alpire commented on a change in pull request #176: CoyoteAdapter: fix out-of-bounds read in checkNormalize URL: https://github.com/apache/tomcat/pull/176#discussion_r299284882
########## File path: test/org/apache/catalina/connector/TestCoyoteAdapter.java ########## @@ -344,6 +345,29 @@ private void doTestNormalize(String input, String expected) { } } + @Test + public void testCheckNormalize() { + doTestCheckNormalize("/url", true); + + doTestCheckNormalize("", false); + doTestCheckNormalize("..", false); + doTestCheckNormalize("/.", false); + doTestCheckNormalize("/..", false); + doTestCheckNormalize("/./", false); + doTestCheckNormalize("//", false); + doTestCheckNormalize("/../", false); + doTestCheckNormalize("\\", false); + doTestCheckNormalize("\0", false); + } Review comment: I split the tests into different functions and removed a few of them since we want to focus the `checkNormalize()` tests to what is possible given its usage. I did not update the tests to go through `normalize` -> `convertURI` -> `checkNormalize`, but I'd be happy to do this if you think that'd be more appropriate here. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org