diff options
| author | Carlton Gibson <carlton.gibson@noumenal.es> | 2021-05-04 14:44:19 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-05-06 07:04:52 +0200 |
| commit | a708f39ce67af174df90c5b5e50ad1976cec7cb8 (patch) | |
| tree | 4086dca152451617ecd1916e9b92d44f9510b857 /tests/file_storage | |
| parent | a0a5e0f4c83acdfc6eab69754e245354689c7185 (diff) | |
| download | django-a708f39ce67af174df90c5b5e50ad1976cec7cb8.tar.gz | |
Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.
The validate_file_name() sanitation introduced in
0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path
components for storages that may allow them.
Test is skipped pending a discussed storage refactoring to support this
use-case.
Diffstat (limited to 'tests/file_storage')
| -rw-r--r-- | tests/file_storage/test_generate_filename.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/file_storage/test_generate_filename.py b/tests/file_storage/test_generate_filename.py index 9f54f6921e..4746a53f69 100644 --- a/tests/file_storage/test_generate_filename.py +++ b/tests/file_storage/test_generate_filename.py @@ -1,4 +1,6 @@ import os +import sys +from unittest import skipIf from django.core.exceptions import SuspiciousFileOperation from django.core.files.base import ContentFile @@ -93,6 +95,7 @@ class GenerateFilenameStorageTests(SimpleTestCase): os.path.normpath('some/folder/test_with_space.txt') ) + @skipIf(sys.platform == 'win32', 'Path components in filename are not supported after 0b79eb3.') def test_filefield_awss3_storage(self): """ Simulate a FileField with an S3 storage which uses keys rather than |