Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1743523910, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"ec12c403934ab29839819c2d62f8c73c", "oid":{ "oid": "98f63c6c8de4a2bf287a37cf12ff34c721b9f359", "alias": []},"blobname": "scripts/attack.sh", "blob": "#!/bin/bash\n#\n# attack the test server and try to make it fall over\n#\n# Requires the library to have been built with\n#\n# cmake .. -DCMAKE_BUILD_TYPE\u003dDEBUG -DLWS_WITH_MINIMAL_EXAMPLES\u003d1\n#\n# run it from the build dir\n\necho\necho \u0022----------------------------------------------\u0022\necho \u0022------- tests: lws attack.sh\u0022\necho\n\nSERVER\u003d127.0.0.1\nPORT\u003d7681\nLOG\u003d/tmp/lwslog\n\nA\u003d`which libwebsockets-test-server`\nINSTALLED\u003d`dirname $A`\n\nSHAREDIR\u003d$INSTALLED/../share/libwebsockets-test-server\nCORPUS\u003d$SHAREDIR/test.html\n\nLWS_NC\u003d./bin/lws-minimal-raw-netcat\n\nCPID\u003d\nLEN\u003d0\n\nfunction check {\n\tkill -0 $CPID\n\tif [ $? -ne 0 ] ; then\n\t\techo \u0022(killed it) *******\u0022\n\t\texit 1\n\tfi\n\t#dd if\u003d$LOG bs\u003d1 skip\u003d$LEN 2\u003e/dev/null\n\n\tif [ \u0022$1\u0022 \u003d \u0022default\u0022 ] ; then\n\t\tdiff /tmp/lwscap $CORPUS \u003e /dev/null\n\t\tif [ $? -ne 0 ] ; then\n\t\t\techo \u0022FAIL: got something other than $CORPUS back\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\tif [ \u0022$1\u0022 \u003d \u0022defaultplusforbidden\u0022 ] ; then\n\tcat $CORPUS \u003e /tmp/plusforb\n\techo -e -n \u0022HTTP/1.0 403 Forbidden\u005cx0d\u005cx0acontent-type: text/html\u005cx0d\u005cx0acontent-length: 173\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u003chtml\u003e\u003chead\u003e\u003cmeta charset\u003dutf-8 http-equiv\u003d\u005c\u0022Content-Language\u005c\u0022 content\u003d\u005c\u0022en\u005c\u0022/\u003e\u003clink rel\u003d\u005c\u0022stylesheet\u005c\u0022 type\u003d\u005c\u0022text/css\u005c\u0022 href\u003d\u005c\u0022/error.css\u005c\u0022/\u003e\u003c/head\u003e\u003cbody\u003e\u003ch1\u003e403\u003c/h1\u003e\u003c/body\u003e\u003c/html\u003e\u0022 \u003e\u003e /tmp/plusforb\n\t\tdiff /tmp/lwscap /tmp/plusforb \u003e /dev/null\n\t\tif [ $? -ne 0 ] ; then\n\t\t\tcat $CORPUS \u003e /tmp/plusforb\n\n\t\t\techo -e -n \u0022HTTP/1.1 403 Forbidden\u005cx0d\u005cx0acontent-type: text/html\u005cx0d\u005cx0acontent-length: 173\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u003chtml\u003e\u003chead\u003e\u003cmeta charset\u003dutf-8 http-equiv\u003d\u005c\u0022Content-Language\u005c\u0022 content\u003d\u005c\u0022en\u005c\u0022/\u003e\u003clink rel\u003d\u005c\u0022stylesheet\u005c\u0022 type\u003d\u005c\u0022text/css\u005c\u0022 href\u003d\u005c\u0022/error.css\u005c\u0022/\u003e\u003c/head\u003e\u003cbody\u003e\u003ch1\u003e403\u003c/h1\u003e\u003c/body\u003e\u003c/html\u003e\u0022 \u003e\u003e /tmp/plusforb\n\t\t\tdiff /tmp/lwscap /tmp/plusforb \u003e /dev/null\n\t\t\tif [ $? -ne 0 ] ; then\n\n\t\t\t\techo \u0022FAIL: got something other than $CORPUS + forbidden back\u0022\n\t\t\t\ttail -n 10 /tmp/lwscap\n\t\t\t\ttail -n 100 $LOG\n\t\t\t\texit 1\n\t\t\tfi\n\t\tfi\n\tfi\n\n\tif [ \u0022$1\u0022 \u003d \u0022forbidden\u0022 ] ; then\n\t\tif [ -z \u0022`grep '\u003ch1\u003e403\u003c/h1\u003e' /tmp/lwscap`\u0022 ] ; then\n\t\t\techo \u0022FAIL: should have told forbidden (test server has no dirs)\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\n\tif [ \u0022$1\u0022 \u003d \u0022notfound\u0022 ] ; then\n\t\tif [ -z \u0022`grep '\u003ch1\u003e404\u003c/h1\u003e' /tmp/lwscap`\u0022 ] ; then\n\t\t\techo \u0022FAIL: should have told not found\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\n\n\tif [ \u0022$1\u0022 \u003d \u0022rejected\u0022 ] ; then\n\t\tif [ -z \u0022`grep '\u003ch1\u003e404\u003c/h1\u003e' /tmp/lwscap`\u0022 ] ; then\n\t\t\techo \u0022FAIL: should have told forbidden (test server has no dirs)\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\n\n\tif [ \u0022$1\u0022 \u003d \u0022media\u0022 ] ; then\n\t\tif [ -z \u0022`grep '\u003ch1\u003e404\u003c/h1\u003e' /tmp/lwscap`\u0022 ] ; then\n\t\t\techo \u0022FAIL: should have told unknown media type\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\n\tif [ \u0022$1\u0022 \u003d\u003d \u00220\u0022 ] ; then\n\t\ta\u003d\u0022`dd if\u003d$LOG bs\u003d1 skip\u003d$LEN 2\u003e/dev/null |grep \u0022get\u005c \u005c \u003d\u0022 | tr -s ' ' | cut -d' ' -f4-`\u0022\n\t\tif [ \u0022$a\u0022 !\u003d \u0022$2\u0022 ] ; then\n\t\t\techo \u0022URL path '$a' not $2\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\n\tif [ \u0022$1\u0022 \u003d\u003d \u00221\u0022 ] ; then\n\t\ta\u003d\u0022`dd if\u003d$LOG bs\u003d1 skip\u003d$LEN 2\u003e/dev/null |grep URI\u005c Arg\u005c 1\u005c: | tr -s ' ' | cut -d' ' -f7-`\u0022\n\t\tif [ \u0022$a\u0022 !\u003d \u0022$2\u0022 ] ; then\n\t\t\techo \u0022Arg 1 '$a' not $2\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\n\tif [ \u0022$1\u0022 \u003d\u003d \u00222\u0022 ] ; then\n\t\ta\u003d\u0022`dd if\u003d$LOG bs\u003d1 skip\u003d$LEN 2\u003e/dev/null |grep URI\u005c Arg\u005c 2\u005c: | tr -s ' ' | cut -d' ' -f7-`\u0022\n\t\tif [ \u0022$a\u0022 !\u003d \u0022$2\u0022 ] ; then\n\t\t\techo \u0022Arg 2 '$a' not $2\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\tif [ \u0022$1\u0022 \u003d\u003d \u00223\u0022 ] ; then\n\t\ta\u003d\u0022`dd if\u003d$LOG bs\u003d1 skip\u003d$LEN 2\u003e/dev/null |grep URI\u005c Arg\u005c 3\u005c: | tr -s ' ' | cut -d' ' -f7-`\u0022\n\t\tif [ \u0022$a\u0022 !\u003d \u0022$2\u0022 ] ; then\n\t\t\techo \u0022Arg 3 '$a' not $2\u0022\n\t\t\texit 1\n\t\tfi\n\tfi\n\n\tif [ -z \u0022$1\u0022 ] ; then\n\t\tLEN\u003d`stat $LOG -c %s`\n\tfi\n}\n\n\nrm -rf $LOG\nkillall libwebsockets-test-server 2\u003e/dev/null\nlibwebsockets-test-server -d15 2\u003e\u003e $LOG \u003e/dev/null \u0026\nCPID\u003d$!\n\necho \u0022Started server on PID $CPID\u0022\n\nwhile [ -z \u0022`grep ort\u005c 7681 $LOG`\u0022 ] ; do\n\tsleep 0.5s\ndone\ncheck\n\necho\necho \u0022---- /cgi-bin/settingsjs?UPDATE_SETTINGS\u003d1\u0026Root_Channels_1_Channel_name_http_post\u003d%3F\u0026Root_Channels_1_Channel_location_http_post\u003d%3F\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET /cgi-bin/settingsjs?UPDATE_SETTINGS\u003d1\u0026Root_Channels_1_Channel_name_http_post\u003d%3F\u0026Root_Channels_1_Channel_location_http_post\u003d%3F HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncat /tmp/lwscap\ncheck 1 \u0022UPDATE_SETTINGS\u003d1\u0022\ncheck 2 \u0022Root_Channels_1_Channel_name_http_post\u003d?\u0022\ncheck 3 \u0022Root_Channels_1_Channel_location_http_post\u003d?