Make serve acceptable path unit tests more careful.

Tests used to trigger the wanted security exception merely by being unquoted, that's not good enough.
mgukov · Mar 19, 2008 · f839f88 · f839f88
1 parent f7bcd55
commit f839f88
Showing 1 changed file with 27 additions and 3 deletions.
diff --git a/gitosis/test/test_serve.py b/gitosis/test/test_serve.py
@@ -45,14 +45,38 @@ def test_bad_command():
     eq(str(e), 'Unknown command denied')
     assert isinstance(e, serve.ServingError)
 
-def test_bad_unsafeArguments():
+def test_bad_unsafeArguments_notQuoted():
     cfg = RawConfigParser()
     e = assert_raises(
         serve.UnsafeArgumentsError,
         serve.serve,
         cfg=cfg,
         user='jdoe',
-        command='git-upload-pack /evil/attack',
+        command="git-upload-pack foo",
+        )
+    eq(str(e), 'Arguments to command look dangerous')
+    assert isinstance(e, serve.ServingError)
+
+def test_bad_unsafeArguments_absolute():
+    cfg = RawConfigParser()
+    e = assert_raises(
+        serve.UnsafeArgumentsError,
+        serve.serve,
+        cfg=cfg,
+        user='jdoe',
+        command="git-upload-pack '/evil/attack'",
+        )
+    eq(str(e), 'Arguments to command look dangerous')
+    assert isinstance(e, serve.ServingError)
+
+def test_bad_unsafeArguments_badCharacters():
+    cfg = RawConfigParser()
+    e = assert_raises(
+        serve.UnsafeArgumentsError,
+        serve.serve,
+        cfg=cfg,
+        user='jdoe',
+        command="git-upload-pack 'ev!l'",
         )
     eq(str(e), 'Arguments to command look dangerous')
     assert isinstance(e, serve.ServingError)
@@ -64,7 +88,7 @@ def test_bad_unsafeArguments_dotdot():
         serve.serve,
         cfg=cfg,
         user='jdoe',
-        command='git-upload-pack something/../evil',
+        command="git-upload-pack 'something/../evil'",
         )
     eq(str(e), 'Arguments to command look dangerous')
     assert isinstance(e, serve.ServingError)