Merging upstream version 1.45.3+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 12:08:03 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 12:08:18 +0000
commit: 5da14042f70711ea5cf66e034699730335462f66 (patch)
tree: 0f6354ccac934ed87a2d555f45be4c831cf92f4a /src/fluent-bit/lib/monkey/qa/path_traversal03.htt
parent: Releasing debian version 1.44.3-2. (diff)
download: netdata-5da14042f70711ea5cf66e034699730335462f66.tar.xz
netdata-5da14042f70711ea5cf66e034699730335462f66.zip
1 files changed, 27 insertions, 0 deletions
diff --git a/src/fluent-bit/lib/monkey/qa/path_traversal03.htt b/src/fluent-bit/lib/monkey/qa/path_traversal03.htt
new file mode 100644
index 000000000..37e165330
--- /dev/null
+++ b/src/fluent-bit/lib/monkey/qa/path_traversal03.htt
@@ -0,0 +1,27 @@
+################################################################################
+# DESCRIPTION
+#	Test against directory traversal (client must not be allowed to "get out" of
+#	DocumentRoot.
+#
+# AUTHOR
+#	Carlos Ghan	<charlie.brown.uy@gmail.com>
+#
+# DATE
+#	March 08 2010
+#
+# COMMENTS
+#	Mixing dots and %2e
+################################################################################
+
+
+INCLUDE __CONFIG
+
+CLIENT
+_REQ $HOST $PORT
+__GET /%2e%2e/../%2e./.%2e/../%2e%2e/../../%2e./.%2e/etc/motd $HTTPVER
+__Host: $HOST
+__Connection: close
+__
+_EXPECT . "HTTP/1.1 403 Forbidden"
+_WAIT
+END
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 12:08:03 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 12:08:18 +0000
commit	5da14042f70711ea5cf66e034699730335462f66 (patch)
tree	0f6354ccac934ed87a2d555f45be4c831cf92f4a /src/fluent-bit/lib/monkey/qa/path_traversal03.htt
parent	Releasing debian version 1.44.3-2. (diff)
download	netdata-5da14042f70711ea5cf66e034699730335462f66.tar.xz netdata-5da14042f70711ea5cf66e034699730335462f66.zip