>From 9f1492729e3771405b13b9375be45e76fdffad62 Mon Sep 17 00:00:00 2001
From: Matthew White
Date: Sat, 27 Aug 2016 16:16:35 +0200
Subject: [PATCH 17/25] New test: Metalink shall not concatenate '/' to an
empty directory prefix
* testenv/Makefile.am: Add new file
* testenv/Test-metalink-xml-emptyprefix-trust.py: New file.
Metalink/XML empty directory prefix (--directory-prefix '') tests
Detect a '/' character wrongfully concatenated to an empty directory
prefix '' (not NULL), resulting in an absolute path as '/dir/file',
instead than 'dir/file'.
---
testenv/Makefile.am | 1 +
testenv/Test-metalink-xml-emptyprefix-trust.py | 194 +++++++++++++++++++++++++
2 files changed, 195 insertions(+)
create mode 100755 testenv/Test-metalink-xml-emptyprefix-trust.py
diff --git a/testenv/Makefile.am b/testenv/Makefile.am
index 8272734..b169594 100644
--- a/testenv/Makefile.am
+++ b/testenv/Makefile.am
@@ -45,6 +45,7 @@ if METALINK_IS_ENABLED
Test-metalink-xml-relprefix-trust.py \
Test-metalink-xml-absprefix-trust.py \
Test-metalink-xml-homeprefix-trust.py \
+ Test-metalink-xml-emptyprefix-trust.py \
Test-metalink-xml-continue.py \
Test-metalink-xml-size.py \
Test-metalink-xml-nourls.py \
diff --git a/testenv/Test-metalink-xml-emptyprefix-trust.py b/testenv/Test-metalink-xml-emptyprefix-trust.py
new file mode 100755
index 0000000..59c967c
--- /dev/null
+++ b/testenv/Test-metalink-xml-emptyprefix-trust.py
@@ -0,0 +1,194 @@
+#!/usr/bin/env python3
+from sys import exit
+from test.http_test import HTTPTest
+from misc.wget_file import WgetFile
+import re
+import hashlib
+
+"""
+ This is to test Metalink/XML with an empty directory prefix.
+
+ With --trust-server-names, trust the metalink:file names.
+
+ Without --trust-server-names, don't trust the metalink:file names:
+ use the basename of --input-metalink, and add a sequential number
+ (e.g. .#1, .#2, etc.).
+
+ Strip the directory from unsafe paths.
+"""
+############# File Definitions ###############################################
+bad = "Ouch!"
+
+File1 = "Would you like some Tea?"
+File1_lowPref = "Do not take this"
+File1_sha256 = hashlib.sha256 (File1.encode ('UTF-8')).hexdigest ()
+
+File2 = "This is gonna be good"
+File2_lowPref = "Not this one too"
+File2_sha256 = hashlib.sha256 (File2.encode ('UTF-8')).hexdigest ()
+
+File3 = "A little more, please"
+File3_lowPref = "That's just too much"
+File3_sha256 = hashlib.sha256 (File3.encode ('UTF-8')).hexdigest ()
+
+File4 = "Maybe a biscuit?"
+File4_lowPref = "No, thanks"
+File4_sha256 = hashlib.sha256 (File4.encode ('UTF-8')).hexdigest ()
+
+File5 = "More Tea...?"
+File5_lowPref = "I have to go..."
