t/12_response/11_CVE-2012-5572.t

package main;
use strict;
use warnings;
use Test::More tests => 2, import => ['!pass'];

{
    use Dancer;
    get '/CVE-2012-5572-cookie' => sub {
        cookie "test\r\nX-Evil-Header: " => "evil";
    };
}


use Dancer::Test;
{
    note "Testing CVE-2012-5572 (CRLF in response headers)";
    my $req = [GET => '/CVE-2012-5572-cookie'];
    route_exists $req;
    my $response = Dancer::Test::_req_to_response($req);

    my $CRLF = "\r\n";

    my $tb = Test::Builder->new;
    my %headers = @{$response->headers_to_array};
    my $foundCRLF = 0;
    while (my($name, $value) = each %headers) {
       index($value, $CRLF) == -1
         && index($name, $CRLF) == -1
         && next;
       $foundCRLF = 1;
       last;
    }

    $tb->ok(!$foundCRLF, 'Headers do not contain CRLF (CVE-2012-5572)');
}


1;

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)