jakob/gitosis
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Test that incoming paths cannot contain /../

Browse source
This commit is contained in:
Tommi Virtanen 2008-03-19 21:28:46 +02:00
parent e1d150daf5
commit f7bcd554fa
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
gitosis/test/test_serve.py
View file

@ -57,6 +57,18 @@ def test_bad_unsafeArguments():
eq(str(e), 'Arguments to command look dangerous')
assert isinstance(e, serve.ServingError)
def test_bad_unsafeArguments_dotdot():
cfg = RawConfigParser()
e = assert_raises(
serve.UnsafeArgumentsError,
serve.serve,
cfg=cfg,
user='jdoe',
command='git-upload-pack something/../evil',
)
eq(str(e), 'Arguments to command look dangerous')
assert isinstance(e, serve.ServingError)
def test_bad_forbiddenCommand_read():
cfg = RawConfigParser()
e = assert_raises(