Yann, can you check out the failure I committed and see if it's me or
unintended? Everything else went pretty smooth and looks useful in a
bind.
# Check /modules/rewrite/escaping/local_bctls_nospace/foo/bar/%20baz/%0d
for foo/bar/ baz%0d
# rewritten query 'foo%2fbar%2f+baz%2f%0d'
# expected: 'foo/bar/ baz%0d'
# received: 'foo%2fbar%2f+baz%2f%0d'
not ok 67
RewriteRule ^/modules/rewrite/escaping/local_bctls_nospace/(.*)
/?$1 "[B= ?,BNEG,BCTLS]"
On Mon, Mar 13, 2023 at 10:21?AM <covener@apache.org> wrote:
>
> Author: covener
> Date: Mon Mar 13 14:20:59 2023
> New Revision: 1908349
>
> URL: http://svn.apache.org/viewvc?rev=1908349&view=rev
> Log:
> test [B] and additions
>
> 1 failing
>
> Modified:
> httpd/test/framework/trunk/t/conf/extra.conf.in
> httpd/test/framework/trunk/t/modules/rewrite.t
>
> Modified: httpd/test/framework/trunk/t/conf/extra.conf.in
> URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/extra.conf.in?rev=1908349&r1=1908348&r2=1908349&view=diff
> ==============================================================================
> --- httpd/test/framework/trunk/t/conf/extra.conf.in (original)
> +++ httpd/test/framework/trunk/t/conf/extra.conf.in Mon Mar 13 14:20:59 2023
> @@ -270,6 +270,12 @@
> RewriteRule ^/modules/rewrite/cookie/foo - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:foo]
>
> RewriteRule ^/modules/rewrite/escaping/local/(.*) /?$1
> + RewriteRule ^/modules/rewrite/escaping/local_b/(.*) /?$1 [B]
> + RewriteRule ^/modules/rewrite/escaping/local_bctls/(.*) /?$1 [BCTLS]
> + RewriteRule ^/modules/rewrite/escaping/local_bctls_andslash/(.*) /?$1 [B=/,BCTLS]
> + RewriteRule ^/modules/rewrite/escaping/local_bctls_nospace/(.*) /?$1 "[B= ?,BNEG,BCTLS]"
> + RewriteRule ^/modules/rewrite/escaping/local_b_noslash/(.*) /?$1 [B=/,BNEG]
> + RewriteRule ^/modules/rewrite/escaping/local_b_justslash/(.*) /?$1 [B=/]
> RewriteRule ^/modules/rewrite/escaping/redir/(.*) http://@SERVERNAME@:@PORT@/?$1 [R]
> RewriteRule ^/modules/rewrite/escaping/redir_ne/(.*) http://@SERVERNAME@:@PORT@/?$1 [R,NE]
> RewriteRule ^/modules/rewrite/escaping/proxy/(.*) http://@SERVERNAME@:@PORT@/?$1 [P]
> @@ -282,6 +288,9 @@
> RewriteRule proxy_ne/(.*) http://@SERVERNAME@:@PORT@/?$1 [P,NE]
> </LocationMatch>
>
> + <Location /modules/rewrite/escaping>
> + Header always set rewritten-query "expr=%{QUERY_STRING}"
> + </Location>
> <VirtualHost cve_2011_3368_rewrite>
> DocumentRoot @SERVERROOT@/htdocs/modules/proxy
> RewriteEngine On
>
> Modified: httpd/test/framework/trunk/t/modules/rewrite.t
> URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/modules/rewrite.t?rev=1908349&r1=1908348&r2=1908349&view=diff
> ==============================================================================
> --- httpd/test/framework/trunk/t/modules/rewrite.t (original)
> +++ httpd/test/framework/trunk/t/modules/rewrite.t Mon Mar 13 14:20:59 2023
> @@ -34,6 +34,15 @@ my @escapes = (
> [ "/modules/rewrite/escaping/fixups/proxy_ne/foo%20bar" => 403],
> );
>
> +my @bflags = (
> + # t/conf/extra.conf.in
> + [ "/modules/rewrite/escaping/local_b/foo/bar/%20baz%0d" => "foo%2fbar%2f+baz%0d"], # this is why [B] sucks
> + [ "/modules/rewrite/escaping/local_bctls/foo/bar/%20baz/%0d" => "foo/bar/+baz/%0d"], # spaces and ctls only
