mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Refs #33476 -- Reformatted code with Black.

Browse Source
This commit is contained in:
django-bot
2022-02-03 20:24:19 +01:00
committed by Mariusz Felisiak
parent f68fa8b45d
commit 9c19aff7c7
1992 changed files with 139577 additions and 96284 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
tests/file_storage/test_generate_filename.py
View File

@@ -13,7 +13,8 @@ class AWSS3Storage(Storage):
characters in file names but where there aren't actual folders but just
keys.
"""
prefix = 'mys3folder/'
prefix = "mys3folder/"
def _save(self, name, content):
"""
@@ -39,9 +40,9 @@ class AWSS3Storage(Storage):
class GenerateFilenameStorageTests(SimpleTestCase):
def test_storage_dangerous_paths(self):
candidates = [
('/tmp/..', '..'),
('/tmp/.', '.'),
('', ''),
("/tmp/..", ".."),
("/tmp/.", "."),
("", ""),
]
s = FileSystemStorage()
msg = "Could not derive file name from '%s'"
@@ -54,10 +55,10 @@ class GenerateFilenameStorageTests(SimpleTestCase):
def test_storage_dangerous_paths_dir_name(self):
candidates = [
('tmp/../path', 'tmp/..'),
('tmp\\..\\path', 'tmp/..'),
('/tmp/../path', '/tmp/..'),
('\\tmp\\..\\path', '/tmp/..'),
("tmp/../path", "tmp/.."),
("tmp\\..\\path", "tmp/.."),
("/tmp/../path", "/tmp/.."),
("\\tmp\\..\\path", "/tmp/.."),
]
s = FileSystemStorage()
for file_name, path in candidates:
@@ -70,13 +71,13 @@ class GenerateFilenameStorageTests(SimpleTestCase):
def test_filefield_dangerous_filename(self):
candidates = [
('..', 'some/folder/..'),
('.', 'some/folder/.'),
('', 'some/folder/'),
('???', '???'),
('$.$.$', '$.$.$'),
("..", "some/folder/.."),
(".", "some/folder/."),
("", "some/folder/"),
("???", "???"),
("$.$.$", "$.$.$"),
]
f = FileField(upload_to='some/folder/')
f = FileField(upload_to="some/folder/")
for file_name, msg_file_name in candidates:
msg = f"Could not derive file name from '{msg_file_name}'"
with self.subTest(file_name=file_name):
@@ -84,16 +85,16 @@ class GenerateFilenameStorageTests(SimpleTestCase):
f.generate_filename(None, file_name)
def test_filefield_dangerous_filename_dot_segments(self):
f = FileField(upload_to='some/folder/')
f = FileField(upload_to="some/folder/")
msg = "Detected path traversal attempt in 'some/folder/../path'"
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
f.generate_filename(None, '../path')
f.generate_filename(None, "../path")
def test_filefield_generate_filename_absolute_path(self):
f = FileField(upload_to='some/folder/')
f = FileField(upload_to="some/folder/")
candidates = [
'/tmp/path',
'/tmp/../path',
"/tmp/path",
"/tmp/../path",
]
for file_name in candidates:
msg = f"Detected path traversal attempt in '{file_name}'"
@@ -102,54 +103,54 @@ class GenerateFilenameStorageTests(SimpleTestCase):
f.generate_filename(None, file_name)
def test_filefield_generate_filename(self):
f = FileField(upload_to='some/folder/')
f = FileField(upload_to="some/folder/")
self.assertEqual(
f.generate_filename(None, 'test with space.txt'),
os.path.normpath('some/folder/test_with_space.txt')
f.generate_filename(None, "test with space.txt"),
os.path.normpath("some/folder/test_with_space.txt"),
)
def test_filefield_generate_filename_with_upload_to(self):
def upload_to(instance, filename):
return 'some/folder/' + filename
return "some/folder/" + filename
f = FileField(upload_to=upload_to)
self.assertEqual(
f.generate_filename(None, 'test with space.txt'),
os.path.normpath('some/folder/test_with_space.txt')
f.generate_filename(None, "test with space.txt"),
os.path.normpath("some/folder/test_with_space.txt"),
)
def test_filefield_generate_filename_upload_to_overrides_dangerous_filename(self):
def upload_to(instance, filename):
return 'test.txt'
return "test.txt"
f = FileField(upload_to=upload_to)
candidates = [
'/tmp/.',
'/tmp/..',
'/tmp/../path',
'/tmp/path',
'some/folder/',
'some/folder/.',
'some/folder/..',
'some/folder/???',
'some/folder/$.$.$',
'some/../test.txt',
'',
"/tmp/.",
"/tmp/..",
"/tmp/../path",
"/tmp/path",
"some/folder/",
"some/folder/.",
"some/folder/..",
"some/folder/???",
"some/folder/$.$.$",
"some/../test.txt",
"",
]
for file_name in candidates:
with self.subTest(file_name=file_name):
self.assertEqual(f.generate_filename(None, file_name), 'test.txt')
self.assertEqual(f.generate_filename(None, file_name), "test.txt")
def test_filefield_generate_filename_upload_to_absolute_path(self):
def upload_to(instance, filename):
return '/tmp/' + filename
return "/tmp/" + filename
f = FileField(upload_to=upload_to)
candidates = [
'path',
'../path',
'???',
'$.$.$',
"path",
"../path",
"???",
"$.$.$",
]
for file_name in candidates:
msg = f"Detected path traversal attempt in '/tmp/{file_name}'"
@@ -159,10 +160,10 @@ class GenerateFilenameStorageTests(SimpleTestCase):
def test_filefield_generate_filename_upload_to_dangerous_filename(self):
def upload_to(instance, filename):
return '/tmp/' + filename
return "/tmp/" + filename
f = FileField(upload_to=upload_to)
candidates = ['..', '.', '']
candidates = ["..", ".", ""]
for file_name in candidates:
msg = f"Could not derive file name from '/tmp/{file_name}'"
with self.subTest(file_name=file_name):
@@ -176,11 +177,11 @@ class GenerateFilenameStorageTests(SimpleTestCase):
calls that break the key.
"""
storage = AWSS3Storage()
folder = 'not/a/folder/'
folder = "not/a/folder/"
f = FileField(upload_to=folder, storage=storage)
key = 'my-file-key\\with odd characters'
data = ContentFile('test')
key = "my-file-key\\with odd characters"
data = ContentFile("test")
expected_key = AWSS3Storage.prefix + folder + key
# Simulate call to f.save()