Update to ruby/spec@330c641

author: Benoit Daloze <[email protected]> 2021-08-13 18:09:14 +0200
committer: Benoit Daloze <[email protected]> 2021-08-13 18:09:14 +0200
commit: 73085c8d8ee5456b6c157042b78d812f3d1ab054 (patch)
tree: 052a33ae7e33c9264fd3f748fc65db72e00fbcad /spec/ruby/security
parent: ac4d53bd461ff386cd45fdd484ffb6b628a251ad (diff)
1 files changed, 30 insertions, 27 deletions
diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb
index 72776cb497..b0d93e42b8 100644
--- a/spec/ruby/security/cve_2017_17742_spec.rb
+++ b/spec/ruby/security/cve_2017_17742_spec.rb
@@ -1,34 +1,37 @@
 require_relative '../spec_helper'
 
-require "webrick"
-require "stringio"
-require "net/http"
+# webrick is no longer in stdlib in Ruby 3+
+ruby_version_is ""..."3.0" do
+  require "webrick"
+  require "stringio"
+  require "net/http"
 
-describe "WEBrick" do
-  describe "resists CVE-2017-17742" do
-    it "for a response splitting headers" do
-      config = WEBrick::Config::HTTP
-      res = WEBrick::HTTPResponse.new config
-      res['X-header'] = "malicious\r\nCookie: hack"
-      io = StringIO.new
-      res.send_response io
-      io.rewind
-      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-      res.code.should == '500'
-      io.string.should_not =~ /hack/
-    end
+  describe "WEBrick" do
+    describe "resists CVE-2017-17742" do
+      it "for a response splitting headers" do
+        config = WEBrick::Config::HTTP
+        res = WEBrick::HTTPResponse.new config
+        res['X-header'] = "malicious\r\nCookie: hack"
+        io = StringIO.new
+        res.send_response io
+        io.rewind
+        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+        res.code.should == '500'
+        io.string.should_not =~ /hack/
+      end
 
-    it "for a response splitting cookie headers" do
-      user_input = "malicious\r\nCookie: hack"
-      config = WEBrick::Config::HTTP
-      res = WEBrick::HTTPResponse.new config
-      res.cookies << WEBrick::Cookie.new('author', user_input)
-      io = StringIO.new
-      res.send_response io
-      io.rewind
-      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-      res.code.should == '500'
-      io.string.should_not =~ /hack/
+      it "for a response splitting cookie headers" do
+        user_input = "malicious\r\nCookie: hack"
+        config = WEBrick::Config::HTTP
+        res = WEBrick::HTTPResponse.new config
+        res.cookies << WEBrick::Cookie.new('author', user_input)
+        io = StringIO.new
+        res.send_response io
+        io.rewind
+        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+        res.code.should == '500'
+        io.string.should_not =~ /hack/
+      end
     end
   end
 end
author	Benoit Daloze <[email protected]>	2021-08-13 18:09:14 +0200
committer	Benoit Daloze <[email protected]>	2021-08-13 18:09:14 +0200
commit	73085c8d8ee5456b6c157042b78d812f3d1ab054 (patch)
tree	052a33ae7e33c9264fd3f748fc65db72e00fbcad /spec/ruby/security
parent	ac4d53bd461ff386cd45fdd484ffb6b628a251ad (diff)