36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From c92e40e871b8bc076ee039c428f8d176125265f9 Mon Sep 17 00:00:00 2001
|
|
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
|
|
Date: Mon, 10 Jan 2022 01:12:57 +0900
|
|
Subject: [PATCH 2/5] Test for quadratic backtracking on invalid URI
|
|
|
|
https://hackerone.com/reports/1444501
|
|
---
|
|
test/uri/test_common.rb | 11 +++++++++++
|
|
1 file changed, 11 insertions(+)
|
|
|
|
diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb
|
|
index 1afa35f..2b877c1 100644
|
|
--- a/test/uri/test_common.rb
|
|
+++ b/test/uri/test_common.rb
|
|
@@ -56,6 +56,17 @@ class TestCommon < Test::Unit::TestCase
|
|
assert_raise(NoMethodError) { Object.new.URI("http://www.ruby-lang.org/") }
|
|
end
|
|
|
|
+ def test_parse_timeout
|
|
+ pre = ->(n) {
|
|
+ 'https://example.com/dir/' + 'a' * (n * 100) + '/##.jpg'
|
|
+ }
|
|
+ assert_linear_performance((1..10).map {|i| i * 100}, pre: pre) do |uri|
|
|
+ assert_raise(URI::InvalidURIError) do
|
|
+ URI.parse(uri)
|
|
+ end
|
|
+ end
|
|
+ end
|
|
+
|
|
def test_encode_www_form_component
|
|
assert_equal("%00+%21%22%23%24%25%26%27%28%29*%2B%2C-.%2F09%3A%3B%3C%3D%3E%3F%40" \
|
|
"AZ%5B%5C%5D%5E_%60az%7B%7C%7D%7E",
|
|
--
|
|
2.33.0
|
|
|