mirror of
https://github.com/django/django.git
synced 2025-01-06 08:25:50 +00:00
b8ba73cd0c
Added a test for the condition safe_join is designed to prevent. Previously, a generic ValueError was raised. It was impossible to tell an intentional exception raised to implement safe_join's contract from an unintentional exception caused by incorrect inputs or unexpected conditions. That resulted in bizarre exception catching patterns, which this patch removes. Since safe_join is a private API and since the change is unlikely to create security issues for users who use it anyway -- at worst, an uncaught SuspiciousFileOperation exception will bubble up -- it isn't documented.
32 lines
845 B
Python
32 lines
845 B
Python
import os
|
|
import unittest
|
|
|
|
from django.core.exceptions import SuspiciousFileOperation
|
|
from django.utils._os import safe_join
|
|
|
|
|
|
class SafeJoinTests(unittest.TestCase):
|
|
def test_base_path_ends_with_sep(self):
|
|
drive, path = os.path.splitdrive(safe_join("/abc/", "abc"))
|
|
self.assertEqual(
|
|
path,
|
|
"{0}abc{0}abc".format(os.path.sep)
|
|
)
|
|
|
|
def test_root_path(self):
|
|
drive, path = os.path.splitdrive(safe_join("/", "path"))
|
|
self.assertEqual(
|
|
path,
|
|
"{0}path".format(os.path.sep),
|
|
)
|
|
|
|
drive, path = os.path.splitdrive(safe_join("/", ""))
|
|
self.assertEqual(
|
|
path,
|
|
os.path.sep,
|
|
)
|
|
|
|
def test_parent_path(self):
|
|
with self.assertRaises(SuspiciousFileOperation):
|
|
safe_join("/abc/", "../def")
|