DEF",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "
test",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "`\"'>
",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "\"`'>",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
",
+ "
XXX",
+ "
javascript:alert(1)\"` `>",
+ "
",
+ "
",
+ "\">",
+ "",
+ "",
+ "",
+ "",
+ "\">",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "",
+ "perl -e 'print \"\";' > out",
+ "",
+ "",
+ "",
+ "",
+ "<",
+ "",
+ "1;DROP TABLE users",
+ "1'; DROP TABLE users-- 1",
+ "' OR 1=1 -- 1",
+ "' OR '1'='1",
+ " ",
+ "%",
+ "_",
+ "-",
+ "--",
+ "--version",
+ "--help",
+ "$USER",
+ "/dev/null; touch /tmp/blns.fail ; echo",
+ "`touch /tmp/blns.fail`",
+ "$(touch /tmp/blns.fail)",
+ "@{[system \"touch /tmp/blns.fail\"]}",
+ "eval(\"puts 'hello world'\")",
+ "System(\"ls -al /\")",
+ "`ls -al /`",
+ "Kernel.exec(\"ls -al /\")",
+ "Kernel.exit(1)",
+ "%x('ls -al /')",
+ "]>
&xxe;",
+ "$HOME",
+ "$ENV{'HOME'}",
+ "%d",
+ "%s",
+ "{0}",
+ "%*.*s",
+ "../../../../../../../../../../../etc/passwd%00",
+ "../../../../../../../../../../../etc/hosts",
+ "() { 0; }; touch /tmp/blns.shellshock1.fail;",
+ "() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }",
+ "+++ATH0",
+ "<<< %s(un='%s') = %u",
+ "CON",
+ "PRN",
+ "AUX",
+ "CLOCK$",
+ "NUL",
+ "A:",
+ "ZZ:",
+ "COM1",
+ "LPT1",
+ "LPT2",
+ "LPT3",
+ "COM2",
+ "COM3",
+ "COM4",
+ "DCC SEND STARTKEYLOGGER 0 0 0",
+ "Scunthorpe General Hospital",
+ "Penistone Community Church",
+ "Lightwater Country Park",
+ "Jimmy Clitheroe",
+ "Horniman Museum",
+ "shitake mushrooms",
+ "RomansInSussex.co.uk",
+ "http://www.cum.qc.ca/",
+ "Craig Cockburn, Software Specialist",
+ "Linda Callahan",
+ "Dr. Herman I. Libshitz",
+ "magna cum laude",
+ "Super Bowl XXX",
+ "medieval erection of parapets",
+ "evaluate",
+ "mocha",
+ "expression",
+ "Arsenal canal",
+ "classic",
+ "Tyson Gay",
+ "Dick Van Dyke",
+ "basement",
+ "If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.",
+ "Roses are \u001b[0;31mred\u001b[0m, violets are \u001b[0;34mblue. Hope you enjoy terminal hue",
+ "But now...\u001b[20Cfor my greatest trick...\u001b[8m",
+ "The quic\b\b\b\b\b\bk brown fo\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007x... [Beeeep]",
+ "Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗"
+]
diff --git a/test/src/unit-testsuites.cpp b/test/src/unit-testsuites.cpp
index a43e1997..b939bb62 100644
--- a/test/src/unit-testsuites.cpp
+++ b/test/src/unit-testsuites.cpp
@@ -815,3 +815,14 @@ TEST_CASE("nst's JSONTestSuite")
}
}
}
+
+TEST_CASE("Big List of Naughty Strings")
+{
+ // test from https://github.com/minimaxir/big-list-of-naughty-strings
+ SECTION("blns.json")
+ {
+ std::ifstream f("test/data/big-list-of-naughty-strings/blns.json");
+ json j;
+ CHECK_NOTHROW(j << f);
+ }
+}