Commit Graph

3157 Commits

Author SHA1 Message Date
Darshit Shah
18b0979357 CVE-2014-4877: Arbitrary Symlink Access
Wget was susceptible to a symlink attack which could create arbitrary
files, directories or symbolic links and set their permissions when
retrieving a directory recursively through FTP. This commit changes the
default settings in Wget such that Wget no longer creates local symbolic
links, but rather traverses them and retrieves the pointed-to file in
such a retrieval.

The old behaviour can be attained by passing the --retr-symlinks=no
option to the Wget invokation command.
2014-10-27 09:18:13 +01:00
Giuseppe Scrivano
c986ea790c Fix ChangeLog entry 2014-10-27 09:14:56 +01:00
Tim Ruehsen
3e3073ca7b add TLSv1_1 and TLSv1_2 to --secure-protocol 2014-10-23 21:16:37 +02:00
Darshit Shah
796da8da3a Minor optimizations of Python tests 2014-10-23 20:39:25 +02:00
Darshit Shah
7cd528a4e9 Fix make distcheck for Python tests 2014-10-23 19:02:11 +02:00
Ángel González
601b282cd8 css-url.c (get_uri_string): Fix regression from 8e6de1fb5
Solves the issue discovered by Gabriel Somlo and reported in the ml thread
"Regression in git master branch (commit 8e6de1fb5f)"
2014-10-22 20:26:28 +02:00
Tim Rühsen
bc347cc36f fixed IRI misbehaviour(s) 2014-10-20 08:53:12 +02:00
Tim Ruehsen
6fc11e46ec do not use SSLv3 except explicitely requested 2014-10-19 21:57:06 +02:00
Tim Rühsen
ff876a3710 use test filename as default test name 2014-10-02 15:01:19 +02:00
Tim Rühsen
21fc7546ef remove run-px from tests/makefile.am 2014-10-02 10:08:31 +02:00
Tim Rühsen
afbcaaecba fixed test suite race conditions due to double usage of names 2014-10-01 21:40:19 +02:00
Tim Rühsen
b64fa2eb84 Switched to parallel test harness 2014-10-01 14:41:32 +05:30
Tim Rühsen
8c2d9afd08 fixed memleak in retrieve_url() 2014-09-30 20:50:06 +05:30
Tim Rühsen
b36c3e48c4 track origins when testing with valgrind 2014-09-30 20:38:51 +05:30
Darshit Shah
efe090df89 Handle multibyte characters in progressbar
This commit fixes a bug in the progressbar implementation wherein
filenames with multibyte characters were not handled correctly.
2014-09-14 16:17:00 +05:30
Darshit Shah
f8e9a64ec7 Documentation and code cleanup in test suite
Add (lots) of documentation for various parts of the test suite in the
form of Python docstrings. Also, clean up some of the redundant code and
fix indentation issues.
2014-08-08 17:38:11 +05:30
Darshit Shah
5753ed4a72 Minor cleanup in the test suite
The server_conf hook and the server_sett() methods were no longer
required. The server configuration is currently being done by
server_conf() method in the server.
2014-08-04 20:03:59 +05:30
Darshit Shah
03f8babefe Group common switches in test suite together
Some command line switches are passed to Wget unconditionally. These
switches should exist in a single place instead of being redundantly
defined in each test file. We add the following two switches by default
here:
1. --debug: This causes wget to be most verbose and output a lot of
   debugging information. Hence, if a test fails, the test log should
   provide valuable information.
2. --no-config: Users may have their own wgetrc files on the system.
   However, for the tests, we want Wget to run with vanilla settings.
   Hence, disbale loading any config files.
2014-08-04 19:51:35 +05:30
Giuseppe Scrivano
3858500de4 Fix some texinfo warnings 2014-08-03 22:52:46 +02:00
Darshit Shah
e29020e10c Add a project gitignore file 2014-07-25 17:10:19 +05:30
Darshit Shah
be78cba9e5 Support running tests through valgrind 2014-07-24 16:51:58 +05:30
Darshit Shah
6cb857502f Document SERVER_WAIT 2014-07-24 16:51:58 +05:30
Darshit Shah
65fc59aefa Fix crash in test suite 2014-07-24 16:51:58 +05:30
Zihang Chen
8b83306d54 Refactor the Python based test suite
This is a squashed commit of the following from parallel-wget:
ecd6977 Refactor mainly the test cases classes
d26c8eb Create package test for test case classes
507383d Move server classes to package server.protocol
195393b Create package conf where rules and hooks are put
42e482a Create package exc and move TestFailed to exc
82f44f3 Fix a typo in Test-Proto.py
31e5f33 From WgetTest.py move WgetFile to misc
422171d Create package misc, move ColourTerm.py to misc
2014-07-24 16:51:58 +05:30
Darshit Shah
b89cda0a77 More features to Python based test suite
Squashed Commit from parallel-wget of:
b31e6e4 Add support for HTTPS Servers
b828a6e Sleep for n seconds before calling Wget Executable
7effa90 Support programatically setting Handler class variables
7e1f4c1 Correct the call to stop_HTTP_Server
f616192 Improve error handling when wget executable isn't available
31868fe Split large function to improve readability and extensibility
2014-07-24 16:51:58 +05:30
Giuseppe Scrivano
0606f1a133 testenv: Remove Test--spider-r.py from XFAIL_TESTS 2014-07-24 16:51:58 +05:30
Giuseppe Scrivano
c443399ab1 testenv: fix make dist 2014-07-24 16:51:58 +05:30
Darshit Shah
7cbe8141d1 Introducing Python based Test Environment
Squashed Commit, of the following commits:

