From 041cb672e8af71ba9622d22ed4c675f437b26753 Mon Sep 17 00:00:00 2001 From: Tim Burke Date: Wed, 18 Jan 2023 15:14:54 -0800 Subject: [PATCH] tests: Ensure XXE injection tests have config loaded Depending on test order (and possibly whether there were earlier failures?) the new tests may trip KeyErrors when trying to get s3_access_key values. Solution seems to be defining setUpModule() / tearDownModule() like other functional tests. Also fix up some Content-MD5 handling; if we're using pre-signed URLs, we can't provide a Content-MD5. Change-Id: Ifce72ec255b1b618b9914ce5785d04ee0ebd3b8c Related-Change: I84494123cfc85e234098c554ecd3e77981f8a096 (cherry picked from commit 3550e00dd9e380ba655e19047f8042bb9ae60098) --- test/functional/s3api/test_xxe_injection.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/test/functional/s3api/test_xxe_injection.py b/test/functional/s3api/test_xxe_injection.py index ae15e548c4..b046fed75c 100644 --- a/test/functional/s3api/test_xxe_injection.py +++ b/test/functional/s3api/test_xxe_injection.py @@ -14,17 +14,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -import base64 import requests import botocore -from swift.common.utils import md5 - import test.functional as tf from test.functional.s3api import S3ApiBaseBoto3 +def setUpModule(): + tf.setup_package() + + +def tearDownModule(): + tf.teardown_package() + + class TestS3ApiXxeInjection(S3ApiBaseBoto3): def setUp(self): @@ -144,11 +149,8 @@ class TestS3ApiXxeInjection(S3ApiBaseBoto3): """ body = body.encode('utf-8') - content_md5 = ( - base64.b64encode(md5(body, usedforsecurity=False).digest())) - resp = requests.post( - url, headers={'Content-MD5': content_md5}, data=body) - self.assertEqual(400, resp.status_code) + resp = requests.post(url, data=body) + self.assertEqual(400, resp.status_code, resp.content) self.assertNotIn(b'xxe', resp.content) self.assertNotIn(b'[swift-hash]', resp.content)