Fixed #28224 -- Tested for SuspiciousOperation subclasses in Django's tests.

This commit is contained in:
Rajesh Veeranki 2017-05-25 19:19:01 +07:00 committed by Tim Graham
parent f8bce94997
commit 67e1afb4a8
3 changed files with 15 additions and 15 deletions

View File

@ -10,7 +10,7 @@ from io import StringIO
from urllib.request import urlopen
from django.core.cache import cache
from django.core.exceptions import SuspiciousFileOperation, SuspiciousOperation
from django.core.exceptions import SuspiciousFileOperation
from django.core.files.base import ContentFile, File
from django.core.files.storage import FileSystemStorage, get_storage_class
from django.core.files.uploadedfile import (
@ -384,9 +384,9 @@ class FileStorageTests(SimpleTestCase):
File storage prevents directory traversal (files can only be accessed if
they're below the storage location).
"""
with self.assertRaises(SuspiciousOperation):
with self.assertRaises(SuspiciousFileOperation):
self.storage.exists('..')
with self.assertRaises(SuspiciousOperation):
with self.assertRaises(SuspiciousFileOperation):
self.storage.exists('/etc/passwd')
def test_file_storage_preserves_filename_case(self):

View File

@ -5,7 +5,7 @@ import pickle
import unittest
import uuid
from django.core.exceptions import DisallowedRedirect, SuspiciousOperation
from django.core.exceptions import DisallowedRedirect
from django.core.serializers.json import DjangoJSONEncoder
from django.core.signals import request_finished
from django.db import close_old_connections
@ -441,9 +441,9 @@ class HttpResponseTests(unittest.TestCase):
'file:///etc/passwd',
]
for url in bad_urls:
with self.assertRaises(SuspiciousOperation):
with self.assertRaises(DisallowedRedirect):
HttpResponseRedirect(url)
with self.assertRaises(SuspiciousOperation):
with self.assertRaises(DisallowedRedirect):
HttpResponsePermanentRedirect(url)

View File

@ -5,7 +5,7 @@ from io import BytesIO
from itertools import chain
from urllib.parse import urlencode
from django.core.exceptions import SuspiciousOperation
from django.core.exceptions import DisallowedHost
from django.core.handlers.wsgi import LimitedStream, WSGIRequest
from django.http import (
HttpRequest, HttpResponse, RawPostDataException, UnreadablePostError,
@ -695,7 +695,7 @@ class HostValidationTests(SimpleTestCase):
# Poisoned host headers are rejected as suspicious
for host in chain(self.poisoned_hosts, ['other.com', 'example.com..']):
with self.assertRaises(SuspiciousOperation):
with self.assertRaises(DisallowedHost):
request = HttpRequest()
request.META = {
'HTTP_HOST': host,
@ -759,7 +759,7 @@ class HostValidationTests(SimpleTestCase):
request.get_host()
for host in self.poisoned_hosts:
with self.assertRaises(SuspiciousOperation):
with self.assertRaises(DisallowedHost):
request = HttpRequest()
request.META = {
'HTTP_HOST': host,
@ -810,8 +810,8 @@ class HostValidationTests(SimpleTestCase):
request.META = {'HTTP_HOST': host}
self.assertEqual(request.get_host(), host)
# Other hostnames raise a SuspiciousOperation.
with self.assertRaises(SuspiciousOperation):
# Other hostnames raise a DisallowedHost.
with self.assertRaises(DisallowedHost):
request = HttpRequest()
request.META = {'HTTP_HOST': 'example.com'}
request.get_host()
@ -831,7 +831,7 @@ class HostValidationTests(SimpleTestCase):
]:
request = HttpRequest()
request.META = {'HTTP_HOST': host}
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, host)):
with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, host)):
request.get_host()
for domain, port in [ # Valid-looking hosts with a port number
@ -842,18 +842,18 @@ class HostValidationTests(SimpleTestCase):
host = '%s:%s' % (domain, port)
request = HttpRequest()
request.META = {'HTTP_HOST': host}
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, domain)):
with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, domain)):
request.get_host()
for host in self.poisoned_hosts:
request = HttpRequest()
request.META = {'HTTP_HOST': host}
with self.assertRaisesMessage(SuspiciousOperation, msg_invalid_host % host):
with self.assertRaisesMessage(DisallowedHost, msg_invalid_host % host):
request.get_host()
request = HttpRequest()
request.META = {'HTTP_HOST': "invalid_hostname.com"}
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion2 % "invalid_hostname.com"):
with self.assertRaisesMessage(DisallowedHost, msg_suggestion2 % "invalid_hostname.com"):
request.get_host()
def test_split_domain_port_removes_trailing_dot(self):