Make serve acceptable path unit tests more careful.
Tests used to trigger the wanted security exception merely by being unquoted, that's not good enough.
This commit is contained in:
parent
f7bcd554fa
commit
f839f889b6
1 changed files with 27 additions and 3 deletions
|
@ -45,14 +45,38 @@ def test_bad_command():
|
|||
eq(str(e), 'Unknown command denied')
|
||||
assert isinstance(e, serve.ServingError)
|
||||
|
||||
def test_bad_unsafeArguments():
|
||||
def test_bad_unsafeArguments_notQuoted():
|
||||
cfg = RawConfigParser()
|
||||
e = assert_raises(
|
||||
serve.UnsafeArgumentsError,
|
||||
serve.serve,
|
||||
cfg=cfg,
|
||||
user='jdoe',
|
||||
command='git-upload-pack /evil/attack',
|
||||
command="git-upload-pack foo",
|
||||
)
|
||||
eq(str(e), 'Arguments to command look dangerous')
|
||||
assert isinstance(e, serve.ServingError)
|
||||
|
||||
def test_bad_unsafeArguments_absolute():
|
||||
cfg = RawConfigParser()
|
||||
e = assert_raises(
|
||||
serve.UnsafeArgumentsError,
|
||||
serve.serve,
|
||||
cfg=cfg,
|
||||
user='jdoe',
|
||||
command="git-upload-pack '/evil/attack'",
|
||||
)
|
||||
eq(str(e), 'Arguments to command look dangerous')
|
||||
assert isinstance(e, serve.ServingError)
|
||||
|
||||
def test_bad_unsafeArguments_badCharacters():
|
||||
cfg = RawConfigParser()
|
||||
e = assert_raises(
|
||||
serve.UnsafeArgumentsError,
|
||||
serve.serve,
|
||||
cfg=cfg,
|
||||
user='jdoe',
|
||||
command="git-upload-pack 'ev!l'",
|
||||
)
|
||||
eq(str(e), 'Arguments to command look dangerous')
|
||||
assert isinstance(e, serve.ServingError)
|
||||
|
@ -64,7 +88,7 @@ def test_bad_unsafeArguments_dotdot():
|
|||
serve.serve,
|
||||
cfg=cfg,
|
||||
user='jdoe',
|
||||
command='git-upload-pack something/../evil',
|
||||
command="git-upload-pack 'something/../evil'",
|
||||
)
|
||||
eq(str(e), 'Arguments to command look dangerous')
|
||||
assert isinstance(e, serve.ServingError)
|
||||
|
|
Loading…
Reference in a new issue