[Lxr-commits] CVS: lxr/tests CVSTest.pm,1.1,1.2 SecurityTest.pm,1.1,1.2
Brought to you by:
ajlittoz
Menu
▾
▴
[Lxr-commits] CVS: lxr/tests CVSTest.pm,1.1,1.2 SecurityTest.pm,1.1,1.2
|
From: Malcolm B. <mb...@us...> - 2005-05-05 22:01:42
|
Update of /cvsroot/lxr/lxr/tests In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30194/lxr/tests Modified Files: CVSTest.pm SecurityTest.pm Log Message: Updates to testcode Index: CVSTest.pm =================================================================== RCS file: /cvsroot/lxr/lxr/tests/CVSTest.pm,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- CVSTest.pm 4 May 2005 23:21:09 -0000 1.1 +++ CVSTest.pm 5 May 2005 22:01:34 -0000 1.2 @@ -1,4 +1,4 @@ -# Test cases for the LXR::Files::Plain module +# Test cases for the LXR::Files::CVS module # Uses the associated lxr.conf file package CVSTest; Index: SecurityTest.pm =================================================================== RCS file: /cvsroot/lxr/lxr/tests/SecurityTest.pm,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- SecurityTest.pm 4 May 2005 23:19:51 -0000 1.1 +++ SecurityTest.pm 5 May 2005 22:01:34 -0000 1.2 @@ -102,6 +102,51 @@ } +sub test_filename_wash { + # Check that filenames are washed + my $self = shift; + + $ENV{'SERVER_NAME'} = 'test'; + $ENV{'SERVER_PORT'} = 80; + $ENV{'SCRIPT_NAME'} = '/lxr/source'; + $ENV{'PATH_INFO'} = '/a/test/path/../../../'; + $ENV{'QUERY_STRING'} = 'v=../../;virtroot=testpath;dbname=notapath'; + + # Need to preserve signal handlers round call to httpinit as + # it sets up the LXR signal handlers. + + my $die = $SIG{'__DIE__'}; + my $warn = $SIG{'__WARN__'}; + + httpinit; + + $SIG{'__DIE__'} = $die; + $SIG{'__WARN__'} = $warn; + + $self->assert($pathname eq '/', "pathname not washed, got $pathname"); + $self->assert($HTTP->{'param'}->{'file'} eq $pathname, '$http->{param}->{file} not washed, got '.$HTTP->{'param'}->{'file'}); + + $ENV{'PATH_INFO'} = ''; + $ENV{'QUERY_STRING'} = 'file=/a/test/path++many'; + my $die = $SIG{'__DIE__'}; + my $warn = $SIG{'__WARN__'}; + httpinit; + $SIG{'__DIE__'} = $die; + $SIG{'__WARN__'} = $warn; + $self->assert($pathname eq '/a/test/path++many', "pathname not washed, got $pathname"); + + $ENV{'PATH_INFO'} = '/../.././.././a/test/path+!/some/%chars,v'; + $ENV{'QUERY_STRING'} = ''; + my $die = $SIG{'__DIE__'}; + my $warn = $SIG{'__WARN__'}; + httpinit; + $SIG{'__DIE__'} = $die; + $SIG{'__WARN__'} = $warn; + $self->assert($pathname eq '/a/test/path+!/some/%chars,v', "pathname not washed, got $pathname"); + +} + + sub test_config { # Check that parameters in URL cannot alter config variables |