From f1c110be5ea58230da6974fa3ea6a1d523df1def Mon Sep 17 00:00:00 2001 From: Tim Burke Date: Thu, 27 May 2021 12:22:53 -0700 Subject: [PATCH] Quote paths before sending them to swob.Request.blank Following the fix for https://bugs.python.org/issue43882, our py39 unit tests started failing. This was because swob.Request.blank calls stdlib's urlparse, which now strips out newlines. Since Request.blank *also* always unquotes, just make sure we always quote the newlines we want to use while testing. Change-Id: Ia5857c70e51d8af3e42ecaced95525be578db127 (cherry picked from commit 2b5853f4196e4e3725d1ab55ae7528c41b180a58) --- test/unit/common/middleware/test_tempurl.py | 3 ++- test/unit/common/test_swob.py | 12 +++--------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/test/unit/common/middleware/test_tempurl.py b/test/unit/common/middleware/test_tempurl.py index fe468cec72..0ec82615ca 100644 --- a/test/unit/common/middleware/test_tempurl.py +++ b/test/unit/common/middleware/test_tempurl.py @@ -35,6 +35,7 @@ import mock import unittest import hashlib import six +from six.moves.urllib.parse import quote from time import time, strftime, gmtime from swift.common.middleware import tempauth, tempurl @@ -350,7 +351,7 @@ class TestTempURL(unittest.TestCase): key = b'abc' hmac_body = ('%s\n%i\n%s' % (method, expires, path)).encode('utf-8') sig = hmac.new(key, hmac_body, hashlib.sha1).hexdigest() - req = self._make_request(path, keys=[key], environ={ + req = self._make_request(quote(path), keys=[key], environ={ 'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % ( sig, expires)}) self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')])) diff --git a/test/unit/common/test_swob.py b/test/unit/common/test_swob.py index ccbe6d2f99..2a8ed09c73 100644 --- a/test/unit/common/test_swob.py +++ b/test/unit/common/test_swob.py @@ -789,14 +789,8 @@ class TestRequest(unittest.TestCase): hacker = 'account-name\n\nfoo
' # url injection test quoted_hacker = quote(hacker) - req = swob.Request.blank('/v1/' + hacker) - resp = req.get_response(test_app) - self.assertEqual(resp.status_int, 401) - self.assertTrue('Www-Authenticate' in resp.headers) - self.assertEqual('Swift realm="%s"' % quoted_hacker, - resp.headers['Www-Authenticate']) - req = swob.Request.blank('/v1/' + quoted_hacker) + self.assertIn(hacker, req.environ['PATH_INFO']) # sanity check resp = req.get_response(test_app) self.assertEqual(resp.status_int, 401) self.assertTrue('Www-Authenticate' in resp.headers) @@ -974,11 +968,11 @@ class TestRequest(unittest.TestCase): self.assertEqual(_test_split_path('/a/c/', 2), ['a', 'c']) self.assertEqual(_test_split_path('/a/c/', 2, 3), ['a', 'c', '']) try: - _test_split_path('o\nn e', 2) + _test_split_path('o%0an e', 2) except ValueError as err: self.assertEqual(str(err), 'Invalid path: o%0An%20e') try: - _test_split_path('o\nn e', 2, 3, True) + _test_split_path('o%0an e', 2, 3, True) except ValueError as err: self.assertEqual(str(err), 'Invalid path: o%0An%20e')