mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Added a test for the condition safe_join is designed to prevent. Previously, a generic ValueError was raised. It was impossible to tell an intentional exception raised to implement safe_join's contract from an unintentional exception caused by incorrect inputs or unexpected conditions. That resulted in bizarre exception catching patterns, which this patch removes. Since safe_join is a private API and since the change is unlikely to create security issues for users who use it anyway -- at worst, an uncaught SuspiciousFileOperation exception will bubble up -- it isn't documented.
		
			
				
	
	
		
			32 lines
		
	
	
		
			845 B
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			32 lines
		
	
	
		
			845 B
		
	
	
	
		
			Python
		
	
	
	
	
	
| import os
 | |
| import unittest
 | |
| 
 | |
| from django.core.exceptions import SuspiciousFileOperation
 | |
| from django.utils._os import safe_join
 | |
| 
 | |
| 
 | |
| class SafeJoinTests(unittest.TestCase):
 | |
|     def test_base_path_ends_with_sep(self):
 | |
|         drive, path = os.path.splitdrive(safe_join("/abc/", "abc"))
 | |
|         self.assertEqual(
 | |
|             path,
 | |
|             "{0}abc{0}abc".format(os.path.sep)
 | |
|         )
 | |
| 
 | |
|     def test_root_path(self):
 | |
|         drive, path = os.path.splitdrive(safe_join("/", "path"))
 | |
|         self.assertEqual(
 | |
|             path,
 | |
|             "{0}path".format(os.path.sep),
 | |
|         )
 | |
| 
 | |
|         drive, path = os.path.splitdrive(safe_join("/", ""))
 | |
|         self.assertEqual(
 | |
|             path,
 | |
|             os.path.sep,
 | |
|         )
 | |
| 
 | |
|     def test_parent_path(self):
 | |
|         with self.assertRaises(SuspiciousFileOperation):
 | |
|             safe_join("/abc/", "../def")
 |