← Back to branch summary

~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

« back to all changes in this revision

Viewing changes to tests/regressiontests/urlpatterns_reverse/tests.py

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-04-19 09:12:33 UTC
  • Revision ID: package-import@ubuntu.com-20140419091233-h8h9ki5cxlf1zrqs
Tags: 1.4.1-2ubuntu0.5
https://launchpad.net/bugs/1309779
https://launchpad.net/bugs/1309782
https://launchpad.net/bugs/1309784
* SECURITY UPDATE: unexpected code execution using reverse()
  (LP: #1309779)
  - debian/patches/CVE-2014-0472.patch: added filtering to
    django/core/urlresolvers.py, added tests to
    tests/regressiontests/urlpatterns_reverse/nonimported_module.py,
    tests/regressiontests/urlpatterns_reverse/tests.py,
    tests/regressiontests/urlpatterns_reverse/urls.py,
    tests/regressiontests/urlpatterns_reverse/views.py.
  - CVE-2014-0472
* SECURITY UPDATE: caching of anonymous pages could reveal CSRF token
  (LP: #1309782)
  - debian/patches/CVE-2014-0473.patch: don't cache responses with a
    cookie in django/middleware/cache.py, added tests to
    tests/regressiontests/cache/tests.py.
  - CVE-2014-0473
* SECURITY UPDATE: MySQL typecasting issue (LP: #1309784)
  - debian/patches/CVE-2014-0474.patch: convert arguments to correct
    type in django/db/models/fields/__init__.py, updated docs in
    docs/howto/custom-model-fields.txt, docs/ref/databases.txt,
    docs/ref/models/querysets.txt, docs/topics/db/sql.txt, added tests to
    tests/regressiontests/model_fields/tests.py.
  - CVE-2014-0474
* debian/patches/fix_test_ftbfs.patch: fix ftbfs with upstream commit.

Show diffs side-by-side

added added

removed removed

Lines of Context:
tests/regressiontests/urlpatterns_reverse/tests.py
 
1
# -*- coding: utf-8 -*-
1
2
"""
2
3
Unit tests for reverse URL lookups.
3
4
"""
4
5
from __future__ import absolute_import
5
6
 
 
7
import sys
 
8
 
6
9
from django.conf import settings
7
10
from django.core.exceptions import ImproperlyConfigured, ViewDoesNotExist
8
11
from django.core.urlresolvers import (reverse, resolve, NoReverseMatch,
267
270
        self.assertEqual(res['Location'], '/foo/')
268
271
        res = redirect('http://example.com/')
269
272
        self.assertEqual(res['Location'], 'http://example.com/')
 
273
        # Assert that we can redirect using UTF-8 strings
 
274
        res = redirect('/æøå/abc/')
 
275
        self.assertEqual(res['Location'], '/%C3%A6%C3%B8%C3%A5/abc/')
 
276
        # Assert that no imports are attempted when dealing with a relative path
 
277
        # (previously, the below would resolve in a UnicodeEncodeError from __import__ )
 
278
        res = redirect('/æøå.abc/')
 
279
        self.assertEqual(res['Location'], '/%C3%A6%C3%B8%C3%A5.abc/')
 
280
        res = redirect('os.path')
 
281
        self.assertEqual(res['Location'], 'os.path')
 
282
 
 
283
    def test_no_illegal_imports(self):
 
284
        # modules that are not listed in urlpatterns should not be importable
 
285
        redirect("urlpatterns_reverse.nonimported_module.view")
 
286
        self.assertNotIn("urlpatterns_reverse.nonimported_module", sys.modules)
 
287
 
 
288
    def test_reverse_by_path_nested(self):
 
289
        # Views that are added to urlpatterns using include() should be
 
290
        # reversable by doted path.
 
291
        self.assertEqual(reverse('regressiontests.urlpatterns_reverse.views.nested_view'), '/includes/nested_path/')
270
292
 
271
293
    def test_redirect_view_object(self):
272
294
        from .views import absolute_kwargs_view
510
532
        self.assertRaises(ViewDoesNotExist, self.client.get, '/missing_inner/')
511
533
        self.assertRaises(ViewDoesNotExist, self.client.get, '/missing_outer/')
512
534
        self.assertRaises(ViewDoesNotExist, self.client.get, '/uncallable/')
513