diff options
| author | Adam Johnson <me@adamj.eu> | 2024-01-22 13:21:13 +0000 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-02-06 10:28:51 -0300 |
| commit | c1171ffbd570db90ca206c30f8e2b9f691243820 (patch) | |
| tree | eddc65477d96dcb6de5f65897273d6b8c449a6b1 /tests/humanize_tests/tests.py | |
| parent | 9dc345643e94f3a48d58fe7547fbc88ce8dab6e9 (diff) | |
[3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
Thanks Seokchan Yoon for the report.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
Diffstat (limited to 'tests/humanize_tests/tests.py')
| -rw-r--r-- | tests/humanize_tests/tests.py | 140 |
1 files changed, 128 insertions, 12 deletions
diff --git a/tests/humanize_tests/tests.py b/tests/humanize_tests/tests.py index a0d16bbfed..3c227873cf 100644 --- a/tests/humanize_tests/tests.py +++ b/tests/humanize_tests/tests.py @@ -66,28 +66,144 @@ class HumanizeTests(SimpleTestCase): def test_intcomma(self): test_list = ( - 100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000', - '10123', '10311', '1000000', '1234567.1234567', - Decimal('1234567.1234567'), None, + 100, + -100, + 1000, + -1000, + 10123, + -10123, + 10311, + -10311, + 1000000, + -1000000, + 1234567.25, + -1234567.25, + "100", + "-100", + "1000", + "-1000", + "10123", + "-10123", + "10311", + "-10311", + "1000000", + "-1000000", + "1234567.1234567", + "-1234567.1234567", + Decimal("1234567.1234567"), + Decimal("-1234567.1234567"), + None, + "1234567", + "-1234567", + "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25', - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567', - '1,234,567.1234567', None, + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.25", + "-1,234,567.25", + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.1234567", + "-1,234,567.1234567", + "1,234,567.1234567", + "-1,234,567.1234567", + None, + "1,234,567", + "-1,234,567", + "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with translation.override('en'): self.humanize_tester(test_list, result_list, 'intcomma') def test_l10n_intcomma(self): test_list = ( - 100, 1000, 10123, 10311, 1000000, 1234567.25, '100', '1000', - '10123', '10311', '1000000', '1234567.1234567', - Decimal('1234567.1234567'), None, + 100, + -100, + 1000, + -1000, + 10123, + -10123, + 10311, + -10311, + 1000000, + -1000000, + 1234567.25, + -1234567.25, + "100", + "-100", + "1000", + "-1000", + "10123", + "-10123", + "10311", + "-10311", + "1000000", + "-1000000", + "1234567.1234567", + "-1234567.1234567", + Decimal("1234567.1234567"), + -Decimal("1234567.1234567"), + None, + "1234567", + "-1234567", + "1234567.12", + "-1234567.12", + "the quick brown fox jumped over the lazy dog", ) result_list = ( - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.25', - '100', '1,000', '10,123', '10,311', '1,000,000', '1,234,567.1234567', - '1,234,567.1234567', None, + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.25", + "-1,234,567.25", + "100", + "-100", + "1,000", + "-1,000", + "10,123", + "-10,123", + "10,311", + "-10,311", + "1,000,000", + "-1,000,000", + "1,234,567.1234567", + "-1,234,567.1234567", + "1,234,567.1234567", + "-1,234,567.1234567", + None, + "1,234,567", + "-1,234,567", + "1,234,567.12", + "-1,234,567.12", + "the quick brown fox jumped over the lazy dog", ) with self.settings(USE_L10N=True, USE_THOUSAND_SEPARATOR=False): with translation.override('en'): |