regression bug #1729: ensure directories are protected

We had an "information leak" where going to a protected folder like:

 http://releases.linaro.org/android/images/lcr-member-juno/15.07

only worked if you included the trailing "/":

 http://releases.linaro.org/android/images/lcr-member-juno/15.07/

It wasn't a terrible leak, because the artifacts were still protected.
However, this fixes the directory rendering logic and adds a regression
test so we don't mess this up again in the future.

The regression was caused by the new Artifact code passing the directory
name to build-info's constructor when doing a directory listing.

The root issue was really the fact that people use a subtle oddity of
our build-info implementation to enforce directory-listing protection.
If a build-info includes a trailing "," then it will match the call to
.get('auth-groups') because we pass an empty filename to the build-info
constructor.

Change-Id: Ifb2546634d5c675d431187ef555dd215c8e65bc4

2 files changed, 6 insertions, 0 deletions

diff --git a/sampleroot/protected_listing/BUILD-INFO.txt b/sampleroot/protected_listing/BUILD-INFO.txt
new file mode 100644
index 0000000..d7fc3ad
--- /dev/null
+++ b/sampleroot/protected_listing/BUILD-INFO.txt
@@ -0,0 +1,6 @@
+Format-Version: 0.5
+
+Files-Pattern: *.txt,
+License-Type: protected
+Auth-Groups: lmg-members-only
+
diff --git a/sampleroot/protected_listing/foo.txt b/sampleroot/protected_listing/foo.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/sampleroot/protected_listing/foo.txt