correctly adhere to spec in most request cases

author: Jan Wolff <janw@mailbox.org> 2020-05-26 06:49:20 +0200
committer: Jan Wolff <janw@mailbox.org> 2020-05-26 06:49:20 +0200
commit: 2ffc8ff0ccb0bfad7d69104cbc00b167589c780b (patch)
tree: ff344bee57957c237bba560d59713a09ce3f3189 /README.md
parent: aa041cc4a6d2ed4c817eadfdd36d3bd73d0f0cf1 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/README.md b/README.md
index 9a134dd..c5d2d59 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,19 @@ Note: This sets the user to `nobody` and the group to `nobody` as well. This
 naming scheme is not consistent for all Unix systems... Try changing the group
 name to `nogroup` if the software fails to start.
 
+Testing
+-------
+
+As you may have spotted, I did not get around to write a test suite for this.
+The server's behavior can be tested using the
+[gemini-diagnostics](https://github.com/michael-lazar/gemini-diagnostics) suite
+by michael-lazar. It passes all "important" tests (some malformed requests
+are still handled). Most importantly: the URLDotEscape tests fails. This does
+not mean you can successfully a URL escape attack against this, rather the URL
+library I use already parses out any superfluous ..'s.
+e.g. "localhost/../../../etc/passwd" already became "localhost/etc/passwd" once
+I receive the parsed URL from the library.
+
 Why "Sheldon Director"?
 -----------------------
author	Jan Wolff <janw@mailbox.org>	2020-05-26 06:49:20 +0200
committer	Jan Wolff <janw@mailbox.org>	2020-05-26 06:49:20 +0200
commit	2ffc8ff0ccb0bfad7d69104cbc00b167589c780b (patch)
tree	ff344bee57957c237bba560d59713a09ce3f3189 /README.md
parent	aa041cc4a6d2ed4c817eadfdd36d3bd73d0f0cf1 (diff)