diff options
| author | Tim Graham <timograham@gmail.com> | 2015-06-12 13:49:31 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-07-08 07:38:06 -0400 |
| commit | 1ba1cdce7d58e6740fe51955d945b56ae51d072a (patch) | |
| tree | 50bd13a10f39124b8295fc3a82d77bb0c1ce7e36 /tests/modeltests/validators | |
| parent | 2e47f3e401c29bc2ba5ab794d483cb0820855fb9 (diff) | |
[1.4.x] Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.
Thanks to Sjoerd Job Postmus for the report and draft patch.
Diffstat (limited to 'tests/modeltests/validators')
| -rw-r--r-- | tests/modeltests/validators/tests.py | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/tests/modeltests/validators/tests.py b/tests/modeltests/validators/tests.py index a1a48bf97c..01d2bf2a6b 100644 --- a/tests/modeltests/validators/tests.py +++ b/tests/modeltests/validators/tests.py @@ -12,13 +12,16 @@ NOW = datetime.now() TEST_DATA = ( # (validator, value, expected), + # (validator, value, expected), (validate_integer, '42', None), (validate_integer, '-42', None), (validate_integer, -42, None), - (validate_integer, -42.5, None), + (validate_integer, -42.5, ValidationError), (validate_integer, None, ValidationError), (validate_integer, 'a', ValidationError), + (validate_integer, '\n42', ValidationError), + (validate_integer, '42\n', ValidationError), (validate_email, 'email@here.com', None), (validate_email, 'weirder-email@here.and.there.com', None), @@ -33,6 +36,11 @@ TEST_DATA = ( # Quoted-string format (CR not allowed) (validate_email, '"\\\011"@here.com', None), (validate_email, '"\\\012"@here.com', ValidationError), + # Trailing newlines in username or domain not allowed + (validate_email, 'a@b.com\n', ValidationError), + (validate_email, 'a\n@b.com', ValidationError), + (validate_email, '"test@test"\n@example.com', ValidationError), + (validate_email, 'a@[127.0.0.1]\n', ValidationError), (validate_slug, 'slug-ok', None), (validate_slug, 'longer-slug-still-ok', None), @@ -45,6 +53,7 @@ TEST_DATA = ( (validate_slug, 'some@mail.com', ValidationError), (validate_slug, '你好', ValidationError), (validate_slug, '\n', ValidationError), + (validate_slug, 'trailing-newline\n', ValidationError), (validate_ipv4_address, '1.1.1.1', None), (validate_ipv4_address, '255.0.0.0', None), @@ -54,6 +63,7 @@ TEST_DATA = ( (validate_ipv4_address, '25.1.1.', ValidationError), (validate_ipv4_address, '25,1,1,1', ValidationError), (validate_ipv4_address, '25.1 .1.1', ValidationError), + (validate_ipv4_address, '1.1.1.1\n', ValidationError), # validate_ipv6_address uses django.utils.ipv6, which # is tested in much greater detail in it's own testcase @@ -87,6 +97,7 @@ TEST_DATA = ( (validate_comma_separated_integer_list, '', ValidationError), (validate_comma_separated_integer_list, 'a,b,c', ValidationError), (validate_comma_separated_integer_list, '1, 2, 3', ValidationError), + (validate_comma_separated_integer_list, '1,2,3\n', ValidationError), (MaxValueValidator(10), 10, None), (MaxValueValidator(10), -10, None), @@ -138,6 +149,9 @@ TEST_DATA = ( (URLValidator(), 'http://-invalid.com', ValidationError), (URLValidator(), 'http://inv-.alid-.com', ValidationError), (URLValidator(), 'http://inv-.-alid.com', ValidationError), + # Trailing newlines not accepted + (URLValidator(), 'http://www.djangoproject.com/\n', ValidationError), + (URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError), (BaseValidator(True), True, None), (BaseValidator(True), False, ValidationError), |