[Jifty-commit] jifty branch, master, updated. 443130c46ef8ed526350d81002c2e6f8994727e1
Jifty commits
jifty-commit at lists.jifty.org
Sat May 22 01:24:16 EDT 2010
The branch, master has been updated
via 443130c46ef8ed526350d81002c2e6f8994727e1 (commit)
via 2a64973f1c648f83a6f36199e1edaff263bd4ceb (commit)
via 69a07d5ef323e930fbefd32155eba8b0cb97fe7c (commit)
via 1d4e2a7dce86395762d5e2d03c1a88463a3e80cf (commit)
via 071956e97f966edd2436e0fad755f7eca3fa075b (commit)
from 3c7ce9559bd5adb2320f2fb4694fc881ea20b551 (commit)
Summary of changes:
lib/Jifty/Plugin/ErrorTemplates/View.pm | 2 +-
lib/Jifty/Test.pm | 3 +
t/TestApp/t/07-sandboxing.t | 65 +++++++++++++-----------------
3 files changed, 32 insertions(+), 38 deletions(-)
- Log -----------------------------------------------------------------
commit 071956e97f966edd2436e0fad755f7eca3fa075b
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri May 21 23:58:15 2010 -0400
In tests, remember to actually stop the testserver, if we started one
This allows us to drop the database cleanly
diff --git a/lib/Jifty/Test.pm b/lib/Jifty/Test.pm
index 2ba5b00..7125c5d 100644
--- a/lib/Jifty/Test.pm
+++ b/lib/Jifty/Test.pm
@@ -678,6 +678,9 @@ sub _ending {
}
}
+ # Turn off the server
+ undef $Jifty::SERVER;
+
# If all tests passed..
if (Jifty::Test->is_passing && Jifty::Test->is_done) {
# Clean up mailbox
commit 1d4e2a7dce86395762d5e2d03c1a88463a3e80cf
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Sat May 22 01:19:08 2010 -0400
Merge good and bad tests into one structure
diff --git a/t/TestApp/t/07-sandboxing.t b/t/TestApp/t/07-sandboxing.t
index e8cd1ad..c14177a 100644
--- a/t/TestApp/t/07-sandboxing.t
+++ b/t/TestApp/t/07-sandboxing.t
@@ -2,7 +2,7 @@
use warnings;
use strict;
-use Jifty::Test::Dist tests => 125, actual_server => 1;
+use Jifty::Test::Dist tests => 126, actual_server => 1;
use Jifty::Test::WWW::Mechanize;
use Net::HTTP;
use URI;
@@ -14,46 +14,41 @@ isa_ok($server, 'Jifty::TestServer');
my $uri = URI->new($server->started_ok);
my $plugin = Jifty->find_plugin("Jifty::Plugin::TestServerWarnings");
-my @bogus = qw{
- ../../../../../../../../../etc/passwd
- /../../../../../../../../../etc/passwd
- /__jifty/../../../../../../../../../../etc/passwd
- /static/../../../../../../../../../../etc/passwd
- ../templates/index.html
- ../templates/_elements/nav
- /static/../templates/_elements/nav
- /static/css/../../templates/index.html
- /static/css/../../templates/_elements/nav
-};
+my @requests = (
+ "../../../../../../../../../etc/passwd" => 404,
+ "/../../../../../../../../../etc/passwd" => 404,
+ "/__jifty/../../../../../../../../../../etc/passwd" => 404,
+ "/static/../../../../../../../../../../etc/passwd" => 404,
+ "../templates/index.html" => 404,
+ "../templates/_elements/nav" => 404,
+ "/static/../templates/_elements/nav" => 404,
+ "/static/css/../../templates/index.html" => 404,
+ "/static/css/../../templates/_elements/nav" => 404,
+ "/static/css/base.css" => qr/body/,
+ "/static/css/../css/base.css" => qr/body/,
+ "/static/css//../css/base.css" => qr/body/,
+ "/somedir/stuff" => qr/dhandler arg is stuff/,
+ "/somedir/stuff/../things" => qr/dhandler arg is things/,
+ "__jifty/webservices/yaml" => qr/--- {}/,
+ "/__jifty//../__jifty/webservices/yaml" => qr/--- {}/,
+ "/__jifty/webservices/../webservices/yaml" => qr/--- {}/,
+ "///__jifty/webservices/yaml" => qr/--- {}/,
+ "/__jifty/../index.html" => qr/pony/,
+);
-for my $path (@bogus) {
+while (my ($path, $expect) = splice(@requests,0,2)) {
my ($status, $body) = bogus_request($path);
- isnt($status, 200, "Didn't get a 200" );
+ my $expect_status = $expect =~ /\D/ ? 200 : $expect;
+ is($status, $expect_status, "Got a $status" );
+
unlike( $body, qr/root/, "Doesn't have a root user in it");
- unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
- unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
- is(scalar $plugin->decoded_warnings($uri), 1);
-}
+ unlike( $body, qr{\Q<&|/_elements/\E|Jifty->web}, "Doesn't have the source code" );
-my %ok = (
- "/static/css/base.css" => qr/body/,
- "/static/css/../css/base.css" => qr/body/,
- "/static/css//../css/base.css" => qr/body/,
- "/somedir/stuff" => qr/dhandler arg is stuff/,
- "/somedir/stuff/../things" => qr/dhandler arg is things/,
- "__jifty/webservices/yaml" => qr/--- {}/,
- "/__jifty//../__jifty/webservices/yaml" => qr/--- {}/,
- "/__jifty/webservices/../webservices/yaml" => qr/--- {}/,
- "///__jifty/webservices/yaml" => qr/--- {}/,