\u0022\ncheck\n\necho\necho \u0022---- ? processing (/cgi-bin/settings.js?key1\u003dvalue1)\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET /cgi-bin/settings.js?key1\u003dvalue1 HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck 1 \u0022key1\u003dvalue1\u0022\ncheck\n\necho\necho \u0022---- ? processing (/t%3dest?key1%3d2\u003dvalue1)\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET /t%3dest?key1%3d2\u003dvalue1 HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck 0 \u0022/t\u003dest\u0022\ncheck 1 \u0022key1_2\u003dvalue1\u0022\ncheck\n\necho\necho \u0022---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg\u003d1)\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET %2f%2e%2e%2f%2e./xxtest.html?arg\u003d1 HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck 1 \u0022arg\u003d1\u0022\ncheck\n\necho\necho \u0022---- ? processing (%2f%2e%2e%2f%2e./xxtest.html?arg\u003d/../.)\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET %2f%2e%2e%2f%2e./xxtest.html?arg\u003d/../. HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck 1 \u0022arg\u003d/../.\u0022\ncheck\n\necho\necho \u0022---- spam enough crap to not be GET\u0022\necho \u0022not GET\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null \u003e /tmp/lwscap\ncheck\n\necho\necho \u0022---- spam more than the name buffer of crap\u0022\ndd if\u003d/dev/urandom bs\u003d1 count\u003d80 2\u003e/dev/null | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null \u003e /tmp/lwscap\ncheck\n\necho\necho \u0022---- spam 10MB of crap\u0022\ndd if\u003d/dev/urandom bs\u003d1 count\u003d655360 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null \u003e /tmp/lwscap\ncheck\n\necho\necho \u0022---- malformed URI\u0022\necho \u0022GET nonsense................................................................................................................\u0022 \u005c\n\t| $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null \u003e /tmp/lwscap\ncheck\n\necho\necho \u0022---- missing URI\u0022\necho -n -e \u0022GET HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null \u003e/tmp/lwscap\ncheck\n\necho\necho \u0022---- repeated method\u0022\necho -n -e \u0022GET blah HTTP/1.0\u005cx0d\u005cx0aGET blah HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null \u003e/tmp/lwscap \ncheck\n\necho\necho \u0022---- crazy header name part\u0022\necho -n -e \u0022GET blah HTTP/1.0\u005cx0d\u005cx0a................................................................................................................\u0022 \u005c\n\t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n\t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null\ncheck\n\necho\necho \u0022---- excessive uri content\u0022\necho -n -e \u0022GET ................................................................................................................\u0022 \u005c\n\t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n\t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n \t\u0022.......................................................................................................................\u0022 \u005c\n | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null\ncheck\n\necho\necho \u0022---- good request but http payload coming too (test.html served then forbidden)\u0022\necho -n -e \u0022GET /test.html HTTP/1.1\u005cx0d\u005cx0a\u005cx0d\u005cx0aILLEGAL-PAYLOAD........................................