> + [ "/modules/rewrite/escaping/local_bctls_andslash/foo/bar/%20baz/%0d" => "foo%2fbar%2f+baz%2f%0d"], # not realistic, but opt in to slashes
> + [ "/modules/rewrite/escaping/local_bctls_nospace/foo/bar/%20baz/%0d" => "foo/bar/ baz%0d"], # CTLS but allow space
> + [ "/modules/rewrite/escaping/local_b_noslash/foo/bar/%20baz/%0d" => "foo/bar/+baz/%0d"], # negate something from [B]
> + [ "/modules/rewrite/escaping/local_b_justslash/foo/bar/%20baz/" => "foo%2fbar%2f baz%2f"], # test basic B=/
> +);
>
> if (!have_min_apache_version('2.4.19')) {
> # PR 50447, server context
> @@ -47,7 +56,7 @@ if (!have_min_apache_version('2.4')) {
> # Specific tests for PR 58231
> my $vary_header_tests = (have_min_apache_version("2.4.30") ? 9 : 0) + (have_min_apache_version("2.4.29") ? 4 : 0);
> my $cookie_tests = have_min_apache_version("2.4.47") ? 6 : 0;
> -my $escape_tests = have_min_apache_version("2.4.57") ? scalar(@escapes) : 0;
> +my $escape_tests = have_min_apache_version("2.4.57") ? scalar(@escapes) + scalar(@bflags) : 0;
>
> plan tests => @map * @num + 16 + $vary_header_tests + $cookie_tests + $escape_tests, todo => \@todo, need_module 'rewrite';
>
> @@ -216,6 +225,15 @@ if (have_min_apache_version("2.4.57")) {
> $r = GET($url, redirect_ok => 0);
> ok t_cmp $r->code, $expect;
> }
> + foreach my $t (@bflags) {
> + my $url= $t->[0];
> + my $expect= $t->[1];
> + t_debug "Check $url for $expect\n";
> + $r = GET($url, redirect_ok => 0);
> + t_debug("rewritten query '" . $r->header("rewritten-query") . "'");
> + ok t_cmp $r->header("rewritten-query"), $expect;
> + }
> +
> }
>
>
>
>
--
Eric Covener
covener@gmail.com
unintended? Everything else went pretty smooth and looks useful in a
bind.
# Check /modules/rewrite/escaping/local_bctls_nospace/foo/bar/%20baz/%0d
for foo/bar/ baz%0d
# rewritten query 'foo%2fbar%2f+baz%2f%0d'
# expected: 'foo/bar/ baz%0d'
# received: 'foo%2fbar%2f+baz%2f%0d'
not ok 67
RewriteRule ^/modules/rewrite/escaping/local_bctls_nospace/(.*)
/?$1 "[B= ?,BNEG,BCTLS]"
On Mon, Mar 13, 2023 at 10:21?AM <covener@apache.org> wrote:
>
> Author: covener
> Date: Mon Mar 13 14:20:59 2023
> New Revision: 1908349
>
> URL: http://svn.apache.org/viewvc?rev=1908349&view=rev
> Log:
> test [B] and additions
>
> 1 failing
>
> Modified:
> httpd/test/framework/trunk/t/conf/extra.conf.in
> httpd/test/framework/trunk/t/modules/rewrite.t
>
> Modified: httpd/test/framework/trunk/t/conf/extra.conf.in
> URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/extra.conf.in?rev=1908349&r1=1908348&r2=1908349&view=diff
> ==============================================================================
> --- httpd/test/framework/trunk/t/conf/extra.conf.in (original)
> +++ httpd/test/framework/trunk/t/conf/extra.conf.in Mon Mar 13 14:20:59 2023
> @@ -270,6 +270,12 @@
> RewriteRule ^/modules/rewrite/cookie/foo - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:foo]
>
> RewriteRule ^/modules/rewrite/escaping/local/(.*) /?$1
> + RewriteRule ^/modules/rewrite/escaping/local_b/(.*) /?$1 [B]
> + RewriteRule ^/modules/rewrite/escaping/local_bctls/(.*) /?$1 [BCTLS]
> + RewriteRule ^/modules/rewrite/escaping/local_bctls_andslash/(.*) /?$1 [B=/,BCTLS]
