426//..a? \
427//..a% \
428//..w. \
429//..w/ \
430//..wa \
431//..ww \
432//..w? \
433//..w% \
434//..?. \
435//..?/ \
436//..?a \
437//..?w \
438//..?? \
439//..?% \
440//..%. \
441//..%/ \
442//..%a \
443//..%w \
444//..%? \
445//..%% \
446//./.. \
447///... \
448///../ \
449///..a \
450///..w \
451///..? \
452///..% \
453////.. \
454//a../ \
455//a/.. \
456//w../ \
457//w/.. \
458//?../ \
459//?/.. \
460//%../ \
461//%/.. \
462/a.../ \
463/a../. \
464/a..// \
465/a../a \
466/a../w \
467/a../? \
468/a../% \
469/a./.. \
470/a/... \
471/a/../ \
472/a/..a \
473/a/..w \
474/a/..? \
475/a/..% \
476/a//.. \
477/aa../ \
478/aa/.. \
479/aw../ \
480/aw/.. \
481/a?../ \
482/a?/.. \
483/a%../ \
484/a%/.. \
485/w.../ \
486/w../. \
487/w..// \
488/w../a \
489/w../w \
490/w../? \
491/w../% \
492/w./.. \
493/w/... \
494/w/../ \
495/w/..a \
496/w/..w \
497/w/..? \
498/w/..% \
499/w//.. \
500/wa../ \
501/wa/.. \
502/ww../ \
503/ww/.. \
504/w?../ \
505/w?/.. \
506/w%../ \
507/w%/.. \
508/?.../ \
509/?../. \
510/?..// \
511/?../a \
512/?../w \
513/?../? \
514/?../% \
515/?./.. \
516/?/... \
517/?/../ \
518/?/..a \
519/?/..w \
520/?/..? \
521/?/..% \
522/?//.. \
523/?a../ \
524/?a/.. \
525/?w../ \
526/?w/.. \
527/??../ \
528/??/.. \
529/?%../ \
530/?%/.. \
531/%.../ \
532/%../. \
533/%..// \
534/%../a \
535/%../w \
536/%../? \
537/%../% \
538/%./.. \
539/%/... \
540/%/../ \
541/%/..a \
542/%/..w \
543/%/..? \
544/%/..% \
545/%//.. \
546/%a../ \
547/%a/.. \
548/%w../ \
549/%w/.. \
550/%?../ \
551/%?/.. \
552/%%../ \
553/%%/.. \
554/a/w/../a \
555/path/to/dir/../other/dir \
556; do
557LEN=`stat $LOG -c %s`
558rm -f /tmp/lwscap1
559echo -n -e "GET $i HTTP/1.0\r\n\r\n" | $LWS_NC --server $SERVER --port $PORT 2>/dev/null > /tmp/lwscap1
560R=`cat /tmp/lwscap1| head -n 1 | cut -d' ' -f 2`
561#cat $LOG
562#echo ==== $R
563
564
565if [ "$R" != "403" ]; then
566	U=`dd if=$LOG bs=1 skip=$LEN 2>/dev/null| grep "Method:" | tr -s ' ' | cut -d"'" -f4`
567#dd if=$LOG bs=1 skip=$LEN 2>/dev/null
568	echo "- \"$i\" -> $R \"$U\"" >>/tmp/results
569else
570	echo "- \"$i\" -> $R" >>/tmp/results
571fi
572done
573
574cat <<EOF >/tmp/lwsresult1
575- "/..../" -> 404 "/..../"
576- "/.../." -> 404 "/.../"
577- "/...//" -> 404 "/.../"
578- "/.../a" -> 404 "/.../a"
579- "/.../w" -> 404 "/.../w"
580- "/.../?" -> 404 "/.../"
581- "/.../%" -> 403
582- "/../.." -> 200 "/"
583- "/.././" -> 200 "/"
584- "/../.a" -> 404 "/.a"
585- "/../.w" -> 404 "/.w"
586- "/../.." -> 200 "/"
587- "/../.%" -> 403
588- "/..//." -> 200 "/"
589- "/..///" -> 200 "/"
590- "/..//a" -> 404 "/a"
591- "/..//w" -> 404 "/w"
592- "/..//?" -> 200 "/"
593- "/..//%" -> 403
594- "/../a." -> 404 "/a."