\u0022 \u005c\n\t| $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck defaultplusforbidden\ncheck\n\necho\necho \u0022---- nonexistent file\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET /nope HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncat /tmp/lwscap\ncheck notfound\ncheck\n\necho\necho \u0022---- relative uri path\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET nope HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck forbidden\ncheck\n\necho\necho \u0022---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)\u0022\nrm -f /tmp/lwscap\necho -n -e \u0022GET /../../../../etc/passwd HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck notfound\ncheck\n\necho\necho \u0022---- directory attack 2 (/../ should be /)\u0022\nrm -f /tmp/lwscap\necho -e -n \u0022GET /../ HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck default\ncheck\n\necho\necho \u0022---- directory attack 3 (/./ should be /)\u0022\nrm -f /tmp/lwscap\necho -e -n \u0022GET /./ HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck default\ncheck\n\necho\necho \u0022---- directory attack 4 (/blah/.. should be /)\u0022\nrm -f /tmp/lwscap\necho -e -n \u0022GET /blah/.. HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck default\ncheck\n\necho\necho \u0022---- directory attack 5 (/blah/../ should be /)\u0022\nrm -f /tmp/lwscap\necho -e -n \u0022GET /blah/../ HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck default\ncheck\n\necho\necho \u0022---- directory attack 6 (/blah/../. should be /)\u0022\nrm -f /tmp/lwscap\necho -e -n \u0022GET /blah/../. HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck default\ncheck\n\necho\necho \u0022---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)\u0022\nrm -f /tmp/lwscap\necho -e -n \u0022GET /%2e%2e%2f../../../etc/passwd HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck notfound\ncheck\n\necho\necho \u0022---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)\u0022\nrm -f /tmp/lwscap\necho -e -n \u0022GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.0\u005cx0d\u005cx0a\u005cx0d\u005cx0a\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null | sed '1,/^\u005cr$/d'\u003e /tmp/lwscap\ncheck notfound\ncheck\n\necho\necho \u0022---- http/1.1 pipelining\u0022\nrm -f /tmp/lwscap\nwget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2\u003e\u00261 | grep \u0022Downloaded: 8 files\u0022 \u003e /tmp/lwscap\ngood\u003d`cat $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS $CORPUS | md5sum | cut -d' ' -f1`\nif [ \u0022$good\u0022 !\u003d \u0022`md5sum /tmp/lwsdump | cut -d' ' -f 1`\u0022 ] ; then\n\techo \u0022FAIL: mismatched content good\u003d$good received\u003d`md5sum /tmp/lwsdump`\u0022\n\texit 1\nfi\n\necho\necho \u0022---- mass testing uri variations\u0022\n\nrm -f /tmp/results\n\nfor i in \u005c\n/..../ \u005c\n/.../. \u005c\n/...// \u005c\n/.../a \u005c\n/.../w \u005c\n\u0022/.../?\u0022 \u005c\n/.../% \u005c\n/../.. \u005c\n/.././ \u005c\n/../.a \u005c\n/../.w \u005c\n/../.. \u005c\n/../.% \u005c\n/..//. \u005c\n/../// \u005c\n/..//a \u005c\n/..//w \u005c\n\u0022/..//?\u0022 \u005c\n/..//% \u005c\n/../a. \u005c\n/../a/ \u005c\n/../aa \u005c\n/../aw \u005c\n/../a? \u005c\n/../a% \u005c\n/../w. \u005c\n/../w/ \u005c\n/../wa \u005c\n/../ww \u005c\n/../w? \u005c\n/../w% \u005c\n/../?. \u005c\n/../?/ \u005c\n/../?a \u005c\n/../?w \u005c\n/../?? \u005c\n/../?% \u005c\n/../%. \u005c\n/../%/ \u005c\n/../%a \u005c\n/../%w \u005c\n/../%? \u005c\n/../%% \u005c\n/./... \u005c\n/./../ \u005c\n/./..a \u005c\n/./..w \u005c\n/./..? \u005c\n/./..% \u005c\n/.//.. \u005c\n/.a../ \u005c\n/.a/.. \u005c\n/.w../ \u005c\n/.w/.. \u005c\n/.?../ \u005c\n/../.. \u005c\n/.%../ \u005c\n/.%/.. \u005c\n//.... \u005c\n//.../ \u005c\n//...a \u005c\n//...w \u005c\n//...? \u005c\n//...