p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed #28224 -- Tested for SuspiciousOperation subclasses in Django's tests.

This commit is contained in:
Rajesh Veeranki 2017-05-25 19:19:01 +07:00 committed by Tim Graham
parent f8bce94997
commit 67e1afb4a8
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tests/file_storage/tests.py
View File

@ -10,7 +10,7 @@ from io import StringIO
from urllib.request import urlopen from urllib.request import urlopen
from django.core.cache import cache from django.core.cache import cache
from django.core.exceptions import SuspiciousFileOperation, SuspiciousOperation from django.core.exceptions import SuspiciousFileOperation
from django.core.files.base import ContentFile, File from django.core.files.base import ContentFile, File
from django.core.files.storage import FileSystemStorage, get_storage_class from django.core.files.storage import FileSystemStorage, get_storage_class
from django.core.files.uploadedfile import ( from django.core.files.uploadedfile import (
@ -384,9 +384,9 @@ class FileStorageTests(SimpleTestCase):
File storage prevents directory traversal (files can only be accessed if File storage prevents directory traversal (files can only be accessed if
they're below the storage location). they're below the storage location).
""" """
with self.assertRaises(SuspiciousOperation): with self.assertRaises(SuspiciousFileOperation):
self.storage.exists('..') self.storage.exists('..')
with self.assertRaises(SuspiciousOperation): with self.assertRaises(SuspiciousFileOperation):
self.storage.exists('/etc/passwd') self.storage.exists('/etc/passwd')
def test_file_storage_preserves_filename_case(self): def test_file_storage_preserves_filename_case(self):

6
tests/httpwrappers/tests.py
View File

@ -5,7 +5,7 @@ import pickle
import unittest import unittest
import uuid import uuid
from django.core.exceptions import DisallowedRedirect, SuspiciousOperation from django.core.exceptions import DisallowedRedirect
from django.core.serializers.json import DjangoJSONEncoder from django.core.serializers.json import DjangoJSONEncoder
from django.core.signals import request_finished from django.core.signals import request_finished
from django.db import close_old_connections from django.db import close_old_connections
@ -441,9 +441,9 @@ class HttpResponseTests(unittest.TestCase):
'file:///etc/passwd', 'file:///etc/passwd',
] ]
for url in bad_urls: for url in bad_urls:
with self.assertRaises(SuspiciousOperation): with self.assertRaises(DisallowedRedirect):
HttpResponseRedirect(url) HttpResponseRedirect(url)
with self.assertRaises(SuspiciousOperation): with self.assertRaises(DisallowedRedirect):
HttpResponsePermanentRedirect(url) HttpResponsePermanentRedirect(url)

18
tests/requests/tests.py
View File

@ -5,7 +5,7 @@ from io import BytesIO
from itertools import chain from itertools import chain
from urllib.parse import urlencode from urllib.parse import urlencode
from django.core.exceptions import SuspiciousOperation from django.core.exceptions import DisallowedHost
from django.core.handlers.wsgi import LimitedStream, WSGIRequest from django.core.handlers.wsgi import LimitedStream, WSGIRequest
from django.http import ( from django.http import (
HttpRequest, HttpResponse, RawPostDataException, UnreadablePostError, HttpRequest, HttpResponse, RawPostDataException, UnreadablePostError,
@ -695,7 +695,7 @@ class HostValidationTests(SimpleTestCase):
# Poisoned host headers are rejected as suspicious # Poisoned host headers are rejected as suspicious
for host in chain(self.poisoned_hosts, ['other.com', 'example.com..']): for host in chain(self.poisoned_hosts, ['other.com', 'example.com..']):
with self.assertRaises(SuspiciousOperation): with self.assertRaises(DisallowedHost):
request = HttpRequest() request = HttpRequest()
request.META = { request.META = {
'HTTP_HOST': host, 'HTTP_HOST': host,
@ -759,7 +759,7 @@ class HostValidationTests(SimpleTestCase):
request.get_host() request.get_host()
for host in self.poisoned_hosts: for host in self.poisoned_hosts:
with self.assertRaises(SuspiciousOperation): with self.assertRaises(DisallowedHost):
request = HttpRequest() request = HttpRequest()
request.META = { request.META = {
'HTTP_HOST': host, 'HTTP_HOST': host,
@ -810,8 +810,8 @@ class HostValidationTests(SimpleTestCase):
request.META = {'HTTP_HOST': host} request.META = {'HTTP_HOST': host}
self.assertEqual(request.get_host(), host) self.assertEqual(request.get_host(), host)
# Other hostnames raise a SuspiciousOperation. # Other hostnames raise a DisallowedHost.
with self.assertRaises(SuspiciousOperation): with self.assertRaises(DisallowedHost):
request = HttpRequest() request = HttpRequest()
request.META = {'HTTP_HOST': 'example.com'} request.META = {'HTTP_HOST': 'example.com'}
request.get_host() request.get_host()
@ -831,7 +831,7 @@ class HostValidationTests(SimpleTestCase):
]: ]:
request = HttpRequest() request = HttpRequest()
request.META = {'HTTP_HOST': host} request.META = {'HTTP_HOST': host}
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, host)): with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, host)):
request.get_host() request.get_host()
for domain, port in [ # Valid-looking hosts with a port number for domain, port in [ # Valid-looking hosts with a port number
@ -842,18 +842,18 @@ class HostValidationTests(SimpleTestCase):
host = '%s:%s' % (domain, port) host = '%s:%s' % (domain, port)
request = HttpRequest() request = HttpRequest()
request.META = {'HTTP_HOST': host} request.META = {'HTTP_HOST': host}
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, domain)): with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, domain)):
request.get_host() request.get_host()
for host in self.poisoned_hosts: for host in self.poisoned_hosts:
request = HttpRequest() request = HttpRequest()
request.META = {'HTTP_HOST': host} request.META = {'HTTP_HOST': host}
with self.assertRaisesMessage(SuspiciousOperation, msg_invalid_host % host): with self.assertRaisesMessage(DisallowedHost, msg_invalid_host % host):
request.get_host() request.get_host()
request = HttpRequest() request = HttpRequest()
request.META = {'HTTP_HOST': "invalid_hostname.com"} request.META = {'HTTP_HOST': "invalid_hostname.com"}
with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion2 % "invalid_hostname.com"): with self.assertRaisesMessage(DisallowedHost, msg_suggestion2 % "invalid_hostname.com"):
request.get_host() request.get_host()
def test_split_domain_port_removes_trailing_dot(self): def test_split_domain_port_removes_trailing_dot(self):