diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -63,6 +63,19 @@ Note: This sets the user to `nobody` and the group to `nobody` as well. This naming scheme is not consistent for all Unix systems... Try changing the group name to `nogroup` if the software fails to start. +Testing +------- + +As you may have spotted, I did not get around to write a test suite for this. +The server's behavior can be tested using the +[gemini-diagnostics](https://github.com/michael-lazar/gemini-diagnostics) suite +by michael-lazar. It passes all "important" tests (some malformed requests +are still handled). Most importantly: the URLDotEscape tests fails. This does +not mean you can successfully a URL escape attack against this, rather the URL +library I use already parses out any superfluous ..'s. +e.g. "localhost/../../../etc/passwd" already became "localhost/etc/passwd" once +I receive the parsed URL from the library. + Why "Sheldon Director"? ----------------------- |