Commit Graph

83 Commits

Author SHA1 Message Date
Mariusz Felisiak c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Mariusz Felisiak fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Hrushikesh Vaidya 3fadf141e6 Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. 2022-01-20 07:19:52 +01:00
Mariusz Felisiak 1ff0ea6e9b
Fixed isolation of test_filename_traversal_upload().
shutil.rmtree(MEDIA_ROOT) is already called as a class cleanup.
2021-07-05 12:05:13 +02:00
Mariusz Felisiak 213850b4b9
Refs #32355 -- Used addClassCleanup() in tests.
Inspired by Adam Johnson talk on DjangoCon Europe 2021.
2021-06-04 12:53:11 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Mariusz Felisiak d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
aryan 11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
aryan 21b127bfbc Refs #30422 -- Added test for removing temporary files in MultiPartParser when StopUpload is raised. 2020-09-30 10:29:08 +02:00
Michael Brown 36db4dd937 Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. 2020-06-11 08:46:59 +02:00
Jon Dufresne 505fec6bad Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
007 e65fea9292 Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. 2020-02-28 14:43:16 +01:00
Nick Pope 7552de7866 Used more specific unittest assertions in tests.
* assertIsNone()/assertIsNotNone() instead of comparing to None.
* assertLess() for < comparisons.
* assertIs() for 'is' expressions.
* assertIsInstance() for isinstance() expressions.
* rounding of assertAlmostEqual() for round() expressions.
* assertIs(..., True/False) instead of comparing to True/False.
* assertIs()/assertIsNot() for ==/!= comparisons.
* assertNotEqual() for == comparisons.
* assertTrue()/assertFalse() instead of comparing to True/False.
2019-10-29 12:37:30 +01:00
Jon Dufresne 95b7699ffc Cleaned up exception message checking in some tests. 2019-03-15 19:27:57 -04:00
Jon Dufresne a98bcfb0dd Refs #15362 -- Removed obsolete workaround in file_uploads test view. 2019-02-09 18:44:28 -05:00
Jon Dufresne c492fdfd24 Removed default empty content argument from HttpResponse calls. 2019-02-09 16:27:32 -05:00
Jon Dufresne 290d8471bb Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True). 2019-01-31 12:53:36 -05:00
Jon Dufresne 7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham 043bd70942 Updated test URL patterns to use path() and re_path(). 2018-12-31 10:47:32 -05:00
Mads Jensen 4167959105 Added tests for incorrect content type and size in MultiPartParser. 2018-06-12 14:42:20 -04:00
Tim Graham fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Jon Dufresne 21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
Tim Graham 500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Tim Graham 5e303836b6 Used JsonResponse and response.json in file_uploads tests. 2017-02-08 08:42:28 -05:00
Chillar Anand 6478e07a62 Refs #23919 -- Replaced tempfile.mkdtemp() with TemporaryDirectory() context manager. 2017-01-26 13:54:16 -05:00
Claude Paroz fee42fd99e Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Tim Graham 632c4ffd9c Refs #23919 -- Replaced errno checking with PEP 3151 exceptions. 2017-01-25 10:13:08 -05:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Tim Graham 5320fa77c3 Refs #23919 -- Removed obsolete contextlib.closing() calls (for Python 2). 2017-01-19 08:50:28 -05:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Claude Paroz 2ced2f785d Replaced smart_* by force_* calls whenever possible
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Tim Graham c9ae09addf Replaced use of TestCase.fail() with assertRaises().
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Tim Graham 92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
John-Mark Bell 4b129ac81f Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 2016-03-07 13:19:39 -05:00
Hasan 3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Mingun Pak 4c912d184d Fixed typos in test comments. 2016-01-23 12:45:25 -05:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Tim Graham 6e3fe089dd Replaced six.BytesIO with io.BytesIO 2015-07-20 08:19:47 -04:00
Andriy Sokolovskiy b40c551fdf Fixed some unclosed objects in tests 2015-07-06 10:10:40 -04:00
Simon Charette 4ccfc4439a Refs #24652 -- Fixed a test failure in file_uploads tests on Windows.
Thanks to Tim Graham for the report.
2015-05-25 19:09:01 -04:00
Simon Charette be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Aymeric Augustin a8fe12417f Normalized usage of the tempfile module.
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Aymeric Augustin 934400759d Guaranteed removal of temporary files during tests.
Dropped the DJANGO_TEST_TEMP_DIR environment variable.

Before this change, proper removal depended on the developer passing
dir=os.environ['DJANGO_TEST_TMP_DIR'] to tempfile functions.
2015-02-23 16:55:26 +01:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00