diff options
| author | Tim Graham <timograham@gmail.com> | 2015-06-12 13:49:31 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-07-08 15:23:18 -0400 |
| commit | 574dd5e0b0fbb877ae5827b1603d298edc9bb2a0 (patch) | |
| tree | ca2631d21fd50573edd594770bdf2fe0f528768a /tests/validators/tests.py | |
| parent | 66d12d1ababa8f062857ee5eb43276493720bf16 (diff) | |
[1.8.x] Prevented newlines from being accepted in some validators.
This is a security fix; disclosure to follow shortly.
Thanks to Sjoerd Job Postmus for the report and draft patch.
Diffstat (limited to 'tests/validators/tests.py')
| -rw-r--r-- | tests/validators/tests.py | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/tests/validators/tests.py b/tests/validators/tests.py index 869c6d91cb..e410905b50 100644 --- a/tests/validators/tests.py +++ b/tests/validators/tests.py @@ -28,10 +28,12 @@ TEST_DATA = [ (validate_integer, '42', None), (validate_integer, '-42', None), (validate_integer, -42, None), - (validate_integer, -42.5, None), + (validate_integer, -42.5, ValidationError), (validate_integer, None, ValidationError), (validate_integer, 'a', ValidationError), + (validate_integer, '\n42', ValidationError), + (validate_integer, '42\n', ValidationError), (validate_email, 'email@here.com', None), (validate_email, 'weirder-email@here.and.there.com', None), @@ -72,6 +74,11 @@ TEST_DATA = [ # Max length of domain name in email is 249 (see validator for calculation) (validate_email, 'a@%s.us' % ('a' * 249), None), (validate_email, 'a@%s.us' % ('a' * 250), ValidationError), + # Trailing newlines in username or domain not allowed + (validate_email, 'a@b.com\n', ValidationError), + (validate_email, 'a\n@b.com', ValidationError), + (validate_email, '"test@test"\n@example.com', ValidationError), + (validate_email, 'a@[127.0.0.1]\n', ValidationError), (validate_slug, 'slug-ok', None), (validate_slug, 'longer-slug-still-ok', None), @@ -84,6 +91,7 @@ TEST_DATA = [ (validate_slug, 'some@mail.com', ValidationError), (validate_slug, '你好', ValidationError), (validate_slug, '\n', ValidationError), + (validate_slug, 'trailing-newline\n', ValidationError), (validate_ipv4_address, '1.1.1.1', None), (validate_ipv4_address, '255.0.0.0', None), @@ -93,6 +101,7 @@ TEST_DATA = [ (validate_ipv4_address, '25.1.1.', ValidationError), (validate_ipv4_address, '25,1,1,1', ValidationError), (validate_ipv4_address, '25.1 .1.1', ValidationError), + (validate_ipv4_address, '1.1.1.1\n', ValidationError), # validate_ipv6_address uses django.utils.ipv6, which # is tested in much greater detail in its own testcase @@ -126,6 +135,7 @@ TEST_DATA = [ (validate_comma_separated_integer_list, '', ValidationError), (validate_comma_separated_integer_list, 'a,b,c', ValidationError), (validate_comma_separated_integer_list, '1, 2, 3', ValidationError), + (validate_comma_separated_integer_list, '1,2,3\n', ValidationError), (MaxValueValidator(10), 10, None), (MaxValueValidator(10), -10, None), @@ -159,6 +169,9 @@ TEST_DATA = [ (URLValidator(EXTENDED_SCHEMES), 'git://example.com/', None), (URLValidator(EXTENDED_SCHEMES), 'git://-invalid.com', ValidationError), + # Trailing newlines not accepted + (URLValidator(), 'http://www.djangoproject.com/\n', ValidationError), + (URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError), (BaseValidator(True), True, None), (BaseValidator(True), False, ValidationError), |