595- "/../a/" -> 404 "/a/"
596- "/../aa" -> 404 "/aa"
597- "/../aw" -> 404 "/aw"
598- "/../a?" -> 404 "/a"
599- "/../a%" -> 403
600- "/../w." -> 404 "/w."
601- "/../w/" -> 404 "/w/"
602- "/../wa" -> 404 "/wa"
603- "/../ww" -> 404 "/ww"
604- "/../w?" -> 404 "/w"
605- "/../w%" -> 403
606- "/../?." -> 200 "/"
607- "/../?/" -> 200 "/"
608- "/../?a" -> 200 "/"
609- "/../?w" -> 200 "/"
610- "/../??" -> 200 "/"
611- "/../?%" -> 403
612- "/../%." -> 403
613- "/../%/" -> 403
614- "/../%a" -> 403
615- "/../%w" -> 403
616- "/../%?" -> 403
617- "/../%%" -> 403
618- "/./..." -> 404 "/..."
619- "/./../" -> 200 "/"
620- "/./..a" -> 404 "/..a"
621- "/./..w" -> 404 "/..w"
622- "/./..?" -> 200 "/"
623- "/./..%" -> 403
624- "/.//.." -> 200 "/"
625- "/.a../" -> 404 "/.a../"
626- "/.a/.." -> 200 "/"
627- "/.w../" -> 404 "/.w../"
628- "/.w/.." -> 200 "/"
629- "/.?../" -> 404 "/."
630- "/../.." -> 200 "/"
631- "/.%../" -> 403
632- "/.%/.." -> 403
633- "//...." -> 404 "/...."
634- "//.../" -> 404 "/.../"
635- "//...a" -> 404 "/...a"
636- "//...w" -> 404 "/...w"
637- "//...?" -> 404 "/..."
638- "//...%" -> 403
639- "//../." -> 200 "/"
640- "//..//" -> 200 "/"
641- "//../a" -> 404 "/a"
642- "//../w" -> 404 "/w"
643- "//../?" -> 200 "/"
644- "//../%" -> 403
645- "//..a." -> 404 "/..a."
646- "//..a/" -> 404 "/..a/"
647- "//..aa" -> 404 "/..aa"
648- "//..aw" -> 404 "/..aw"
649- "//..a?" -> 404 "/..a"
650- "//..a%" -> 403
651- "//..w." -> 404 "/..w."
652- "//..w/" -> 404 "/..w/"
653- "//..wa" -> 404 "/..wa"
654- "//..ww" -> 404 "/..ww"
655- "//..w?" -> 404 "/..w"
656- "//..w%" -> 403
657- "//..?." -> 200 "/"
658- "//..?/" -> 200 "/"
659- "//..?a" -> 404 "/a"
660- "//..?w" -> 404 "/w"
661- "//..??" -> 200 "/"
662- "//..?%" -> 403
663- "//..%." -> 403
664- "//..%/" -> 403
665- "//..%a" -> 403
666- "//..%w" -> 403
667- "//..%?" -> 403
668- "//..%%" -> 403
669- "//./.." -> 200 "/"
670- "///..." -> 404 "/..."
671- "///../" -> 200 "/"
672- "///..a" -> 404 "/..a"
673- "///..w" -> 404 "/..w"
674- "///..?" -> 200 "/"
675- "///..%" -> 403
676- "////.." -> 200 "/"
677- "//a../" -> 404 "/a../"
678- "//a/.." -> 200 "/"
679- "//w../" -> 404 "/w../"
680- "//w/.." -> 200 "/"
681- "//?../" -> 200 "/"
682- "//?/.." -> 200 "/"
683- "//%../" -> 403
684- "//%/.." -> 403
685- "/a.../" -> 404 "/a.../"
686- "/a../." -> 404 "/a../"
687- "/a..//" -> 404 "/a../"
688- "/a../a" -> 404 "/a../a"
689- "/a../w" -> 404 "/a../w"
690- "/a../?" -> 404 "/a../"
691- "/a../%" -> 403
692- "/a./.." -> 200 "/"
693- "/a/..." -> 404 "/a/..."
