craigmcc 01/04/02 14:15:49 Modified: tester/src/bin tester.xml Log: Add a test case to watch for the "double URL decode" vulnerability. Revision Changes Path 1.26 +10 -0 jakarta-tomcat-4.0/tester/src/bin/tester.xml Index: tester.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/tester/src/bin/tester.xml,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- tester.xml 2001/03/30 21:20:02 1.25 +++ tester.xml 2001/04/02 21:15:46 1.26 @@ -181,6 +181,16 @@ request="${context.path}/WrappedDecoding0%31/extr%61?servlet=/WrappedDecoding01&path=/extra" outContent="Decoding01 PASSED"/> + <!-- Verify we can access the JSP page normally --> + <tester host="${host}" port="${port}" protocol="${protocol}" + request="/examples/jsp/snp/snoop.jsp" + status="200"/> + + <!-- DefaultServlet should not decode the path again --> + <tester host="${host}" port="${port}" protocol="${protocol}" + request="/examples/jsp/snp/snoop%252ejsp" + status="404"/> + </target>
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tester.x... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... amyroh
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... amyroh
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... amyroh
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... amyroh
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- Re: cvs commit: jakarta-tomcat-4.0/tester/src/bin... Craig R. McClanahan
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc
- cvs commit: jakarta-tomcat-4.0/tester/src/bin tes... craigmcc