Fixed #28224 -- Tested for SuspiciousOperation subclasses in Django's tests.
This commit is contained in:
parent
f8bce94997
commit
67e1afb4a8
|
@ -10,7 +10,7 @@ from io import StringIO
|
|||
from urllib.request import urlopen
|
||||
|
||||
from django.core.cache import cache
|
||||
from django.core.exceptions import SuspiciousFileOperation, SuspiciousOperation
|
||||
from django.core.exceptions import SuspiciousFileOperation
|
||||
from django.core.files.base import ContentFile, File
|
||||
from django.core.files.storage import FileSystemStorage, get_storage_class
|
||||
from django.core.files.uploadedfile import (
|
||||
|
@ -384,9 +384,9 @@ class FileStorageTests(SimpleTestCase):
|
|||
File storage prevents directory traversal (files can only be accessed if
|
||||
they're below the storage location).
|
||||
"""
|
||||
with self.assertRaises(SuspiciousOperation):
|
||||
with self.assertRaises(SuspiciousFileOperation):
|
||||
self.storage.exists('..')
|
||||
with self.assertRaises(SuspiciousOperation):
|
||||
with self.assertRaises(SuspiciousFileOperation):
|
||||
self.storage.exists('/etc/passwd')
|
||||
|
||||
def test_file_storage_preserves_filename_case(self):
|
||||
|
|
|
@ -5,7 +5,7 @@ import pickle
|
|||
import unittest
|
||||
import uuid
|
||||
|
||||
from django.core.exceptions import DisallowedRedirect, SuspiciousOperation
|
||||
from django.core.exceptions import DisallowedRedirect
|
||||
from django.core.serializers.json import DjangoJSONEncoder
|
||||
from django.core.signals import request_finished
|
||||
from django.db import close_old_connections
|
||||
|
@ -441,9 +441,9 @@ class HttpResponseTests(unittest.TestCase):
|
|||
'file:///etc/passwd',
|
||||
]
|
||||
for url in bad_urls:
|
||||
with self.assertRaises(SuspiciousOperation):
|
||||
with self.assertRaises(DisallowedRedirect):
|
||||
HttpResponseRedirect(url)
|
||||
with self.assertRaises(SuspiciousOperation):
|
||||
with self.assertRaises(DisallowedRedirect):
|
||||
HttpResponsePermanentRedirect(url)
|
||||
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ from io import BytesIO
|
|||
from itertools import chain
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from django.core.exceptions import SuspiciousOperation
|
||||
from django.core.exceptions import DisallowedHost
|
||||
from django.core.handlers.wsgi import LimitedStream, WSGIRequest
|
||||
from django.http import (
|
||||
HttpRequest, HttpResponse, RawPostDataException, UnreadablePostError,
|
||||
|
@ -695,7 +695,7 @@ class HostValidationTests(SimpleTestCase):
|
|||
|
||||
# Poisoned host headers are rejected as suspicious
|
||||
for host in chain(self.poisoned_hosts, ['other.com', 'example.com..']):
|
||||
with self.assertRaises(SuspiciousOperation):
|
||||
with self.assertRaises(DisallowedHost):
|
||||
request = HttpRequest()
|
||||
request.META = {
|
||||
'HTTP_HOST': host,
|
||||
|
@ -759,7 +759,7 @@ class HostValidationTests(SimpleTestCase):
|
|||
request.get_host()
|
||||
|
||||
for host in self.poisoned_hosts:
|
||||
with self.assertRaises(SuspiciousOperation):
|
||||
with self.assertRaises(DisallowedHost):
|
||||
request = HttpRequest()
|
||||
request.META = {
|
||||
'HTTP_HOST': host,
|
||||
|
@ -810,8 +810,8 @@ class HostValidationTests(SimpleTestCase):
|
|||
request.META = {'HTTP_HOST': host}
|
||||
self.assertEqual(request.get_host(), host)
|
||||
|
||||
# Other hostnames raise a SuspiciousOperation.
|
||||
with self.assertRaises(SuspiciousOperation):
|
||||
# Other hostnames raise a DisallowedHost.
|
||||
with self.assertRaises(DisallowedHost):
|
||||
request = HttpRequest()
|
||||
request.META = {'HTTP_HOST': 'example.com'}
|
||||
request.get_host()
|
||||
|
@ -831,7 +831,7 @@ class HostValidationTests(SimpleTestCase):
|
|||
]:
|
||||
request = HttpRequest()
|
||||
request.META = {'HTTP_HOST': host}
|
||||
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, host)):
|
||||
with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, host)):
|
||||
request.get_host()
|
||||
|
||||
for domain, port in [ # Valid-looking hosts with a port number
|
||||
|
@ -842,18 +842,18 @@ class HostValidationTests(SimpleTestCase):
|
|||
host = '%s:%s' % (domain, port)
|
||||
request = HttpRequest()
|
||||
request.META = {'HTTP_HOST': host}
|
||||
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, domain)):
|
||||
with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, domain)):
|
||||
request.get_host()
|
||||
|
||||
for host in self.poisoned_hosts:
|
||||
request = HttpRequest()
|
||||
request.META = {'HTTP_HOST': host}
|
||||
with self.assertRaisesMessage(SuspiciousOperation, msg_invalid_host % host):
|
||||
with self.assertRaisesMessage(DisallowedHost, msg_invalid_host % host):
|
||||
request.get_host()
|
||||
|
||||
request = HttpRequest()
|
||||
request.META = {'HTTP_HOST': "invalid_hostname.com"}
|
||||
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion2 % "invalid_hostname.com"):
|
||||
with self.assertRaisesMessage(DisallowedHost, msg_suggestion2 % "invalid_hostname.com"):
|
||||
request.get_host()
|
||||
|
||||
def test_split_domain_port_removes_trailing_dot(self):
|
||||
|
|
Loading…
Reference in New Issue