Added some small tests

Author: Kixiron

build.rs

@@ -23,6 +23,7 @@ fn main() {
     println!("cargo:rerun-if-changed=templates/menu.js");
     println!("cargo:rerun-if-changed=templates/index.js");
     println!("cargo:rerun-if-changed=vendor/");
+    println!("cargo:rerun-if-changed=vendor/fontawesome/scss/_variables.scss");
     // TODO: are these right?
     println!("cargo:rerun-if-changed=.git/HEAD");
     println!("cargo:rerun-if-changed=.git/index");

src/web/statics.rs

@@ -249,4 +249,26 @@ mod tests {
             Ok(())
         });
     }
+
+    #[test]
+    fn directory_traversal() {
+        wrapper(|env| {
+            let web = env.frontend();
+
+            let urls = &[
+                "../LICENSE.txt",
+                "%2e%2e%2fLICENSE.txt",
+                "%2e%2e/LICENSE.txt",
+                "..%2fLICENSE.txt",
+                "%2e%2e%5cLICENSE.txt",
+            ];
+
+            for url in urls {
+                let req = web.get(&format!("/-/static/{}", url)).send()?;
+                assert_eq!(req.status().as_u16(), 404);
+            }
+
+            Ok(())
+        });
+    }
 }