% \u005c\n//../. \u005c\n//..// \u005c\n//../a \u005c\n//../w \u005c\n//../? \u005c\n//../% \u005c\n//..a. \u005c\n//..a/ \u005c\n//..aa \u005c\n//..aw \u005c\n//..a? \u005c\n//..a% \u005c\n//..w. \u005c\n//..w/ \u005c\n//..wa \u005c\n//..ww \u005c\n//..w? \u005c\n//..w% \u005c\n//..?. \u005c\n//..?/ \u005c\n//..?a \u005c\n//..?w \u005c\n//..?? \u005c\n//..?% \u005c\n//..%. \u005c\n//..%/ \u005c\n//..%a \u005c\n//..%w \u005c\n//..%? \u005c\n//..%% \u005c\n//./.. \u005c\n///... \u005c\n///../ \u005c\n///..a \u005c\n///..w \u005c\n///..? \u005c\n///..% \u005c\n////.. \u005c\n//a../ \u005c\n//a/.. \u005c\n//w../ \u005c\n//w/.. \u005c\n//?../ \u005c\n//?/.. \u005c\n//%../ \u005c\n//%/.. \u005c\n/a.../ \u005c\n/a../. \u005c\n/a..// \u005c\n/a../a \u005c\n/a../w \u005c\n/a../? \u005c\n/a../% \u005c\n/a./.. \u005c\n/a/... \u005c\n/a/../ \u005c\n/a/..a \u005c\n/a/..w \u005c\n/a/..? \u005c\n/a/..% \u005c\n/a//.. \u005c\n/aa../ \u005c\n/aa/.. \u005c\n/aw../ \u005c\n/aw/.. \u005c\n/a?../ \u005c\n/a?/.. \u005c\n/a%../ \u005c\n/a%/.. \u005c\n/w.../ \u005c\n/w../. \u005c\n/w..// \u005c\n/w../a \u005c\n/w../w \u005c\n/w../? \u005c\n/w../% \u005c\n/w./.. \u005c\n/w/... \u005c\n/w/../ \u005c\n/w/..a \u005c\n/w/..w \u005c\n/w/..? \u005c\n/w/..% \u005c\n/w//.. \u005c\n/wa../ \u005c\n/wa/.. \u005c\n/ww../ \u005c\n/ww/.. \u005c\n/w?../ \u005c\n/w?/.. \u005c\n/w%../ \u005c\n/w%/.. \u005c\n/?.../ \u005c\n/?../. \u005c\n/?..// \u005c\n/?../a \u005c\n/?../w \u005c\n/?../? \u005c\n/?../% \u005c\n/?./.. \u005c\n/?/... \u005c\n/?/../ \u005c\n/?/..a \u005c\n/?/..w \u005c\n/?/..? \u005c\n/?/..% \u005c\n/?//.. \u005c\n/?a../ \u005c\n/?a/.. \u005c\n/?w../ \u005c\n/?w/.. \u005c\n/??../ \u005c\n/??/.. \u005c\n/?%../ \u005c\n/?%/.. \u005c\n/%.../ \u005c\n/%../. \u005c\n/%..// \u005c\n/%../a \u005c\n/%../w \u005c\n/%../? \u005c\n/%../% \u005c\n/%./.. \u005c\n/%/... \u005c\n/%/../ \u005c\n/%/..a \u005c\n/%/..w \u005c\n/%/..? \u005c\n/%/..% \u005c\n/%//.. \u005c\n/%a../ \u005c\n/%a/.. \u005c\n/%w../ \u005c\n/%w/.. \u005c\n/%?../ \u005c\n/%?/.. \u005c\n/%%../ \u005c\n/%%/.. \u005c\n/a/w/../a \u005c\n/path/to/dir/../other/dir \u005c\n; do\nLEN\u003d`stat $LOG -c %s`\nrm -f /tmp/lwscap1\necho -n -e \u0022GET $i HTTP/1.0\u005cr\u005cn\u005cr\u005cn\u0022 | $LWS_NC --server $SERVER --port $PORT 2\u003e/dev/null \u003e /tmp/lwscap1\nR\u003d`cat /tmp/lwscap1| head -n 1 | cut -d' ' -f 2`\n#cat $LOG\n#echo \u003d\u003d\u003d\u003d $R\n\n\nif [ \u0022$R\u0022 !\u003d \u0022403\u0022 ]; then\n\tU\u003d`dd if\u003d$LOG bs\u003d1 skip\u003d$LEN 2\u003e/dev/null| grep \u0022Method:\u0022 | tr -s ' ' | cut -d\u0022'\u0022 -f4`\n#dd if\u003d$LOG bs\u003d1 skip\u003d$LEN 2\u003e/dev/null\n\techo \u0022- \u005c\u0022$i\u005c\u0022 -\u003e $R \u005c\u0022$U\u005c\u0022\u0022 \u003e\u003e/tmp/results\nelse\n\techo \u0022- \u005c\u0022$i\u005c\u0022 -\u003e $R\u0022 \u003e\u003e/tmp/results\nfi\ndone\n\ncat \u003c\u003cEOF \u003e/tmp/lwsresult1\n- \u0022/..../\u0022 -\u003e 404 \u0022/..../\u0022\n- \u0022/.../.\u0022 -\u003e 404 \u0022/.../\u0022\n- \u0022/...//\u0022 -\u003e 404 \u0022/.../\u0022\n- \u0022/.../a\u0022 -\u003e 404 \u0022/.../a\u0022\n- \u0022/.../w\u0022 -\u003e 404 \u0022/.../w\u0022\n- \u0022/.../?\u0022 -\u003e 404 \u0022/.../\u0022\n- \u0022/.../%\u0022 -\u003e 403\n- \u0022/../..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/.././\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/../.a\u0022 -\u003e 404 \u0022/.a\u0022\n- \u0022/../.w\u0022 -\u003e 404 \u0022/.w\u0022\n- \u0022/../..