diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2024-03-20 13:55:21 -0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-07-09 10:40:48 -0300 |
| commit | 2b00edc0151a660d1eb86da4059904a0fc4e095e (patch) | |
| tree | 1ca6d18807f1b88b3b9133f44fb2abd764d07577 /tests/file_storage/tests.py | |
| parent | 156d3186c96e3ec2ca73b8b25dc2ef366e38df14 (diff) | |
[4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
Diffstat (limited to 'tests/file_storage/tests.py')
| -rw-r--r-- | tests/file_storage/tests.py | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/tests/file_storage/tests.py b/tests/file_storage/tests.py index 7fb57fbce4..44bea8c180 100644 --- a/tests/file_storage/tests.py +++ b/tests/file_storage/tests.py @@ -342,22 +342,17 @@ class FileStorageTests(SimpleTestCase): self.storage.delete("path/to/test.file") - def test_file_save_abs_path(self): - test_name = "path/to/test.file" - f = ContentFile("file saved with path") - f_name = self.storage.save(os.path.join(self.temp_dir, test_name), f) - self.assertEqual(f_name, test_name) - @unittest.skipUnless( symlinks_supported(), "Must be able to symlink to run this test." ) def test_file_save_broken_symlink(self): """A new path is created on save when a broken symlink is supplied.""" nonexistent_file_path = os.path.join(self.temp_dir, "nonexistent.txt") - broken_symlink_path = os.path.join(self.temp_dir, "symlink.txt") + broken_symlink_file_name = "symlink.txt" + broken_symlink_path = os.path.join(self.temp_dir, broken_symlink_file_name) os.symlink(nonexistent_file_path, broken_symlink_path) f = ContentFile("some content") - f_name = self.storage.save(broken_symlink_path, f) + f_name = self.storage.save(broken_symlink_file_name, f) self.assertIs(os.path.exists(os.path.join(self.temp_dir, f_name)), True) def test_save_doesnt_close(self): |