Make serve acceptable path unit tests more careful.

Tests used to trigger the wanted security exception merely by being unquoted, that's not good enough.
2008-03-19 21:52:03 +02:00 · 2008-03-19 21:52:03 +02:00 · f839f889b6
parent f7bcd554fa
commit f839f889b6
1 changed files with 27 additions and 3 deletions
--- a/gitosis/test/test_serve.py
+++ b/gitosis/test/test_serve.py
@ -45,14 +45,38 @@ def test_bad_command():
    eq(str(e), 'Unknown command denied')
    assert isinstance(e, serve.ServingError)

-def test_bad_unsafeArguments():
+def test_bad_unsafeArguments_notQuoted():
    cfg = RawConfigParser()
    e = assert_raises(
        serve.UnsafeArgumentsError,
        serve.serve,
        cfg=cfg,
        user='jdoe',
-        command='git-upload-pack /evil/attack',
+        command="git-upload-pack foo",
+        )
+    eq(str(e), 'Arguments to command look dangerous')
+    assert isinstance(e, serve.ServingError)
+
+def test_bad_unsafeArguments_absolute():
+    cfg = RawConfigParser()
+    e = assert_raises(
+        serve.UnsafeArgumentsError,
+        serve.serve,
+        cfg=cfg,
+        user='jdoe',
+        command="git-upload-pack '/evil/attack'",
+        )
+    eq(str(e), 'Arguments to command look dangerous')
+    assert isinstance(e, serve.ServingError)
+
+def test_bad_unsafeArguments_badCharacters():
+    cfg = RawConfigParser()
+    e = assert_raises(
+        serve.UnsafeArgumentsError,
+        serve.serve,
+        cfg=cfg,
+        user='jdoe',
+        command="git-upload-pack 'ev!l'",
        )
    eq(str(e), 'Arguments to command look dangerous')
    assert isinstance(e, serve.ServingError)
@ -64,7 +88,7 @@ def test_bad_unsafeArguments_dotdot():
        serve.serve,
        cfg=cfg,
        user='jdoe',
-        command='git-upload-pack something/../evil',
+        command="git-upload-pack 'something/../evil'",
        )
    eq(str(e), 'Arguments to command look dangerous')
    assert isinstance(e, serve.ServingError)