7743384 Update documentation to reflect changes in code
b703633 Add feature that allows to ensure that Wget correctly crawls the website in recursive mode
0758f47 Add new test for recursive spider mode
43bb61b Smartly guess content type header
d4d0e63 Support substring replace in File Contents too
f578500 Compatibility fix with multiple servers
8b1a9b6 Extend Functionality to support spawning multiple servers
e84192a Use the provided calls to shutdown server instead of rewriting it
99659f3 Improve Documentation
cb94e52 Slight code cleanup. Remove unused code
886ac1a Shift to new Threading Model from Multiprocessing model
e74c2ec Add new test for POST Requests
48644f1 Print diff when file contents don't match
b6f9efe Add tests for Cookie support
4c9e6b4 Document pending work
e13bc90 Add new test to ensure Content Disposition and Auth work together
60d1f4d Add new Test for Continue command
738b299 Add test, Test-Head
9b9d16b Edit non-unique TEST_NAME variable
ae958db Minor optimizations to the way Server Rules are executed
50b4f0c The rules need not be a defaultdict.
dccc154 Introducing Python based Test Environment
2014-07-24 16:51:58 +05:30
Darshit Shah
eab853b7e6 Plug memory leaks 2014-07-24 14:23:43 +05:30
Daniel Stenberg
3d7797c46e main.c: update the --method description
The first line of a HTTP request is not a header, it is the start-line,
which for requests is called the request-line.

See http://tools.ietf.org/html/rfc7230#section-3.1
2014-07-23 18:46:21 +05:30
Darshit Shah
cae32d41c1 Fix broken check for libpsl 2014-07-22 22:11:32 +05:30
Darshit Shah
a44841cbe2 Fix potential memory leak and libpsl configure 2014-07-21 13:25:54 +05:30
Tomas Hozza
e43ae39dff Fix checking of iconv_open return code.
Based on libiconv documentation, the iconv_open function returns
(iconv_t)(-1).

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-07-08 17:01:17 +02:00
Darshit Shah
c5f2c7fcef Convert domains to lowercase before libpsl checks 2014-07-05 16:21:40 +05:30
Darshit Shah
550cd6e9d2 Fix indentation and remove excess variable 2014-07-05 16:18:38 +05:30
Darshit Shah
97ce41b2d0 Remove unused error codes 2014-07-05 16:18:31 +05:30
Giuseppe Scrivano
416d0e892c convert: initialize variable before usage. 2014-06-30 11:35:46 +02:00
Giuseppe Scrivano
e2c8436e17 warc: Avoid out-of-scope variable usage 2014-06-29 11:22:44 +02:00
Giuseppe Scrivano
ebda24eb69 Remove tab-space indentation 2014-06-28 17:53:42 +02:00
Giuseppe Scrivano
582e5d8ef7 Fix make syntax-check 2014-06-27 17:30:18 +02:00
Giuseppe Scrivano
601401da71 warc: Fix UUID generation on FreeBSD 2014-06-24 15:05:19 +02:00
Darshit Shah
f3289f76ec Better align download percentage status 2014-06-22 14:53:24 +05:30
Giuseppe Scrivano
26787225c1 Fix build error on Windows 2014-06-21 18:41:49 +02:00
Nikita Vetrov
104fd20ac3 Add GOST94-GOST89-GOST89 and other ciphers support
It is done via one-time call OPENSSL_config. It will fix this error
`OpenSSL: error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown
cipher returned`. OpenSSL with GOST-support and rebuilding wget
required
2014-06-21 18:33:41 +02:00
Giuseppe Scrivano
ca402e2f81 windows: do not dinamically allocate info->lfilename. 2014-06-19 20:25:27 +02:00
Darshit Shah
8445279306 Fix failing make check 2014-06-16 20:50:30 +05:30
Giuseppe Scrivano
bb025955c3 Fix a problem with ISA server proxy 2014-06-16 16:39:04 +02:00
Darshit Shah
08cedb953b Mark non returning functions 2014-06-16 18:25:44 +05:30
Giuseppe Scrivano
c03855be40 ftp: Replace main() with main in comments. 2014-06-12 18:49:16 +02:00
Giuseppe Scrivano
3e8f9a6436 Remove duplicated words 2014-06-12 18:49:15 +02:00