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/../.%\u0022 -\u003e 403\n- \u0022/..//.\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/..///\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/..//a\u0022 -\u003e 404 \u0022/a\u0022\n- \u0022/..//w\u0022 -\u003e 404 \u0022/w\u0022\n- \u0022/..//?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/..//%\u0022 -\u003e 403\n- \u0022/../a.\u0022 -\u003e 404 \u0022/a.\u0022\n- \u0022/../a/\u0022 -\u003e 404 \u0022/a/\u0022\n- \u0022/../aa\u0022 -\u003e 404 \u0022/aa\u0022\n- \u0022/../aw\u0022 -\u003e 404 \u0022/aw\u0022\n- \u0022/../a?\u0022 -\u003e 404 \u0022/a\u0022\n- \u0022/../a%\u0022 -\u003e 403\n- \u0022/../w.\u0022 -\u003e 404 \u0022/w.\u0022\n- \u0022/../w/\u0022 -\u003e 404 \u0022/w/\u0022\n- \u0022/../wa\u0022 -\u003e 404 \u0022/wa\u0022\n- \u0022/../ww\u0022 -\u003e 404 \u0022/ww\u0022\n- \u0022/../w?\u0022 -\u003e 404 \u0022/w\u0022\n- \u0022/../w%\u0022 -\u003e 403\n- \u0022/../?.\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/../?/\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/../?a\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/../?w\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/../??\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/../?%\u0022 -\u003e 403\n- \u0022/../%.\u0022 -\u003e 403\n- \u0022/../%/\u0022 -\u003e 403\n- \u0022/../%a\u0022 -\u003e 403\n- \u0022/../%w\u0022 -\u003e 403\n- \u0022/../%?\u0022 -\u003e 403\n- \u0022/../%%\u0022 -\u003e 403\n- \u0022/./...\u0022 -\u003e 404 \u0022/...\u0022\n- \u0022/./../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/./..a\u0022 -\u003e 404 \u0022/..a\u0022\n- \u0022/./..w\u0022 -\u003e 404 \u0022/..w\u0022\n- \u0022/./..?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/./..%\u0022 -\u003e 403\n- \u0022/.//..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/.a../\u0022 -\u003e 404 \u0022/.a../\u0022\n- \u0022/.a/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/.w../\u0022 -\u003e 404 \u0022/.w../\u0022\n- \u0022/.w/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/.?../\u0022 -\u003e 404 \u0022/.\u0022\n- \u0022/../..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/.%../\u0022 -\u003e 403\n- \u0022/.%/..\u0022 -\u003e 403\n- \u0022//....\u0022 -\u003e 404 \u0022/....\u0022\n- \u0022//.../\u0022 -\u003e 404 \u0022/.../\u0022\n- \u0022//...a\u0022 -\u003e 404 \u0022/...a\u0022\n- \u0022//...w\u0022 -\u003e 404 \u0022/...w\u0022\n- \u0022//...?\u0022 -\u003e 404 \u0022/...\u0022\n- \u0022//...%\u0022 -\u003e 403\n- \u0022//../.\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//..//\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//../a\u0022 -\u003e 404 \u0022/a\u0022\n- \u0022//../w\u0022 -\u003e 404 \u0022/w\u0022\n- \u0022//../?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//../%\u0022 -\u003e 403\n- \u0022//..a.\u0022 -\u003e 404 \u0022/..a.\u0022\n- \u0022//..a/\u0022 -\u003e 404 \u0022/..a/\u0022\n- \u0022//..aa\u0022 -\u003e 404 \u0022/..aa\u0022\n- \u0022//..aw\u0022 -\u003e 404 \u0022/..aw\u0022\n- \u0022//..a?\u0022 -\u003e 404 \u0022/..a\u0022\n- \u0022//..a%\u0022 -\u003e 403\n- \u0022//..w.\u0022 -\u003e 404 \u0022/..w.\u0022\n- \u0022//..w/\u0022 -\u003e 404 \u0022/..w/\u0022\n- \u0022//..wa\u0022 -\u003e 404 \u0022/..wa\u0022\n- \u0022//..ww\u0022 -\u003e 404 \u0022/..ww\u0022\n- \u0022//..w?