- "/__jifty/../index.html" => qr/pony/,
-);
+ like( $body, $expect, "Has content" ) if $expect_status == 200;
-for my $path (keys %ok) {
- my ($status, $body) = bogus_request($path);
- is( $status, 200, "Got a 200" );
- like( $body, $ok{$path}, "Has content" );
- unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
- is(scalar $plugin->decoded_warnings($uri), 0);
+ my @warn = $plugin->decoded_warnings($uri);
+ my $warn_expect = $expect_status == 200 ? 0 : 1;
+ is(scalar @warn, $warn_expect, "Got expected warning: @warn");
}
sub bogus_request {
commit 69a07d5ef323e930fbefd32155eba8b0cb97fe7c
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Sat May 22 01:21:48 2010 -0400
Downgrade the 404 warning to info-level -- it's not an error
diff --git a/lib/Jifty/Plugin/ErrorTemplates/View.pm b/lib/Jifty/Plugin/ErrorTemplates/View.pm
index 3f5feae..a92cf66 100644
--- a/lib/Jifty/Plugin/ErrorTemplates/View.pm
+++ b/lib/Jifty/Plugin/ErrorTemplates/View.pm
@@ -110,7 +110,7 @@ sub maybe_page (&;$) {
template '/errors/404' => sub {
my $file = get('path') || Jifty->web->request->path;
- Jifty->log->error( "404: user tried to get to " . $file );
+ Jifty->log->info( "404: user tried to get to " . $file );
Jifty->web->response->status( 404 )
unless Jifty->web->request->is_subrequest;
maybe_page { title => _("Something's not quite right") } content {
diff --git a/t/TestApp/t/07-sandboxing.t b/t/TestApp/t/07-sandboxing.t
index c14177a..1e4b01f 100644
--- a/t/TestApp/t/07-sandboxing.t
+++ b/t/TestApp/t/07-sandboxing.t
@@ -2,7 +2,7 @@
use warnings;
use strict;
-use Jifty::Test::Dist tests => 126, actual_server => 1;
+use Jifty::Test::Dist tests => 104, actual_server => 1;
use Jifty::Test::WWW::Mechanize;
use Net::HTTP;
use URI;
@@ -45,10 +45,6 @@ while (my ($path, $expect) = splice(@requests,0,2)) {
unlike( $body, qr{\Q<&|/_elements/\E|Jifty->web}, "Doesn't have the source code" );
like( $body, $expect, "Has content" ) if $expect_status == 200;
-
- my @warn = $plugin->decoded_warnings($uri);
- my $warn_expect = $expect_status == 200 ? 0 : 1;
- is(scalar @warn, $warn_expect, "Got expected warning: @warn");
}
sub bogus_request {
commit 2a64973f1c648f83a6f36199e1edaff263bd4ceb
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Sat May 22 01:22:46 2010 -0400
PSGI's static handler 403's anything with a ../ in it
diff --git a/t/TestApp/t/07-sandboxing.t b/t/TestApp/t/07-sandboxing.t
index 1e4b01f..10c3da9 100644
--- a/t/TestApp/t/07-sandboxing.t
+++ b/t/TestApp/t/07-sandboxing.t
@@ -18,15 +18,15 @@ my @requests = (
"../../../../../../../../../etc/passwd" => 404,
"/../../../../../../../../../etc/passwd" => 404,
"/__jifty/../../../../../../../../../../etc/passwd" => 404,
- "/static/../../../../../../../../../../etc/passwd" => 404,
+ "/static/../../../../../../../../../../etc/passwd" => 403,
"../templates/index.html" => 404,
"../templates/_elements/nav" => 404,
- "/static/../templates/_elements/nav" => 404,
- "/static/css/../../templates/index.html" => 404,
- "/static/css/../../templates/_elements/nav" => 404,
+ "/static/../templates/_elements/nav" => 403,
+ "/static/css/../../templates/index.html" => 403,
+ "/static/css/../../templates/_elements/nav" => 403,
"/static/css/base.css" => qr/body/,
- "/static/css/../css/base.css" => qr/body/,
- "/static/css//../css/base.css" => qr/body/,
+ "/static/css/../css/base.css" => 403,
+ "/static/css//../css/base.css" => 403,
"/somedir/stuff" => qr/dhandler arg is stuff/,
"/somedir/stuff/../things" => qr/dhandler arg is things/,
"__jifty/webservices/yaml" => qr/--- {}/,
commit 443130c46ef8ed526350d81002c2e6f8994727e1
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Sat May 22 01:23:35 2010 -0400
PSGI 404's anything that doesn't start with a /
diff --git a/t/TestApp/t/07-sandboxing.t b/t/TestApp/t/07-sandboxing.t
index 10c3da9..bfc3b61 100644
--- a/t/TestApp/t/07-sandboxing.t
+++ b/t/TestApp/t/07-sandboxing.t
@@ -29,7 +29,7 @@ my @requests = (
"/static/css//../css/base.css" => 403,
"/somedir/stuff" => qr/dhandler arg is stuff/,
"/somedir/stuff/../things" => qr/dhandler arg is things/,
- "__jifty/webservices/yaml" => qr/--- {}/,
+ "__jifty/webservices/yaml" => 404,
"/__jifty//../__jifty/webservices/yaml" => qr/--- {}/,
"/__jifty/webservices/../webservices/yaml" => qr/--- {}/,
"///__jifty/webservices/yaml" => qr/--- {}/,
-----------------------------------------------------------------------
More information about the Jifty-commit
mailing list