tests: Ensure XXE injection tests have config loaded
Depending on test order (and possibly whether there were earlier
failures?) the new tests may trip KeyErrors when trying to get
s3_access_key values. Solution seems to be defining
setUpModule() / tearDownModule() like other functional tests.
Also fix up some Content-MD5 handling; if we're using pre-signed URLs,
we can't provide a Content-MD5.
Change-Id: Ifce72ec255b1b618b9914ce5785d04ee0ebd3b8c
Related-Change: I84494123cfc85e234098c554ecd3e77981f8a096
(cherry picked from commit 3550e00dd9
)
This commit is contained in:
parent
67785199b0
commit
041cb672e8
|
@ -14,17 +14,22 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import base64
|
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
import botocore
|
import botocore
|
||||||
|
|
||||||
from swift.common.utils import md5
|
|
||||||
|
|
||||||
import test.functional as tf
|
import test.functional as tf
|
||||||
from test.functional.s3api import S3ApiBaseBoto3
|
from test.functional.s3api import S3ApiBaseBoto3
|
||||||
|
|
||||||
|
|
||||||
|
def setUpModule():
|
||||||
|
tf.setup_package()
|
||||||
|
|
||||||
|
|
||||||
|
def tearDownModule():
|
||||||
|
tf.teardown_package()
|
||||||
|
|
||||||
|
|
||||||
class TestS3ApiXxeInjection(S3ApiBaseBoto3):
|
class TestS3ApiXxeInjection(S3ApiBaseBoto3):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
@ -144,11 +149,8 @@ class TestS3ApiXxeInjection(S3ApiBaseBoto3):
|
||||||
</Delete>
|
</Delete>
|
||||||
"""
|
"""
|
||||||
body = body.encode('utf-8')
|
body = body.encode('utf-8')
|
||||||
content_md5 = (
|
resp = requests.post(url, data=body)
|
||||||
base64.b64encode(md5(body, usedforsecurity=False).digest()))
|
self.assertEqual(400, resp.status_code, resp.content)
|
||||||
resp = requests.post(
|
|
||||||
url, headers={'Content-MD5': content_md5}, data=body)
|
|
||||||
self.assertEqual(400, resp.status_code)
|
|
||||||
self.assertNotIn(b'xxe', resp.content)
|
self.assertNotIn(b'xxe', resp.content)
|
||||||
self.assertNotIn(b'[swift-hash]', resp.content)
|
self.assertNotIn(b'[swift-hash]', resp.content)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue