tests: Ensure XXE injection tests have config loaded
Depending on test order (and possibly whether there were earlier
failures?) the new tests may trip KeyErrors when trying to get
s3_access_key values. Solution seems to be defining
setUpModule() / tearDownModule() like other functional tests.
Also fix up some Content-MD5 handling; if we're using pre-signed URLs,
we can't provide a Content-MD5.
Change-Id: Ifce72ec255b1b618b9914ce5785d04ee0ebd3b8c
Related-Change: I84494123cfc85e234098c554ecd3e77981f8a096
(cherry picked from commit 3550e00dd9
)
This commit is contained in:
parent
67785199b0
commit
041cb672e8
|
@ -14,17 +14,22 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import base64
|
||||
import requests
|
||||
|
||||
import botocore
|
||||
|
||||
from swift.common.utils import md5
|
||||
|
||||
import test.functional as tf
|
||||
from test.functional.s3api import S3ApiBaseBoto3
|
||||
|
||||
|
||||
def setUpModule():
|
||||
tf.setup_package()
|
||||
|
||||
|
||||
def tearDownModule():
|
||||
tf.teardown_package()
|
||||
|
||||
|
||||
class TestS3ApiXxeInjection(S3ApiBaseBoto3):
|
||||
|
||||
def setUp(self):
|
||||
|
@ -144,11 +149,8 @@ class TestS3ApiXxeInjection(S3ApiBaseBoto3):
|
|||
</Delete>
|
||||
"""
|
||||
body = body.encode('utf-8')
|
||||
content_md5 = (
|
||||
base64.b64encode(md5(body, usedforsecurity=False).digest()))
|
||||
resp = requests.post(
|
||||
url, headers={'Content-MD5': content_md5}, data=body)
|
||||
self.assertEqual(400, resp.status_code)
|
||||
resp = requests.post(url, data=body)
|
||||
self.assertEqual(400, resp.status_code, resp.content)
|
||||
self.assertNotIn(b'xxe', resp.content)
|
||||
self.assertNotIn(b'[swift-hash]', resp.content)
|
||||
|
||||
|
|
Loading…
Reference in New Issue