From f7bcd554fae642585af5f99c3c858eb2d343e1da Mon Sep 17 00:00:00 2001 From: Tommi Virtanen Date: Wed, 19 Mar 2008 21:28:46 +0200 Subject: Test that incoming paths cannot contain /../ --- gitosis/test/test_serve.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/gitosis/test/test_serve.py b/gitosis/test/test_serve.py index d6030d2..cf54cc6 100644 --- a/gitosis/test/test_serve.py +++ b/gitosis/test/test_serve.py @@ -57,6 +57,18 @@ def test_bad_unsafeArguments(): eq(str(e), 'Arguments to command look dangerous') assert isinstance(e, serve.ServingError) +def test_bad_unsafeArguments_dotdot(): + cfg = RawConfigParser() + e = assert_raises( + serve.UnsafeArgumentsError, + serve.serve, + cfg=cfg, + user='jdoe', + command='git-upload-pack something/../evil', + ) + eq(str(e), 'Arguments to command look dangerous') + assert isinstance(e, serve.ServingError) + def test_bad_forbiddenCommand_read(): cfg = RawConfigParser() e = assert_raises( -- cgit v1.2.3-65-gdbad