Malicious uploads test with fake but not really image files working! :)

2011-08-14 09:12:43 -05:00 · 2011-08-14 09:12:43 -05:00 · 68f3ffbe82
commit 68f3ffbe82
parent 01c75c7eba
1 changed files with 36 additions and 23 deletions
--- a/mediagoblin/tests/test_submission.py
+++ b/mediagoblin/tests/test_submission.py
@ -156,7 +156,7 @@ class TestSubmission:
        util.clear_test_template_context()
        response = self.test_app.post(
            '/submit/', {
-                'title': 'Malicious Upload 2'
+                'title': 'Malicious Upload 1'
                }, upload_files=[(
                    'file', EVIL_FILE)])
@ -164,33 +164,46 @@ class TestSubmission:
        form = context['submit_form']
        assert form.file.errors == ['The file doesn\'t seem to be an image!']
-        # NOTE: The following 2 tests will fail. These can be uncommented
+        # NOTE: The following 2 tests will ultimately fail, but they
-        #       after http://bugs.foocorp.net/issues/324 is resolved and
+        #   *will* pass the initial form submission step.  Instead,
-        #       bad files are handled properly.
+        #   they'll be caught as failures during the processing step.
        # Test non-supported file with .jpg extension
        # -------------------------------------------
-        #util.clear_test_template_context()
+        util.clear_test_template_context()
-        #response = self.test_app.post(
+        response = self.test_app.post(
-        #    '/submit/', {
+           '/submit/', {
-        #        'title': 'Malicious Upload 2'
+               'title': 'Malicious Upload 2'
-        #        }, upload_files=[(
+               }, upload_files=[(
-        #            'file', EVIL_JPG)])
+                   'file', EVIL_JPG)])
        response.follow()
        assert_equal(
            urlparse.urlsplit(response.location)[2],
            '/u/chris/')
-        #context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
+        entry = mg_globals.database.MediaEntry.find_one(
-        #form = context['submit_form']
+            {'title': 'Malicious Upload 2'})
-        #assert form.file.errors == ['The file doesn\'t seem to be an image!']
+        assert_equal(entry['state'], 'failed')
        assert_equal(
            entry['fail_error'],
            u'mediagoblin.process_media.errors:BadMediaFail')
        # Test non-supported file with .png extension
        # -------------------------------------------
-        #util.clear_test_template_context()
+        util.clear_test_template_context()
-        #response = self.test_app.post(
+        response = self.test_app.post(
-        #    '/submit/', {
+           '/submit/', {
-        #        'title': 'Malicious Upload 3'
+               'title': 'Malicious Upload 3'
-        #        }, upload_files=[(
+               }, upload_files=[(
-        #            'file', EVIL_PNG)])
+                   'file', EVIL_PNG)])
-
+        response.follow()
-        #context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/submit/start.html']
+        assert_equal(
-        #form = context['submit_form']
+            urlparse.urlsplit(response.location)[2],
-        #assert form.file.errors == ['The file doesn\'t seem to be an image!']
+            '/u/chris/')
        entry = mg_globals.database.MediaEntry.find_one(
            {'title': 'Malicious Upload 3'})
        assert_equal(entry['state'], 'failed')
        assert_equal(
            entry['fail_error'],
            u'mediagoblin.process_media.errors:BadMediaFail')