summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRajesh Veeranki <rveeranki01@gmail.com>2017-05-25 19:19:01 +0700
committerTim Graham <timograham@gmail.com>2017-05-25 08:19:01 -0400
commit67e1afb4a8478af6725e45a9fdcd2a511b2eb005 (patch)
tree3a306f9d8643e66b878a9a1187a5824af94c9daa
parentf8bce94997739e4e61919cddff84fc3e3302d8f7 (diff)
Fixed #28224 -- Tested for SuspiciousOperation subclasses in Django's tests.
-rw-r--r--tests/file_storage/tests.py6
-rw-r--r--tests/httpwrappers/tests.py6
-rw-r--r--tests/requests/tests.py18
3 files changed, 15 insertions, 15 deletions
diff --git a/tests/file_storage/tests.py b/tests/file_storage/tests.py
index 3413829ced..1ac86f6751 100644
--- a/tests/file_storage/tests.py
+++ b/tests/file_storage/tests.py
@@ -10,7 +10,7 @@ from io import StringIO
from urllib.request import urlopen
from django.core.cache import cache
-from django.core.exceptions import SuspiciousFileOperation, SuspiciousOperation
+from django.core.exceptions import SuspiciousFileOperation
from django.core.files.base import ContentFile, File
from django.core.files.storage import FileSystemStorage, get_storage_class
from django.core.files.uploadedfile import (
@@ -384,9 +384,9 @@ class FileStorageTests(SimpleTestCase):
File storage prevents directory traversal (files can only be accessed if
they're below the storage location).
"""
- with self.assertRaises(SuspiciousOperation):
+ with self.assertRaises(SuspiciousFileOperation):
self.storage.exists('..')
- with self.assertRaises(SuspiciousOperation):
+ with self.assertRaises(SuspiciousFileOperation):
self.storage.exists('/etc/passwd')
def test_file_storage_preserves_filename_case(self):
diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py
index 48a30a1b74..88c32f3b0c 100644
--- a/tests/httpwrappers/tests.py
+++ b/tests/httpwrappers/tests.py
@@ -5,7 +5,7 @@ import pickle
import unittest
import uuid
-from django.core.exceptions import DisallowedRedirect, SuspiciousOperation
+from django.core.exceptions import DisallowedRedirect
from django.core.serializers.json import DjangoJSONEncoder
from django.core.signals import request_finished
from django.db import close_old_connections
@@ -441,9 +441,9 @@ class HttpResponseTests(unittest.TestCase):
'file:///etc/passwd',
]
for url in bad_urls:
- with self.assertRaises(SuspiciousOperation):
+ with self.assertRaises(DisallowedRedirect):
HttpResponseRedirect(url)
- with self.assertRaises(SuspiciousOperation):
+ with self.assertRaises(DisallowedRedirect):
HttpResponsePermanentRedirect(url)
diff --git a/tests/requests/tests.py b/tests/requests/tests.py
index 932078fb0e..1ab90660f7 100644
--- a/tests/requests/tests.py
+++ b/tests/requests/tests.py
@@ -5,7 +5,7 @@ from io import BytesIO
from itertools import chain
from urllib.parse import urlencode
-from django.core.exceptions import SuspiciousOperation
+from django.core.exceptions import DisallowedHost
from django.core.handlers.wsgi import LimitedStream, WSGIRequest
from django.http import (
HttpRequest, HttpResponse, RawPostDataException, UnreadablePostError,
@@ -695,7 +695,7 @@ class HostValidationTests(SimpleTestCase):
# Poisoned host headers are rejected as suspicious
for host in chain(self.poisoned_hosts, ['other.com', 'example.com..']):
- with self.assertRaises(SuspiciousOperation):
+ with self.assertRaises(DisallowedHost):
request = HttpRequest()
request.META = {
'HTTP_HOST': host,
@@ -759,7 +759,7 @@ class HostValidationTests(SimpleTestCase):
request.get_host()
for host in self.poisoned_hosts:
- with self.assertRaises(SuspiciousOperation):
+ with self.assertRaises(DisallowedHost):
request = HttpRequest()
request.META = {
'HTTP_HOST': host,
@@ -810,8 +810,8 @@ class HostValidationTests(SimpleTestCase):
request.META = {'HTTP_HOST': host}
self.assertEqual(request.get_host(), host)
- # Other hostnames raise a SuspiciousOperation.
- with self.assertRaises(SuspiciousOperation):
+ # Other hostnames raise a DisallowedHost.
+ with self.assertRaises(DisallowedHost):
request = HttpRequest()
request.META = {'HTTP_HOST': 'example.com'}
request.get_host()
@@ -831,7 +831,7 @@ class HostValidationTests(SimpleTestCase):
]:
request = HttpRequest()
request.META = {'HTTP_HOST': host}
- with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, host)):
+ with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, host)):
request.get_host()
for domain, port in [ # Valid-looking hosts with a port number
@@ -842,18 +842,18 @@ class HostValidationTests(SimpleTestCase):
host = '%s:%s' % (domain, port)
request = HttpRequest()
request.META = {'HTTP_HOST': host}
- with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion % (host, domain)):
+ with self.assertRaisesMessage(DisallowedHost, msg_suggestion % (host, domain)):
request.get_host()
for host in self.poisoned_hosts:
request = HttpRequest()
request.META = {'HTTP_HOST': host}
- with self.assertRaisesMessage(SuspiciousOperation, msg_invalid_host % host):
+ with self.assertRaisesMessage(DisallowedHost, msg_invalid_host % host):
request.get_host()
request = HttpRequest()
request.META = {'HTTP_HOST': "invalid_hostname.com"}
- with self.assertRaisesMessage(SuspiciousOperation, msg_suggestion2 % "invalid_hostname.com"):
+ with self.assertRaisesMessage(DisallowedHost, msg_suggestion2 % "invalid_hostname.com"):
request.get_host()
def test_split_domain_port_removes_trailing_dot(self):