> + RewriteRule ^/modules/rewrite/escaping/local_bctls_nospace/(.*) /?$1 "[B= ?,BNEG,BCTLS]"
> + RewriteRule ^/modules/rewrite/escaping/local_b_noslash/(.*) /?$1 [B=/,BNEG]
> + RewriteRule ^/modules/rewrite/escaping/local_b_justslash/(.*) /?$1 [B=/]
> RewriteRule ^/modules/rewrite/escaping/redir/(.*) http://@SERVERNAME@:@PORT@/?$1 [R]
> RewriteRule ^/modules/rewrite/escaping/redir_ne/(.*) http://@SERVERNAME@:@PORT@/?$1 [R,NE]
> RewriteRule ^/modules/rewrite/escaping/proxy/(.*) http://@SERVERNAME@:@PORT@/?$1 [P]
> @@ -282,6 +288,9 @@
> RewriteRule proxy_ne/(.*) http://@SERVERNAME@:@PORT@/?$1 [P,NE]
> </LocationMatch>
>
> + <Location /modules/rewrite/escaping>
> + Header always set rewritten-query "expr=%{QUERY_STRING}"
> + </Location>
> <VirtualHost cve_2011_3368_rewrite>
> DocumentRoot @SERVERROOT@/htdocs/modules/proxy
> RewriteEngine On
>
> Modified: httpd/test/framework/trunk/t/modules/rewrite.t
> URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/modules/rewrite.t?rev=1908349&r1=1908348&r2=1908349&view=diff
> ==============================================================================
> --- httpd/test/framework/trunk/t/modules/rewrite.t (original)
> +++ httpd/test/framework/trunk/t/modules/rewrite.t Mon Mar 13 14:20:59 2023
> @@ -34,6 +34,15 @@ my @escapes = (
> [ "/modules/rewrite/escaping/fixups/proxy_ne/foo%20bar" => 403],
> );
>
> +my @bflags = (
> + # t/conf/extra.conf.in
> + [ "/modules/rewrite/escaping/local_b/foo/bar/%20baz%0d" => "foo%2fbar%2f+baz%0d"], # this is why [B] sucks
> + [ "/modules/rewrite/escaping/local_bctls/foo/bar/%20baz/%0d" => "foo/bar/+baz/%0d"], # spaces and ctls only
> + [ "/modules/rewrite/escaping/local_bctls_andslash/foo/bar/%20baz/%0d" => "foo%2fbar%2f+baz%2f%0d"], # not realistic, but opt in to slashes
> + [ "/modules/rewrite/escaping/local_bctls_nospace/foo/bar/%20baz/%0d" => "foo/bar/ baz%0d"], # CTLS but allow space
> + [ "/modules/rewrite/escaping/local_b_noslash/foo/bar/%20baz/%0d" => "foo/bar/+baz/%0d"], # negate something from [B]
> + [ "/modules/rewrite/escaping/local_b_justslash/foo/bar/%20baz/" => "foo%2fbar%2f baz%2f"], # test basic B=/
> +);
>
> if (!have_min_apache_version('2.4.19')) {
> # PR 50447, server context
> @@ -47,7 +56,7 @@ if (!have_min_apache_version('2.4')) {
> # Specific tests for PR 58231
> my $vary_header_tests = (have_min_apache_version("2.4.30") ? 9 : 0) + (have_min_apache_version("2.4.29") ? 4 : 0);
> my $cookie_tests = have_min_apache_version("2.4.47") ? 6 : 0;
> -my $escape_tests = have_min_apache_version("2.4.57") ? scalar(@escapes) : 0;
> +my $escape_tests = have_min_apache_version("2.4.57") ? scalar(@escapes) + scalar(@bflags) : 0;
>
> plan tests => @map * @num + 16 + $vary_header_tests + $cookie_tests + $escape_tests, todo => \@todo, need_module 'rewrite';
>
> @@ -216,6 +225,15 @@ if (have_min_apache_version("2.4.57")) {
> $r = GET($url, redirect_ok => 0);
> ok t_cmp $r->code, $expect;
> }
> + foreach my $t (@bflags) {
> + my $url= $t->[0];
> + my $expect= $t->[1];
> + t_debug "Check $url for $expect\n";
> + $r = GET($url, redirect_ok => 0);
> + t_debug("rewritten query '" . $r->header("rewritten-query") . "'");
> + ok t_cmp $r->header("rewritten-query"), $expect;
> + }
> +
> }
>
>
>
>
--
Eric Covener
covener@gmail.com