| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- /*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package middlewares_test
- import (
- "net/http"
- . "github.com/onsi/ginkgo/v2"
- "github.com/apisix/manager-api/test/e2e/base"
- )
- var _ = Describe("Invalid Request", func() {
- It("double dot in URL path (arbitrary file index)", func() {
- base.RunTestCase(base.HttpTestCase{
- Object: base.ManagerApiExpect(),
- Method: http.MethodGet,
- Path: "/../../../../etc/hosts",
- ExpectStatus: http.StatusForbidden,
- })
- base.RunTestCase(base.HttpTestCase{
- Object: base.ManagerApiExpect(),
- Method: http.MethodGet,
- Path: "/.%2e/%2e%2e/../etc/hosts",
- ExpectStatus: http.StatusForbidden,
- })
- })
- })
|