\u0022 -\u003e 404 \u0022/..w\u0022\n- \u0022//..w%\u0022 -\u003e 403\n- \u0022//..?.\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//..?/\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//..?a\u0022 -\u003e 404 \u0022/a\u0022\n- \u0022//..?w\u0022 -\u003e 404 \u0022/w\u0022\n- \u0022//..??\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//..?%\u0022 -\u003e 403\n- \u0022//..%.\u0022 -\u003e 403\n- \u0022//..%/\u0022 -\u003e 403\n- \u0022//..%a\u0022 -\u003e 403\n- \u0022//..%w\u0022 -\u003e 403\n- \u0022//..%?\u0022 -\u003e 403\n- \u0022//..%%\u0022 -\u003e 403\n- \u0022//./..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022///...\u0022 -\u003e 404 \u0022/...\u0022\n- \u0022///../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022///..a\u0022 -\u003e 404 \u0022/..a\u0022\n- \u0022///..w\u0022 -\u003e 404 \u0022/..w\u0022\n- \u0022///..?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022///..%\u0022 -\u003e 403\n- \u0022////..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//a../\u0022 -\u003e 404 \u0022/a../\u0022\n- \u0022//a/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//w../\u0022 -\u003e 404 \u0022/w../\u0022\n- \u0022//w/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//?../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//?/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022//%../\u0022 -\u003e 403\n- \u0022//%/..\u0022 -\u003e 403\n- \u0022/a.../\u0022 -\u003e 404 \u0022/a.../\u0022\n- \u0022/a../.\u0022 -\u003e 404 \u0022/a../\u0022\n- \u0022/a..//\u0022 -\u003e 404 \u0022/a../\u0022\n- \u0022/a../a\u0022 -\u003e 404 \u0022/a../a\u0022\n- \u0022/a../w\u0022 -\u003e 404 \u0022/a../w\u0022\n- \u0022/a../?\u0022 -\u003e 404 \u0022/a../\u0022\n- \u0022/a../%\u0022 -\u003e 403\n- \u0022/a./..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/a/...\u0022 -\u003e 404 \u0022/a/...\u0022\n- \u0022/a/../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/a/..a\u0022 -\u003e 404 \u0022/a/..a\u0022\n- \u0022/a/..w\u0022 -\u003e 404 \u0022/a/..w\u0022\n- \u0022/a/..?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/a/..%\u0022 -\u003e 403\n- \u0022/a//..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/aa../\u0022 -\u003e 404 \u0022/aa../\u0022\n- \u0022/aa/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/aw../\u0022 -\u003e 404 \u0022/aw../\u0022\n- \u0022/aw/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/a?../\u0022 -\u003e 404 \u0022/a\u0022\n- \u0022/a?/..\u0022 -\u003e 404 \u0022/a\u0022\n- \u0022/a%../\u0022 -\u003e 403\n- \u0022/a%/..\u0022 -\u003e 403\n- \u0022/w.../\u0022 -\u003e 404 \u0022/w.../\u0022\n- \u0022/w../.\u0022 -\u003e 404 \u0022/w../\u0022\n- \u0022/w..//\u0022 -\u003e 404 \u0022/w../\u0022\n- \u0022/w../a\u0022 -\u003e 404 \u0022/w../a\u0022\n- \u0022/w../w\u0022 -\u003e 404 \u0022/w../w\u0022\n- \u0022/w../?\u0022 -\u003e 404 \u0022/w../\u0022\n- \u0022/w../%\u0022 -\u003e 403\n- \u0022/w./..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/w/...\u0022 -\u003e 404 \u0022/w/...\u0022\n- \u0022/w/../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/w/..a\u0022 -\u003e 404 \u0022/w/..a\u0022\n- \u0022/w/..w\u0022 -\u003e 404 \u0022/w/..w\u0022\n- \u0022/w/..?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/w/..%\u0022 -\u003e 403\n- \u0022/w//..