+File5_sha256 = hashlib.sha256 (File5.encode ('UTF-8')).hexdigest ()
+
+MetaXml = \
+"""
+
+
+ GNU Wget
+
+
+ GNU GPL
+ http://www.gnu.org/licenses/gpl.html
+
+ Wget Test Files
+ 1.2.3
+ Wget Test Files description
+
+
+
+ {{FILE1_HASH}}
+
+
+ http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file
+ http://{{SRV_HOST}}:{{SRV_PORT}}/404
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File1_lowPref
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File1
+
+
+
+
+ {{FILE2_HASH}}
+
+
+ http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file
+ http://{{SRV_HOST}}:{{SRV_PORT}}/404
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File2_lowPref
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File2
+
+
+
+
+ {{FILE3_HASH}}
+
+
+ http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file
+ http://{{SRV_HOST}}:{{SRV_PORT}}/404
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File3_lowPref
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File3
+
+
+
+
+ {{FILE4_HASH}}
+
+
+ http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file
+ http://{{SRV_HOST}}:{{SRV_PORT}}/404
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File4_lowPref
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File4
+
+
+
+
+ {{FILE5_HASH}}
+
+
+ http://{{SRV_HOST}}:{{SRV_PORT}}/wrong_file
+ http://{{SRV_HOST}}:{{SRV_PORT}}/404
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File5_lowPref
+ http://{{SRV_HOST}}:{{SRV_PORT}}/File5
+
+
+
+
+"""
+
+wrong_file = WgetFile ("wrong_file", bad)
+
+File1_orig = WgetFile ("File1", File1)
+File1_down = WgetFile ("subdir/File1", File1)
+File1_nono = WgetFile ("File1_lowPref", File1_lowPref)
+
+# rejected by libmetalink
+File2_orig = WgetFile ("File2", File2)
+File2_nono = WgetFile ("File2_lowPref", File2_lowPref)
+
+# rejected by libmetalink
+File3_orig = WgetFile ("File3", File3)
+File3_nono = WgetFile ("File3_lowPref", File3_lowPref)
+
+# rejected by libmetalink
+File4_orig = WgetFile ("File4", File4)
+File4_nono = WgetFile ("File4_lowPref", File4_lowPref)
+
+File5_orig = WgetFile ("File5", File5)
+File5_down = WgetFile ("subdir/File5", File5)
+File5_nono = WgetFile ("File5_lowPref", File5_lowPref)
+
+MetaFile = WgetFile ("test.meta4", MetaXml)
+
+WGET_OPTIONS = "--trust-server-names --directory-prefix '' --input-metalink test.meta4"
+WGET_URLS = [[]]
+
+Files = [[
+ wrong_file,
+ File1_orig, File1_nono,
+ File2_orig, File2_nono,
+ File3_orig, File3_nono,
+ File4_orig, File4_nono,
+ File5_orig, File5_nono
+]]
+Existing_Files = [MetaFile]
+
+ExpectedReturnCode = 0
+ExpectedDownloadedFiles = [
+ File1_down,
+ File5_down,
+ MetaFile
+]
+
+################ Pre and Post Test Hooks #####################################
+pre_test = {
+ "ServerFiles" : Files,
+ "LocalFiles" : Existing_Files
+}
+test_options = {
+ "WgetCommands" : WGET_OPTIONS,
+ "Urls" : WGET_URLS
+}
+post_test = {
+ "ExpectedFiles" : ExpectedDownloadedFiles,
+ "ExpectedRetcode" : ExpectedReturnCode
+}
+
+http_test = HTTPTest (
+ pre_hook=pre_test,
+ test_params=test_options,
+ post_hook=post_test,
+)
+
+http_test.server_setup()
+### Get and use dynamic server sockname
+srv_host, srv_port = http_test.servers[0].server_inst.socket.getsockname ()
+
+MetaXml = re.sub (r'{{FILE1_HASH}}', File1_sha256, MetaXml)
+MetaXml = re.sub (r'{{FILE2_HASH}}', File2_sha256, MetaXml)
+MetaXml = re.sub (r'{{FILE3_HASH}}', File3_sha256, MetaXml)
+MetaXml = re.sub (r'{{FILE4_HASH}}', File4_sha256, MetaXml)
+MetaXml = re.sub (r'{{FILE5_HASH}}', File5_sha256, MetaXml)
+MetaXml = re.sub (r'{{SRV_HOST}}', srv_host, MetaXml)
+MetaXml = re.sub (r'{{SRV_PORT}}', str (srv_port), MetaXml)
+MetaFile.content = MetaXml
+
+err = http_test.begin ()
+
+exit (err)
--
2.7.3