Skip to content

Commit

Permalink
Merge pull request #375 from ender672/test_unsafe_dir_traversal
Browse files Browse the repository at this point in the history 
Actually test unsafe directory traversal
  • Loading branch information
@raggi
raggi committed May 13, 2012
2 parents 9fffbfd + 1eaf4e8 commit f5986af
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions test/spec_file.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,13 +65,13 @@ def file(*args)
should "not allow unsafe directory traversal" do
req = Rack::MockRequest.new(file(DOCROOT))

res = req.get("/../README")
res = req.get("/../README.rdoc")
res.should.be.client_error

res = req.get("../test")
res = req.get("../test/spec_file.rb")
res.should.be.client_error

res = req.get("..")
res = req.get("../README.rdoc")
res.should.be.client_error

res.should.be.not_found
Expand Down

0 comments on commit f5986af

Please sign in to comment.