Home | History | Annotate | Download | only in data 
      1 <testcase>
      2 <info>
      3 <keywords>
      4 HTTP
      5 HTTP GET
      6 dotdot removal
      7 </keywords>
      8 </info>
      9 
     10 #
     11 # Server-side
     12 <reply>
     13 <data>
     14 HTTP/1.1 200 OK
     15 Content-Length: 6
     16 Connection: close
     17 
     18 -foo-
     19 </data>
     20 
     21 <data1>
     22 HTTP/1.1 200 OK
     23 Content-Length: 7
     24 Connection: close
     25 
     26 -cool-
     27 </data1>
     28 </reply>
     29 
     30 #
     31 # Client-side
     32 <client>
     33 <server>
     34 http
     35 </server>
     36  <name>
     37 HTTP URL with dotdot removal from path
     38  </name>
     39  <command>
     40 http://%HOSTIP:%HTTPPORT/../../hej/but/who/../1231?stupid=me/../1231#soo/../1231 http://%HOSTIP:%HTTPPORT/../../hej/but/who/../12310001#/../12310001
     41 </command>
     42 </client>
     43 
     44 #
     45 # Verify data after the test has been "shot"
     46 <verify>
     47 <strip>
     48 ^User-Agent:.*
     49 </strip>
     50 <protocol>
     51 GET /hej/but/1231?stupid=me/../1231 HTTP/1.1
     52 Host: %HOSTIP:%HTTPPORT
     53 Accept: */*
     54 
     55 GET /hej/but/12310001 HTTP/1.1
     56 Host: %HOSTIP:%HTTPPORT
     57 Accept: */*
     58 
     59 </protocol>
     60 </verify>
     61 </testcase>
     62