graphene/LibOS/shim/test/apps/nginx/nginx-tests/rewrite_unescape.t

#!/usr/bin/perl

# (C) Maxim Dounin

# Tests for escaping/unescaping in rewrite module.

###############################################################################

use warnings;
use strict;

use Test::More;

BEGIN { use FindBin; chdir($FindBin::Bin); }

use lib 'lib';
use Test::Nginx;

###############################################################################

select STDERR; $| = 1;
select STDOUT; $| = 1;

my $t = Test::Nginx->new()->has(qw/http rewrite/)->plan(9)
	->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%

master_process off;
daemon         off;

events {
}

http {
    %%TEST_GLOBALS_HTTP%%

    server {
        listen       127.0.0.1:8080;
        server_name  localhost;

        location /t1 {
            rewrite ^ $arg_r? redirect;
        }

        location /t2 {
            rewrite ^ http://example.com$request_uri? redirect;
        }

        location /t3 {
            rewrite ^ http://example.com$uri redirect;
        }

        location /t4 {
            rewrite ^(.*) http://example.com$1 redirect;
        }

        location /t5 {
            rewrite ^ http://example.com/blah%20%3Fblah redirect;
        }

        location /t6 {
            rewrite ^ http://example.com/blah%20%2Fblah redirect;
        }
    }
}

EOF

mkdir($t->testdir() . '/directory');

$t->run();

###############################################################################

# Some rewrites and expected (?) behaviour
# 
# /t1?r=http%3A%2F%2Fexample.com%2F%3Ffrom
# rewrite ^ $arg_r? redirect;
# expected: http://example.com/?from
# got:      http://example.com/?from
#
# /t1?r=http%3A%2F%2Fexample.com%0D%0Asplit
# rewrite ^ $arg_r? redirect;
# expected: http://example.com%0D%0Asplit
# got:      http://example.com%0D%0Asplit
#
# /t1?r=http%3A%2F%2Fexample.com%2F%3Ffrom%3Dblah
# rewrite ^ $arg_r? redirect;
# expected: http://example.com/?from=blah
# got:      http://example.com/?from%3Dblah
#
# /blah%3Fblah
# rewrite ^ http://example.com$request_uri? redirect;
# expected: http://example.com/blah%3Fblah
# got:      http://example.com/blah?blah
#
# /blah%3Fblah
# rewrite ^ http://example.com$uri redirect;
# expected: http://example.com/blah%3Fblah
# got:      http://example.com/blah?blah
#
# /blah%3Fblah
# rewrite ^(.*) http://example.com$1 redirect;
# expected: http://example.com/blah%3Fblah
# got:      http://example.com/blah?blah
#
# /
# rewrite ^ http://example.com/blah%3Fblah redirect;
# expected: http://example.com/blah%3Fblah
# got:      http://example.com/blah?blah
#

location('/t1?r=http%3A%2F%2Fexample.com%2F%3Ffrom',
	'http://example.com/?from', 'escaped argument');

location('/t1?r=http%3A%2F%2Fexample.com%0D%0Asplit',
	'http://example.com%0D%0Asplit', 'escaped argument header splitting');

TODO: {
local $TODO = 'not yet';

# Fixing this cases will require major changes to the whole aproach and
# likely to break some currently working cases.  On the other hand, current
# behaviour is far from acceptable.  Should be carefully thought.

location('/t1?r=http%3A%2F%2Fexample.com%2F%3Ffrom%3Dblah',
	'http://example.com/?from=blah', 'escaped argument with complex query');

location('/t2/blah%20%3Fblah',
	'http://example.com/t2/blah%20%3Fblah', 'escaped $request_uri');

location('/t3/blah%20%3Fblah',
	'http://example.com/t3/blah%20%3Fblah', 'escaped $uri');

location('/t4/blah%20%3Fblah',
	'http://example.com/t4/blah%20%3Fblah', 'escaped $1');

location('/t5',
	'http://example.com/blah%20%3Fblah', 'escaped static');

location('/t5?arg=blah',
	'http://example.com/blah%20%3Fblah?arg=blah',
	'escaped static with argument');

location('/t6',
	'http://example.com/blah%20%2Fblah', 'escaped static slash');

}

###############################################################################

sub location {
	my ($url, $value, $name) = @_;
	my $data = http_get($url);
	if ($data !~ qr!^Location: (.*?)\x0d?$!ms) {
		fail($name);
		return;
	}
	my $location = $1;
	is($location, $value, $name);
}

###############################################################################