From a708f39ce67af174df90c5b5e50ad1976cec7cb8 Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Tue, 4 May 2021 14:44:19 +0200 Subject: [PATCH] Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows. The validate_file_name() sanitation introduced in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example file name as containing path elements on Windows. This breaks the test introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path components for storages that may allow them. Test is skipped pending a discussed storage refactoring to support this use-case. --- tests/file_storage/test_generate_filename.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/file_storage/test_generate_filename.py b/tests/file_storage/test_generate_filename.py index 9f54f6921e..4746a53f69 100644 --- a/tests/file_storage/test_generate_filename.py +++ b/tests/file_storage/test_generate_filename.py @@ -1,4 +1,6 @@ import os +import sys +from unittest import skipIf from django.core.exceptions import SuspiciousFileOperation from django.core.files.base import ContentFile @@ -93,6 +95,7 @@ class GenerateFilenameStorageTests(SimpleTestCase): os.path.normpath('some/folder/test_with_space.txt') ) + @skipIf(sys.platform == 'win32', 'Path components in filename are not supported after 0b79eb3.') def test_filefield_awss3_storage(self): """ Simulate a FileField with an S3 storage which uses keys rather than