[Jifty-commit] r6302 - in jifty/trunk: t/TestApp/t

Jifty commits jifty-commit at lists.jifty.org
Wed Feb 4 13:54:36 EST 2009 

Author: alexmv
Date: Wed Feb  4 13:54:36 2009
New Revision: 6302

Modified:
   jifty/trunk/   (props changed)
   jifty/trunk/t/TestApp/t/07-sandboxing.t

Log:
 r41796 at kohr-ah:  chmrr | 2009-02-04 13:54:25 -0500
  * Remove a bunch of duplicated code


Modified: jifty/trunk/t/TestApp/t/07-sandboxing.t
==============================================================================
--- jifty/trunk/t/TestApp/t/07-sandboxing.t	(original)
+++ jifty/trunk/t/TestApp/t/07-sandboxing.t	Wed Feb  4 13:54:36 2009
@@ -2,7 +2,7 @@
 use warnings;
 use strict;
 
-use Jifty::Test::Dist tests => 98;
+use Jifty::Test::Dist tests => 125;
 use Jifty::Test::WWW::Mechanize;
 use Net::HTTP;
 use URI;
@@ -14,102 +14,47 @@
 my $uri = URI->new($server->started_ok);
 my $plugin = Jifty->find_plugin("Jifty::Plugin::TestServerWarnings");
 
-my ($status, $body);
-($status, $body) = bogus_request("../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/__jifty/../../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/../../../../../../../../../../etc/passwd");
-isnt($status, 200, "Didn't get a 200" );
-unlike( $body, qr/root/, "Doesn't have a root user in it");
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("../templates/index.html");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("../templates/_elements/nav");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/../templates/_elements/nav");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/css/../../templates/index.html");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/css/../../templates/_elements/nav");
-isnt( $status, 200, "Didn't get a 200" );
-unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
-is(scalar $plugin->decoded_warnings($uri), 1);
-
-($status, $body) = bogus_request("/static/css/base.css");
-is( $status, 200, "Got a 200" );
-like( $body, qr/body/, "Has content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/static/css/../css/base.css");
-is( $status, 200, "Got a 200" );
-like( $body, qr/body/, "Has content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/static/css//../css/base.css");
-is( $status, 200, "Got a 200" );
-like( $body, qr/body/, "Has content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/somedir/stuff");
-is( $status, 200, "Got a 200" );
-like( $body, qr/dhandler arg is stuff/, "Has the content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/somedir/stuff/../things");
-is( $status, 200, "Got a 200" );
-like( $body, qr/dhandler arg is things/, "Has the right content" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("__jifty/webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/__jifty//../__jifty/webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/__jifty/webservices/../webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("///__jifty/webservices/yaml");
-is( $status, 200, "Got a 200" );
-like( $body, qr/--- {}/, "Got correct YAML response" );
-is(scalar $plugin->decoded_warnings($uri), 0);
-
-($status, $body) = bogus_request("/__jifty/../index.html");
-is( $status, 200, "Got a 200" );
-unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
-like( $body, qr/pony/, "Has the output" );
-is(scalar $plugin->decoded_warnings($uri), 0);
+my @bogus = qw{
+    ../../../../../../../../../etc/passwd
+    /../../../../../../../../../etc/passwd
+    /__jifty/../../../../../../../../../../etc/passwd
+    /static/../../../../../../../../../../etc/passwd
+    ../templates/index.html
+    ../templates/_elements/nav
+    /static/../templates/_elements/nav
+    /static/css/../../templates/index.html
+    /static/css/../../templates/_elements/nav
+};
+
+for my $path (@bogus) {
+    my ($status, $body) = bogus_request($path);
+    isnt($status, 200, "Didn't get a 200" );
+    unlike( $body, qr/root/, "Doesn't have a root user in it");
+    unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
+    unlike( $body, qr/Jifty->web->navigation/, "Doesn't have the source" );
+    is(scalar $plugin->decoded_warnings($uri), 1);
+}
+
+my %ok = (
+    "/static/css/base.css" => qr/body/,
+    "/static/css/../css/base.css" => qr/body/,
+    "/static/css//../css/base.css" => qr/body/,
+    "/somedir/stuff" => qr/dhandler arg is stuff/,
+    "/somedir/stuff/../things" => qr/dhandler arg is things/,
+    "__jifty/webservices/yaml" => qr/--- {}/,
+    "/__jifty//../__jifty/webservices/yaml" => qr/--- {}/,
+    "/__jifty/webservices/../webservices/yaml" => qr/--- {}/,
+    "///__jifty/webservices/yaml" => qr/--- {}/,
+    "/__jifty/../index.html" => qr/pony/,
+);
+
+for my $path (keys %ok) {
+    my ($status, $body) = bogus_request($path);
+    is( $status, 200, "Got a 200" );
+    like( $body, $ok{$path}, "Has content" );
+    unlike( $body, qr{\Q<&|/_elements/\E}, "Doesn't have the source code" );
+    is(scalar $plugin->decoded_warnings($uri), 0);
+}
 
 sub bogus_request {
     my $url = shift;

More information about the Jifty-commit mailing list