MCPcopy
hub / github.com/django/django / test_filename_overflow

Method test_filename_overflow

tests/file_uploads/tests.py:419–462  ·  view source on GitHub ↗

File names over 256 characters (dangerous on some platforms) get fixed up.

(self)

Source from the content-addressed store, hash-verified

417 self.assertEqual(got, "hax0rd.txt")
418
419 def test_filename_overflow(self):
420 """
421 File names over 256 characters (dangerous on some platforms) get fixed
422 up.
423 """
424 long_str = "f" * 300
425 cases = [
426 # field name, filename, expected
427 ("long_filename", "%s.txt" % long_str, "%s.txt" % long_str[:251]),
428 ("long_extension", "foo.%s" % long_str, ".%s" % long_str[:254]),
429 ("no_extension", long_str, long_str[:255]),
430 ("no_filename", ".%s" % long_str, ".%s" % long_str[:254]),
431 ("long_everything", "%s.%s" % (long_str, long_str), ".%s" % long_str[:254]),
432 ]
433 payload = client.FakePayload()
434 for name, filename, _ in cases:
435 payload.write(
436 "\r\n".join(
437 [
438 "--" + client.BOUNDARY,
439 'Content-Disposition: form-data; name="{}"; filename="{}"',
440 "Content-Type: application/octet-stream",
441 "",
442 "Oops.",
443 "",
444 ]
445 ).format(name, filename)
446 )
447 payload.write("\r\n--" + client.BOUNDARY + "--\r\n")
448 r = {
449 "CONTENT_LENGTH": len(payload),
450 "CONTENT_TYPE": client.MULTIPART_CONTENT,
451 "PATH_INFO": "/echo/",
452 "REQUEST_METHOD": "POST",
453 "wsgi.input": payload,
454 }
455 response = self.client.request(**r)
456 result = response.json()
457 for name, _, expected in cases:
458 got = result[name]
459 self.assertEqual(expected, got, "Mismatch for {}".format(name))
460 self.assertLess(
461 len(got), 256, "Got a long file name (%s characters)." % len(got)
462 )
463
464 def test_file_content(self):
465 file = tempfile.NamedTemporaryFile

Callers

nothing calls this directly

Calls 5

writeMethod · 0.95
formatMethod · 0.45
joinMethod · 0.45
requestMethod · 0.45
jsonMethod · 0.45

Tested by

no test coverage detected