[Jifty-commit] r6302 - in jifty/trunk: t/TestApp/t
Jifty commits
jifty-commit at lists.jifty.org
Wed Feb 4 13:54:36 EST 2009
Author: alexmv
Date: Wed Feb 4 13:54:36 2009
New Revision: 6302
Modified:
jifty/trunk/ (props changed)
jifty/trunk/t/TestApp/t/07-sandboxing.t
Log:
r41796 at kohr-ah: chmrr | 2009-02-04 13:54:25 -0500
* Remove a bunch of duplicated code
Modified: jifty/trunk/t/TestApp/t/07-sandboxing.t
==============================================================================
--- jifty/trunk/t/TestApp/t/07-sandboxing.t (original)
+++ jifty/trunk/t/TestApp/t/07-sandboxing.t Wed Feb 4 13:54:36 2009
@@ -2,7 +2,7 @@
use warnings;
use strict;
-use Jifty::Test::Dist tests => 98;
+use Jifty::Test::Dist tests => 125;
use Jifty::Test::WWW::Mechanize;
use Net::HTTP;
use URI;
@@ -14,102 +14,47 @@
my $uri = URI->new($server->started_ok);
my $plugin = Jifty->find_plugin("Jifty::Plugin::TestServerWarnings");
-my ($status, $body);
-($status, $body) = bogus_request("../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/__jifty/../../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/../../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("../templates/index.html");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("../templates/_elements/nav");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/../templates/_elements/nav");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/css/../../templates/index.html");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/css/../../templates/_elements/nav");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/css/base.css");
-is( $status, 200, "Got a 200" );
-like( $body, qr/body/, "Has content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/static/css/../css/base.css");
-is( $status, 200, "Got a 200" );
-like( $body, qr/body/, "Has content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/static/css//../css/base.css");
-is( $status, 200, "Got a 200" );
-like( $body, qr/body/, "Has content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/somedir/stuff");
-is( $status, 200, "Got a 200" );
-like( $body, qr/dhandler arg is stuff/, "Has the content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/somedir/stuff/../things");
-is( $status, 200, "Got a 200" );
-like( $body, qr/dhandler arg is things/, "Has the right content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("__jifty/webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/__jifty//../__jifty/webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/__jifty/webservices/../webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("///__jifty/webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/__jifty/../index.html");
-is( $status, 200, "Got a 200" );
-unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
-like( $body, qr/pony/, "Has the output" );
-is(scalar $plugin->decoded_warnings($uri), 0);
+my @bogus = qw{
+ ../../../../../../../../../etc/passwd
+ /../../../../../../../../../etc/passwd
+ /__jifty/../../../../../../../../../../etc/passwd
+ /static/../../../../../../../../../../etc/passwd
+ ../templates/index.html
+ ../templates/_elements/nav
+ /static/../templates/_elements/nav
+ /static/css/../../templates/index.html
+ /static/css/../../templates/_elements/nav
+};
+
+for my $path (@bogus) {
+ my ($status, $body) = bogus_request($path);
+ isnt($status, 200, "Didn't get a 200" );
+ unlike( $body, qr/root/, "Doesn't have a root user in it");
+ unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
+ unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
+ is(scalar $plugin->decoded_warnings($uri), 1);
+}
+
+my %ok = (
+ "/static/css/base.css" => qr/body/,
+ "/static/css/../css/base.css" => qr/body/,
+ "/static/css//../css/base.css" => qr/body/,
+ "/somedir/stuff" => qr/dhandler arg is stuff/,
+ "/somedir/stuff/../things" => qr/dhandler arg is things/,
+ "__jifty/webservices/yaml" => qr/--- {}/,
+ "/__jifty//../__jifty/webservices/yaml" => qr/--- {}/,
+ "/__jifty/webservices/../webservices/yaml" => qr/--- {}/,
+ "///__jifty/webservices/yaml" => qr/--- {}/,
+ "/__jifty/../index.html" => qr/pony/,
+);
+
+for my $path (keys %ok) {
+ my ($status, $body) = bogus_request($path);
+ is( $status, 200, "Got a 200" );
+ like( $body, $ok{$path}, "Has content" );
+ unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
+ is(scalar $plugin->decoded_warnings($uri), 0);
+}
sub bogus_request {
my $url = shift;
More information about the Jifty-commit
mailing list