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/wa../\u0022 -\u003e 404 \u0022/wa../\u0022\n- \u0022/wa/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/ww../\u0022 -\u003e 404 \u0022/ww../\u0022\n- \u0022/ww/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/w?../\u0022 -\u003e 404 \u0022/w\u0022\n- \u0022/w?/..\u0022 -\u003e 404 \u0022/w\u0022\n- \u0022/w%../\u0022 -\u003e 403\n- \u0022/w%/..\u0022 -\u003e 403\n- \u0022/?.../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?../.\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?..//\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?../a\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?../w\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?../?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?../%\u0022 -\u003e 403\n- \u0022/?./..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?/...\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?/../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?/..a\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?/..w\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?/..?\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?/..%\u0022 -\u003e 403\n- \u0022/?//..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?a../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?a/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?w../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?w/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/??../\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/??/..\u0022 -\u003e 200 \u0022/\u0022\n- \u0022/?%../\u0022 -\u003e 403\n- \u0022/?%/..\u0022 -\u003e 403\n- \u0022/%.../\u0022 -\u003e 403\n- \u0022/%../.\u0022 -\u003e 403\n- \u0022/%..//\u0022 -\u003e 403\n- \u0022/%../a\u0022 -\u003e 403\n- \u0022/%../w\u0022 -\u003e 403\n- \u0022/%../?\u0022 -\u003e 403\n- \u0022/%../%\u0022 -\u003e 403\n- \u0022/%./..\u0022 -\u003e 403\n- \u0022/%/...\u0022 -\u003e 403\n- \u0022/%/../\u0022 -\u003e 403\n- \u0022/%/..a\u0022 -\u003e 403\n- \u0022/%/..w\u0022 -\u003e 403\n- \u0022/%/..?\u0022 -\u003e 403\n- \u0022/%/..%\u0022 -\u003e 403\n- \u0022/%//..\u0022 -\u003e 403\n- \u0022/%a../\u0022 -\u003e 403\n- \u0022/%a/..\u0022 -\u003e 403\n- \u0022/%w../\u0022 -\u003e 403\n- \u0022/%w/..\u0022 -\u003e 403\n- \u0022/%?../\u0022 -\u003e 403\n- \u0022/%?/..\u0022 -\u003e 403\n- \u0022/%%../\u0022 -\u003e 403\n- \u0022/%%/..\u0022 -\u003e 403\n- \u0022/a/w/../a\u0022 -\u003e 404 \u0022/a/a\u0022\n- \u0022/path/to/dir/../other/dir\u0022 -\u003e 404 \u0022/path/to/other/dir\u0022\nEOF\n\nif [ \u0022`md5sum /tmp/results | cut -d' ' -f 1`\u0022 !\u003d \u0022`md5sum /tmp/lwsresult1 | cut -d' ' -f1`\u0022 ] ; then\n\techo \u0022Differences...\u0022\n\tdiff -urN /tmp/lwsresult1 /tmp/results\n\tcat /tmp/lwscap1\n\tls -l /tmp/results\n\tcat /tmp/results\n# this is currently broken on travis\n#\texit 1\nelse\n\techo \u0022OK\u0022\nfi\n\n\necho\necho \u0022--- survived OK ---\u0022\nkill -2 $CPID\n\nexit 0\n\n# coverage...\n# run the test client against mirror for one period and exit\nkillall libwebsockets-test-server 2\u003e/dev/null\nlibwebsockets-test-server -s 2\u003e\u003e $LOG \u0026\nCPID\u003d$!\nsleep 1s\nlibwebsockets-test-client 127.0.0.1 -s -O\n\n# https://github.com/curl/curl/issues/1587\ncurl -v -F text\u003dhello -F send\u003dSEND -F upload\u003d@../README.md https://127.0.0.1:7681/formtest -k\n\nkill -2 $CPID\n\nexit 0\n\n\n","s":{"c":1743523910,"u": 519}} ],"g": 7286,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 1, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}