diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 03:06:57 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 03:06:57 +0000 |
commit | a3eed2c248067f0319cb72bcc8b5e2c7054ea6dc (patch) | |
tree | fd79d650c7ffee81608955be5f4fd8edd791834e /testenv/Test-metalink-xml-relpath-trust.py | |
parent | Initial commit. (diff) | |
download | wget-a3eed2c248067f0319cb72bcc8b5e2c7054ea6dc.tar.xz wget-a3eed2c248067f0319cb72bcc8b5e2c7054ea6dc.zip |
Adding upstream version 1.20.1.upstream/1.20.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-x | testenv/Test-metalink-xml-relpath-trust.py | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/testenv/Test-metalink-xml-relpath-trust.py b/testenv/Test-metalink-xml-relpath-trust.py new file mode 100755 index 0000000..d2b4fc0 --- /dev/null +++ b/testenv/Test-metalink-xml-relpath-trust.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python3 + +from sys import exit +from misc.metalinkv3_xml import Metalinkv3_XML + +""" + This is to test if Metalink/XML forbids relative paths. + + With --trust-server-names, trust the metalink:file names. + + Without --trust-server-names, don't trust the metalink:file names: + use the basename of --input-metalink, and add a sequential number + (e.g. .#1, .#2, etc.). + + Strip the directory from unsafe paths. +""" + +############# File Definitions ############################################### +wrong_file = "Ouch!" + +File1 = "Would you like some Tea?" +File1_lowPref = "Do not take this" + +File2 = "This is gonna be good" +File2_lowPref = "Not this one too" + +File3 = "A little more, please" +File3_lowPref = "That's just too much" + +File4 = "Maybe a biscuit?" +File4_lowPref = "No, thanks" + +File5 = "More Tea...?" +File5_lowPref = "I have to go..." + +############# Metalink/XML ################################################### +Meta = Metalinkv3_XML() + +# file_name: metalink:file "name" field +# save_name: metalink:file save name, if None the file is rejected +# content : metalink:file content +# +# size: +# True auto-compute size +# None no <size></size> +# any use this size +# +# hash_sha256: +# False no <verification></verification> +# True auto-compute sha256 +# None no <hash></hash> +# any use this hash +# +# srv_file : metalink:url server file +# srv_content: metalink:url server file content, if None the file doesn't exist +# utype : metalink:url type +# location : metalink:url location (default 'no location field') +# preference : metalink:url preference (default 999999) + +XmlName = "test.metalink" + +Meta.xml ( + # Metalink/XML file name + XmlName, + # file_name, save_name, content, size, hash_sha256 + ["./File1", None, File1, None, True, + # srv_file, srv_content, utype, location, preference + ["wrong_file", wrong_file, "http", None, 35], + ["404", None, "http", None, 40], + ["File1_lowPref", File1_lowPref, "http", None, 25], + ["File1", File1, "http", None, 30]], + ["../File2", None, File2, None, True, + ["wrong_file", wrong_file, "http", None, 35], + ["404", None, "http", None, 40], + ["File2_lowPref", File2_lowPref, "http", None, 25], + ["File2", File2, "http", None, 30]], + ["dir/./File3", None, File3, None, True, + ["wrong_file", wrong_file, "http", None, 35], + ["404", None, "http", None, 40], + ["File3_lowPref", File3_lowPref, "http", None, 25], + ["File3", File3, "http", None, 30]], + ["dir/../File4", None, File4, None, True, + ["wrong_file", wrong_file, "http", None, 35], + ["404", None, "http", None, 40], + ["File4_lowPref", File4_lowPref, "http", None, 25], + ["File4", File4, "http", None, 30]], + ["File5", "File5", File5, None, True, + ["wrong_file", wrong_file, "http", None, 35], + ["404", None, "http", None, 40], + ["File5_lowPref", File5_lowPref, "http", None, 25], + ["File5", File5, "http", None, 30]], +) + +Meta.print_meta () + +err = Meta.http_test ( + "--trust-server-names " + \ + "--input-metalink " + XmlName, 0 +) + +exit (err) |