Quote paths before sending them to swob.Request.blank

Following the fix for https://bugs.python.org/issue43882, our py39 unit
tests started failing. This was because swob.Request.blank calls
stdlib's urlparse, which now strips out newlines. Since Request.blank
*also* always unquotes, just make sure we always quote the newlines we
want to use while testing.

Change-Id: Ia5857c70e51d8af3e42ecaced95525be578db127
This commit is contained in:
Tim Burke 2021-05-27 12:22:53 -07:00
parent f7f1553edb
commit 2b5853f419
2 changed files with 5 additions and 10 deletions

View File

@ -35,6 +35,7 @@ import mock
import unittest import unittest
import hashlib import hashlib
import six import six
from six.moves.urllib.parse import quote
from time import time, strftime, gmtime from time import time, strftime, gmtime
from swift.common.middleware import tempauth, tempurl from swift.common.middleware import tempauth, tempurl
@ -350,7 +351,7 @@ class TestTempURL(unittest.TestCase):
key = b'abc' key = b'abc'
hmac_body = ('%s\n%i\n%s' % (method, expires, path)).encode('utf-8') hmac_body = ('%s\n%i\n%s' % (method, expires, path)).encode('utf-8')
sig = hmac.new(key, hmac_body, hashlib.sha1).hexdigest() sig = hmac.new(key, hmac_body, hashlib.sha1).hexdigest()
req = self._make_request(path, keys=[key], environ={ req = self._make_request(quote(path), keys=[key], environ={
'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % ( 'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
sig, expires)}) sig, expires)})
self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')])) self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')]))

View File

@ -789,14 +789,8 @@ class TestRequest(unittest.TestCase):
hacker = 'account-name\n\n<b>foo<br>' # url injection test hacker = 'account-name\n\n<b>foo<br>' # url injection test
quoted_hacker = quote(hacker) quoted_hacker = quote(hacker)
req = swob.Request.blank('/v1/' + hacker)
resp = req.get_response(test_app)
self.assertEqual(resp.status_int, 401)
self.assertTrue('Www-Authenticate' in resp.headers)
self.assertEqual('Swift realm="%s"' % quoted_hacker,
resp.headers['Www-Authenticate'])
req = swob.Request.blank('/v1/' + quoted_hacker) req = swob.Request.blank('/v1/' + quoted_hacker)
self.assertIn(hacker, req.environ['PATH_INFO']) # sanity check
resp = req.get_response(test_app) resp = req.get_response(test_app)
self.assertEqual(resp.status_int, 401) self.assertEqual(resp.status_int, 401)
self.assertTrue('Www-Authenticate' in resp.headers) self.assertTrue('Www-Authenticate' in resp.headers)
@ -974,11 +968,11 @@ class TestRequest(unittest.TestCase):
self.assertEqual(_test_split_path('/a/c/', 2), ['a', 'c']) self.assertEqual(_test_split_path('/a/c/', 2), ['a', 'c'])
self.assertEqual(_test_split_path('/a/c/', 2, 3), ['a', 'c', '']) self.assertEqual(_test_split_path('/a/c/', 2, 3), ['a', 'c', ''])
try: try:
_test_split_path('o\nn e', 2) _test_split_path('o%0an e', 2)
except ValueError as err: except ValueError as err:
self.assertEqual(str(err), 'Invalid path: o%0An%20e') self.assertEqual(str(err), 'Invalid path: o%0An%20e')
try: try:
_test_split_path('o\nn e', 2, 3, True) _test_split_path('o%0an e', 2, 3, True)
except ValueError as err: except ValueError as err:
self.assertEqual(str(err), 'Invalid path: o%0An%20e') self.assertEqual(str(err), 'Invalid path: o%0An%20e')