Assignment 5
Due Date: 2022-11-28 (Submission due!)
Available Points: 20
This assignment builds on top of previous assignments and primarily focuses on unsafe methods and server-side execution (CGI).Additional Methods
DELETE
PUT
POST
N.B. - Update to the OPTIONS
method
Additional Status Codes
201
Created (viaPUT
orPOST
)405
Method Not Allowed411
Length Required413
Request Entity Too Large414
Request-URI Too Long
Additional Request Headers
Content-type
Content-Length
Additional Response Headers
- No new response headers
Encodings
Content-Type: multipart/form-data
Content-type: application/x-form-www-urlencoded
Required Environment Variables
SCRIPT_NAME
SCRIPT_URI
SCRIPT_FILENAME
HTTP_REFERER
HTTP_USER_AGENT
REQUEST_METHOD
REMOTE_ADDR
QUERY_STRING
REMOTE_USER
AUTH_TYPE
SERVER_NAME
SERVER_SOFTWARE
SERVER_PORT
SERVER_ADDR
SERVER_PROTOCOL
Notes
PUT
andDELETE
are allowed recursively, as per directives in theWeMustProtectThisHouse!
file- Limits:
- URI:
2k
- Entity:
2MB
- URI:
- You should check for entities longer than advertised as per the
Content-Length
header, but I will not test this - Always issue an HTML description describing the results (success or failure) of
PUT
andDELETE
(we will not produce202
or204
) - Invoke the URI as an executable program iff:
POST
,GET
, orHEAD
method is used- The file is executable and not a directory
- Warning!!! – Ensure your URI is relative to your document root (e.g.,
GET /bin/rm?-rf HTTP/1.1
would be very bad) - Update the log format to include the
User-agent
andReferer
request headers:
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
- Add
ALLOW-PUT
andALLOW-DELETE
custom directives in theWeMustProtectThisHouse!
file:
# Hashed lines are comments and order is not important
#
# Whitelist unsafe methods
ALLOW-PUT
ALLOW-DELETE
#
# Following are two special lines:
authorization-type=Basic
realm="Lane Stadium"
# Always quote realm since it might have spaces
#
# User format => name:md5(password)
mln:d3b07384d113edec49eaa6238ad5ff00
bda:c157a79031e1c40f85931829bc5fc552
jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2
Submission and Evaluation
- Extract sample test files tarball into your web server’s document root
- Place your
Dockerfile
at the root of your repository (not inside of a nested folder) - Make your
Dockerfile
run your server on port80
by default - Release your implementation with the
a5
tag - Submissions will be evaluated using a variation of
cs531a5
test suite from our testing service and some manual inspection of responses and source code (if necessary) - Tests will be performed based on the contents and structure of the
a5-test
folder of the sample test files - One point will be awarded for passing test cases of each of the previous assignments (except certain test cases where there are obvious backward compatibility conflicts)