RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/python/cpython/commit/923ba361d8f757f0656cfd216525aca4848e02aa below:

Fix CGIHTTPServer information disclosure. Relative pa… · python/cpython@923ba36 · GitHub

7 7


 from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer

8 8


 from SimpleHTTPServer import SimpleHTTPRequestHandler

9 9


 from CGIHTTPServer import CGIHTTPRequestHandler

10

+
 import CGIHTTPServer

10 11 11 12


 import os

12 13


 import sys


 @@ -315,6 +316,45 @@ def tearDown(self):

315 316


 finally:

316 317


 BaseTestCase.tearDown(self)

317 318 319

+
 def test_url_collapse_path_split(self):

320

+
 test_vectors = {

321

+
 '': ('/', ''),

322

+
 '..': IndexError,

323

+
 '/.//..': IndexError,

324

+
 '/': ('/', ''),

325

+
 '//': ('/', ''),

326

+
 '/\\': ('/', '\\'),

327

+
 '/.//': ('/', ''),

328

+
 'cgi-bin/file1.py': ('/cgi-bin', 'file1.py'),

329

+
 '/cgi-bin/file1.py': ('/cgi-bin', 'file1.py'),

330

+
 'a': ('/', 'a'),

331

+
 '/a': ('/', 'a'),

332

+
 '//a': ('/', 'a'),

333

+
 './a': ('/', 'a'),

334

+
 './C:/': ('/C:', ''),

335

+
 '/a/b': ('/a', 'b'),

336

+
 '/a/b/': ('/a/b', ''),

337

+
 '/a/b/c/..': ('/a/b', ''),

338

+
 '/a/b/c/../d': ('/a/b', 'd'),

339

+
 '/a/b/c/../d/e/../f': ('/a/b/d', 'f'),

340

+
 '/a/b/c/../d/e/../../f': ('/a/b', 'f'),

341

+
 '/a/b/c/../d/e/.././././..//f': ('/a/b', 'f'),

342

+
 '../a/b/c/../d/e/.././././..//f': IndexError,

343

+
 '/a/b/c/../d/e/../../../f': ('/a', 'f'),

344

+
 '/a/b/c/../d/e/../../../../f': ('/', 'f'),

345

+
 '/a/b/c/../d/e/../../../../../f': IndexError,

346

+
 '/a/b/c/../d/e/../../../../f/..': ('/', ''),

347

+
 }

348

+
 for path, expected in test_vectors.iteritems():

349

+
 if isinstance(expected, type) and issubclass(expected, Exception):

350

+
 self.assertRaises(expected,

351

+
 CGIHTTPServer._url_collapse_path_split, path)

352

+
 else:

353

+
 actual = CGIHTTPServer._url_collapse_path_split(path)

354

+
 self.assertEquals(expected, actual,

355

+
 msg='path = %r\nGot: %r\nWanted: %r' % (

356

+
 path, actual, expected))

357 + 318 358


 def test_headers_and_content(self):

319 359


 res = self.request('/cgi-bin/file1.py')

320 360


 self.assertEquals(('Hello World\n', 'text/html', 200), \


 @@ -339,6 +379,12 @@ def test_authorization(self):

339 379


 self.assertEquals(('Hello World\n', 'text/html', 200), \

340 380


 (res.read(), res.getheader('Content-type'), res.status))

341 381 382

+
 def test_no_leading_slash(self):

383

+
 # http://bugs.python.org/issue2254

384

+
 res = self.request('cgi-bin/file1.py')

385

+
 self.assertEquals(('Hello World\n', 'text/html', 200),

386

+
 (res.read(), res.getheader('Content-type'), res.status))

387 + 342 388 343 389


 def test_main(verbose=None):

344 390


 try:

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4