Quote paths before sending them to swob.Request.blank

Following the fix for https://bugs.python.org/issue43882, our py39 unit tests started failing. This was because swob.Request.blank calls stdlib's urlparse, which now strips out newlines. Since Request.blank *also* always unquotes, just make sure we always quote the newlines we want to use while testing. Change-Id: Ia5857c70e51d8af3e42ecaced95525be578db127
2021-05-27 12:22:53 -07:00 · 2021-05-27 12:22:53 -07:00 · 2b5853f419
commit 2b5853f419
parent f7f1553edb
2 changed files with 5 additions and 10 deletions
--- a/test/unit/common/middleware/test_tempurl.py
+++ b/test/unit/common/middleware/test_tempurl.py
@ -35,6 +35,7 @@ import mock
 import unittest
 import hashlib
 import six
+from six.moves.urllib.parse import quote
 from time import time, strftime, gmtime

 from swift.common.middleware import tempauth, tempurl
@ -350,7 +351,7 @@ class TestTempURL(unittest.TestCase):
        key = b'abc'
        hmac_body = ('%s\n%i\n%s' % (method, expires, path)).encode('utf-8')
        sig = hmac.new(key, hmac_body, hashlib.sha1).hexdigest()
-        req = self._make_request(path, keys=[key], environ={
+        req = self._make_request(quote(path), keys=[key], environ={
            'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
                sig, expires)})
        self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')]))
--- a/test/unit/common/test_swob.py
+++ b/test/unit/common/test_swob.py
@ -789,14 +789,8 @@ class TestRequest(unittest.TestCase):

        hacker = 'account-name\n\n<b>foo<br>'  # url injection test
        quoted_hacker = quote(hacker)
-        req = swob.Request.blank('/v1/' + hacker)
-        resp = req.get_response(test_app)
-        self.assertEqual(resp.status_int, 401)
-        self.assertTrue('Www-Authenticate' in resp.headers)
-        self.assertEqual('Swift realm="%s"' % quoted_hacker,
-                         resp.headers['Www-Authenticate'])
-
        req = swob.Request.blank('/v1/' + quoted_hacker)
+        self.assertIn(hacker, req.environ['PATH_INFO'])  # sanity check
        resp = req.get_response(test_app)
        self.assertEqual(resp.status_int, 401)
        self.assertTrue('Www-Authenticate' in resp.headers)
@ -974,11 +968,11 @@ class TestRequest(unittest.TestCase):
        self.assertEqual(_test_split_path('/a/c/', 2), ['a', 'c'])
        self.assertEqual(_test_split_path('/a/c/', 2, 3), ['a', 'c', ''])
        try:
-            _test_split_path('o\nn e', 2)
+            _test_split_path('o%0an e', 2)
        except ValueError as err:
            self.assertEqual(str(err), 'Invalid path: o%0An%20e')
        try:
-            _test_split_path('o\nn e', 2, 3, True)
+            _test_split_path('o%0an e', 2, 3, True)
        except ValueError as err:
            self.assertEqual(str(err), 'Invalid path: o%0An%20e')