1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.

The validate_file_name() sanitation introduced in
0b79eb3691 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2a to allow path
components for storages that may allow them.

Test is skipped pending a discussed storage refactoring to support this
use-case.
This commit is contained in:
Carlton Gibson 2021-05-04 14:44:19 +02:00 committed by Mariusz Felisiak
parent a0a5e0f4c8
commit a708f39ce6

View File

@ -1,4 +1,6 @@
import os
import sys
from unittest import skipIf
from django.core.exceptions import SuspiciousFileOperation
from django.core.files.base import ContentFile
@ -93,6 +95,7 @@ class GenerateFilenameStorageTests(SimpleTestCase):
os.path.normpath('some/folder/test_with_space.txt')
)
@skipIf(sys.platform == 'win32', 'Path components in filename are not supported after 0b79eb3.')
def test_filefield_awss3_storage(self):
"""
Simulate a FileField with an S3 storage which uses keys rather than