From 2ffc8ff0ccb0bfad7d69104cbc00b167589c780b Mon Sep 17 00:00:00 2001
From: Jan Wolff <janw@mailbox.org>
Date: Tue, 26 May 2020 06:49:20 +0200
Subject: correctly adhere to spec in most request cases

---
 README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 9a134dd..c5d2d59 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,19 @@ Note: This sets the user to `nobody` and the group to `nobody` as well. This
 naming scheme is not consistent for all Unix systems... Try changing the group
 name to `nogroup` if the software fails to start.
 
+Testing
+-------
+
+As you may have spotted, I did not get around to write a test suite for this.
+The server's behavior can be tested using the
+[gemini-diagnostics](https://github.com/michael-lazar/gemini-diagnostics) suite
+by michael-lazar. It passes all "important" tests (some malformed requests
+are still handled). Most importantly: the URLDotEscape tests fails. This does
+not mean you can successfully a URL escape attack against this, rather the URL
+library I use already parses out any superfluous ..'s.
+e.g. "localhost/../../../etc/passwd" already became "localhost/etc/passwd" once
+I receive the parsed URL from the library.
+
 Why "Sheldon Director"?
 -----------------------
 
-- 
cgit v1.2.3