diff options
author | Michael Hirsch, Ph.D <scivision@users.noreply.github.com> | 2019-11-27 00:18:29 -0500 |
---|---|---|
committer | Michael Hirsch, Ph.D <scivision@users.noreply.github.com> | 2019-12-05 23:14:13 -0500 |
commit | d9b8dce97504282ff313f0caa926bf63e978b09a (patch) | |
tree | 14185a8526bca486616974b389fe9458999566ca /manual tests/12 wrap mirror | |
parent | 0f65bf1dd74a4bd1127b890c3f60355589dfa1fe (diff) | |
download | meson-d9b8dce97504282ff313f0caa926bf63e978b09a.zip meson-d9b8dce97504282ff313f0caa926bf63e978b09a.tar.gz meson-d9b8dce97504282ff313f0caa926bf63e978b09a.tar.bz2 |
wrap: check whitelist subdomain
wrap: add imposter URL test
this test shows that meson wrap subsystem historically allows
imposter URLs like https://wrapdb.mesonwrap.com.evil/v1/foo.zip
while the new code does no.
Diffstat (limited to 'manual tests/12 wrap mirror')
-rw-r--r-- | manual tests/12 wrap mirror/meson.build | 4 | ||||
-rw-r--r-- | manual tests/12 wrap mirror/subprojects/zlib.wrap | 10 |
2 files changed, 14 insertions, 0 deletions
diff --git a/manual tests/12 wrap mirror/meson.build b/manual tests/12 wrap mirror/meson.build new file mode 100644 index 0000000..6645bdf --- /dev/null +++ b/manual tests/12 wrap mirror/meson.build @@ -0,0 +1,4 @@ +project('downloader') +# this test will timeout, showing that a subdomain isn't caught as masquarading url + +subproject('zlib') diff --git a/manual tests/12 wrap mirror/subprojects/zlib.wrap b/manual tests/12 wrap mirror/subprojects/zlib.wrap new file mode 100644 index 0000000..de0b9ad --- /dev/null +++ b/manual tests/12 wrap mirror/subprojects/zlib.wrap @@ -0,0 +1,10 @@ +[wrap-file] +directory = zlib-1.2.8 + +source_url = https://zlib.net/zlib-1.2.11.tar.gz +source_filename = zlib-1.2.11.tar.gz +source_hash = c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1 + +patch_url = https://mirror1.wrapdb.mesonbuild.com/v1/projects/zlib/1.2.11/4/get_zip +patch_filename = zlib-1.2.11-4-wrap.zip +patch_hash = 886b67480dbe73b406ad83a1dd6d9596f93089d90c220ccfc91944c95f1c68c4
\ No newline at end of file |