SWF-706 - ResourceServlet allows HTTP access to sensitive files

This commit is contained in:
Jeremy Grelle
2008-06-05 21:27:08 +00:00
parent 990c14a981
commit 24e23d4fb6
2 changed files with 56 additions and 12 deletions

View File

@@ -67,6 +67,27 @@ public class ResourceServletTests extends TestCase {
assertEquals(404, response.getStatus());
}
public final void testExecute_DisallowedPath() throws Exception {
String requestPath = "/persistence.xml";
request.setPathInfo(requestPath);
servlet.doGet(request, response);
assertEquals(404, response.getStatus());
}
public final void testBenchmark() throws Exception {
String requestPath = "/dojo/dojo.js";
// for (int i = 0; i < 100; i++) {
// request = new MockHttpServletRequest();
// response = new MockHttpServletResponse();
request.setPathInfo(requestPath);
servlet.doGet(request, response);
assertEquals(200, response.getStatus());
// }
}
private class ResourceTestMockServletContext extends MockServletContext {
public String getMimeType(String filePath) {