694- "/a/../" -> 200 "/"
695- "/a/..a" -> 404 "/a/..a"
696- "/a/..w" -> 404 "/a/..w"
697- "/a/..?" -> 200 "/"
698- "/a/..%" -> 403
699- "/a//.." -> 200 "/"
700- "/aa../" -> 404 "/aa../"
701- "/aa/.." -> 200 "/"
702- "/aw../" -> 404 "/aw../"
703- "/aw/.." -> 200 "/"
704- "/a?../" -> 404 "/a"
705- "/a?/.." -> 404 "/a"
706- "/a%../" -> 403
707- "/a%/.." -> 403
708- "/w.../" -> 404 "/w.../"
709- "/w../." -> 404 "/w../"
710- "/w..//" -> 404 "/w../"
711- "/w../a" -> 404 "/w../a"
712- "/w../w" -> 404 "/w../w"
713- "/w../?" -> 404 "/w../"
714- "/w../%" -> 403
715- "/w./.." -> 200 "/"
716- "/w/..." -> 404 "/w/..."
717- "/w/../" -> 200 "/"
718- "/w/..a" -> 404 "/w/..a"
719- "/w/..w" -> 404 "/w/..w"
720- "/w/..?" -> 200 "/"
721- "/w/..%" -> 403
722- "/w//.." -> 200 "/"
723- "/wa../" -> 404 "/wa../"
724- "/wa/.." -> 200 "/"
725- "/ww../" -> 404 "/ww../"
726- "/ww/.." -> 200 "/"
727- "/w?../" -> 404 "/w"
728- "/w?/.." -> 404 "/w"
729- "/w%../" -> 403
730- "/w%/.." -> 403
731- "/?.../" -> 200 "/"
732- "/?../." -> 200 "/"
733- "/?..//" -> 200 "/"
734- "/?../a" -> 200 "/"
735- "/?../w" -> 200 "/"
736- "/?../?" -> 200 "/"
737- "/?../%" -> 403
738- "/?./.." -> 200 "/"
739- "/?/..." -> 200 "/"
740- "/?/../" -> 200 "/"
741- "/?/..a" -> 200 "/"
742- "/?/..w" -> 200 "/"
743- "/?/..?" -> 200 "/"
744- "/?/..%" -> 403
745- "/?//.." -> 200 "/"
746- "/?a../" -> 200 "/"
747- "/?a/.." -> 200 "/"
748- "/?w../" -> 200 "/"
749- "/?w/.." -> 200 "/"
750- "/??../" -> 200 "/"
751- "/??/.." -> 200 "/"
752- "/?%../" -> 403
753- "/?%/.." -> 403
754- "/%.../" -> 403
755- "/%../." -> 403
756- "/%..//" -> 403
757- "/%../a" -> 403
758- "/%../w" -> 403
759- "/%../?" -> 403
760- "/%../%" -> 403
761- "/%./.." -> 403
762- "/%/..." -> 403
763- "/%/../" -> 403
764- "/%/..a" -> 403
765- "/%/..w" -> 403
766- "/%/..?" -> 403
767- "/%/..%" -> 403
768- "/%//.." -> 403
769- "/%a../" -> 403
770- "/%a/.." -> 403
771- "/%w../" -> 403
772- "/%w/.." -> 403
773- "/%?../" -> 403
774- "/%?/.." -> 403
775- "/%%../" -> 403
776- "/%%/.." -> 403
777- "/a/w/../a" -> 404 "/a/a"
778- "/path/to/dir/../other/dir" -> 404 "/path/to/other/dir"
779EOF
780
781if [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then
782	echo "Differences..."
783	diff -urN /tmp/lwsresult1 /tmp/results
784	cat /tmp/lwscap1
785	ls -l /tmp/results
786	cat /tmp/results
787# this is currently broken on travis
788#	exit 1
789else
790	echo "OK"
791fi
792
793
794echo
795echo "--- survived OK ---"
796kill -2 $CPID
797
798exit 0
799
800# coverage...
801# run the test client against mirror for one period and exit
802killall libwebsockets-test-server 2>/dev/null
803libwebsockets-test-server -s 2>> $LOG &
804CPID=$!
805sleep 1s
806libwebsockets-test-client 127.0.0.1 -s -O
807
808# https://github.com/curl/curl/issues/1587
809curl -v -F text=hello -F send=SEND -F upload=@../README.md https://127.0.0.1:7681/formtest -k
810
811kill -2 $CPID
812
813exit 0
814
815
816