curl/tests/data/test1216
Daniel Stenberg 5c5e1a1cd2 test1218: another cookie tailmatch test
... and make 1216 also verify it with a file input

These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
domain tailmatch" vulnerability. See
http://curl.haxx.se/docs/adv_20130412.html
2013-04-11 23:52:12 +02:00

64 lines
1.1 KiB
Plaintext

<testcase>
<info>
<keywords>
HTTP
HTTP GET
HTTP proxy
cookies
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Tue, 25 Sep 2001 19:37:44 GMT
Content-Type: text/html
Connection: close
Content-Length: 21
This server says moo
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP cookie domains tailmatching the host name
</name>
<command>
http://example.fake/c/1216 http://bexample.fake/c/1216 -b log/injar1216 -x %HOSTIP:%HTTPPORT
</command>
<file name="log/injar1216">
example.fake FALSE /a FALSE 2139150993 mooo indeed
example.fake FALSE /b FALSE 0 moo1 indeed
example.fake FALSE /c FALSE 2139150993 moo2 indeed
example.fake TRUE /c FALSE 2139150993 moo3 indeed
</file>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET http://example.fake/c/1216 HTTP/1.1
Host: example.fake
Accept: */*
Proxy-Connection: Keep-Alive
Cookie: moo2=indeed; moo3=indeed
GET http://bexample.fake/c/1216 HTTP/1.1
Host: bexample.fake
Accept: */*
Proxy-Connection: Keep-Alive
</protocol>
</verify>
</testcase>