Fixed #28224 -- Tested for SuspiciousOperation subclasses in Django's tests.
This commit is contained in:
parent
f8bce94997
commit
67e1afb4a8
|
@ -10,7 +10,7 @@ from io import StringIO
|
||||||
from urllib.request import urlopen
|
from urllib.request import urlopen
|
||||||
|
|
||||||
from django.core.cache import cache
|
from django.core.cache import cache
|
||||||
from django.core.exceptions import SuspiciousFileOperation, SuspiciousOperation
|
from django.core.exceptions import SuspiciousFileOperation
|
||||||
from django.core.files.base import ContentFile, File
|
from django.core.files.base import ContentFile, File
|
||||||
from django.core.files.storage import FileSystemStorage, get_storage_class
|
from django.core.files.storage import FileSystemStorage, get_storage_class
|
||||||
from django.core.files.uploadedfile import (
|
from django.core.files.uploadedfile import (
|
||||||
|
@ -384,9 +384,9 @@ class FileStorageTests(SimpleTestCase):
|
||||||
File storage prevents directory traversal (files can only be accessed if
|
File storage prevents directory traversal (files can only be accessed if
|
||||||
they're below the storage location).
|
they're below the storage location).
|
||||||
"""
|
"""
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(SuspiciousFileOperation):
|
||||||
self.storage.exists('..')
|
self.storage.exists('..')
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(SuspiciousFileOperation):
|
||||||
self.storage.exists('/etc/passwd')
|
self.storage.exists('/etc/passwd')
|
||||||
|
|
||||||
def test_file_storage_preserves_filename_case(self):
|
def test_file_storage_preserves_filename_case(self):
|
||||||
|
|
|
@ -5,7 +5,7 @@ import pickle
|
||||||
import unittest
|
import unittest
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from django.core.exceptions import DisallowedRedirect, SuspiciousOperation
|
from django.core.exceptions import DisallowedRedirect
|
||||||
from django.core.serializers.json import DjangoJSONEncoder
|
from django.core.serializers.json import DjangoJSONEncoder
|
||||||
from django.core.signals import request_finished
|
from django.core.signals import request_finished
|
||||||
from django.db import close_old_connections
|
from django.db import close_old_connections
|
||||||
|
@ -441,9 +441,9 @@ class HttpResponseTests(unittest.TestCase):
|
||||||
'file:///etc/passwd',
|
'file:///etc/passwd',
|
||||||
]
|
]
|
||||||
for url in bad_urls:
|
for url in bad_urls:
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(DisallowedRedirect):
|
||||||
HttpResponseRedirect(url)
|
HttpResponseRedirect(url)
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(DisallowedRedirect):
|
||||||
HttpResponsePermanentRedirect(url)
|
HttpResponsePermanentRedirect(url)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ from io import BytesIO
|
||||||
from itertools import chain
|
from itertools import chain
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
|
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import DisallowedHost
|
||||||
from django.core.handlers.wsgi import LimitedStream, WSGIRequest
|
from django.core.handlers.wsgi import LimitedStream, WSGIRequest
|
||||||
from django.http import (
|
from django.http import (
|
||||||
HttpRequest, HttpResponse, RawPostDataException, UnreadablePostError,
|
HttpRequest, HttpResponse, RawPostDataException, UnreadablePostError,
|
||||||
|
@ -695,7 +695,7 @@ class HostValidationTests(SimpleTestCase):
|
||||||
|
|
||||||
# Poisoned host headers are rejected as suspicious
|
# Poisoned host headers are rejected as suspicious
|
||||||
for host in chain(self.poisoned_hosts, ['other.com', 'example.com..']):
|
for host in chain(self.poisoned_hosts, ['other.com', 'example.com..']):
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(DisallowedHost):
|
||||||
request = HttpRequest()
|
request = HttpRequest()
|
||||||
request.META = {
|
request.META = {
|
||||||
'HTTP_HOST': host,
|
'HTTP_HOST': host,
|
||||||
|
@ -759,7 +759,7 @@ class HostValidationTests(SimpleTestCase):
|
||||||
request.get_host()
|
request.get_host()
|
||||||
|
|
||||||
for host in self.poisoned_hosts:
|
for host in self.poisoned_hosts:
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(DisallowedHost):
|
||||||
request = HttpRequest()
|
request = HttpRequest()
|
||||||
request.META = {
|
request.META = {
|
||||||
'HTTP_HOST': host,
|
'HTTP_HOST': host,
|
||||||
|
@ -810,8 +810,8 @@ class HostValidationTests(SimpleTestCase):
|
||||||
request.META = {'HTTP_HOST': host}
|
request.META = {'HTTP_HOST': host}
|
||||||
self.assertEqual(request.get_host(), host)
|
self.assertEqual(request.get_host(), host)
|
||||||
|
|
||||||
# Other hostnames raise a SuspiciousOperation.
|
# Other hostnames raise a DisallowedHost.
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(DisallowedHost):
|
||||||
request = HttpRequest()
|
request = HttpRequest()
|
||||||
request.META = {'HTTP_HOST': 'example.com'}
|
request.META = {'HTTP_HOST': 'example.com'}
|
||||||
request.get_host()
|
request.get_host()
|
||||||
|
@ -831,7 +831,7 @@ class HostValidationTests(SimpleTestCase):
|
||||||
]:
|
]:
|
||||||
request = HttpRequest()
|
request = HttpRequest()
|
||||||
request.META = {'HTTP_HOST': host}
|
request.META = {'HTTP_HOST': host}
|
||||||
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, host)):
|
with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, host)):
|
||||||
request.get_host()
|
request.get_host()
|
||||||
|
|
||||||
for domain, port in [ # Valid-looking hosts with a port number
|
for domain, port in [ # Valid-looking hosts with a port number
|
||||||
|
@ -842,18 +842,18 @@ class HostValidationTests(SimpleTestCase):
|
||||||
host = '%s:%s' % (domain, port)
|
host = '%s:%s' % (domain, port)
|
||||||
request = HttpRequest()
|
request = HttpRequest()
|
||||||
request.META = {'HTTP_HOST': host}
|
request.META = {'HTTP_HOST': host}
|
||||||
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, domain)):
|
with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, domain)):
|
||||||
request.get_host()
|
request.get_host()
|
||||||
|
|
||||||
for host in self.poisoned_hosts:
|
for host in self.poisoned_hosts:
|
||||||
request = HttpRequest()
|
request = HttpRequest()
|
||||||
request.META = {'HTTP_HOST': host}
|
request.META = {'HTTP_HOST': host}
|
||||||
with self.assertRaisesMessage(SuspiciousOperation, msg_invalid_host % host):
|
with self.assertRaisesMessage(DisallowedHost, msg_invalid_host % host):
|
||||||
request.get_host()
|
request.get_host()
|
||||||
|
|
||||||
request = HttpRequest()
|
request = HttpRequest()
|
||||||
request.META = {'HTTP_HOST': "invalid_hostname.com"}
|
request.META = {'HTTP_HOST': "invalid_hostname.com"}
|
||||||
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion2 % "invalid_hostname.com"):
|
with self.assertRaisesMessage(DisallowedHost, msg_suggestion2 % "invalid_hostname.com"):
|
||||||
request.get_host()
|
request.get_host()
|
||||||
|
|
||||||
def test_split_domain_port_removes_trailing_dot(self):
|
def test_split_domain_port_removes_trailing_dot(self):
|
||||||
|
|
Loading…
Reference in New Issue