Mercurial Repository: p/roundup/code: test/rest

comparison test/rest_common.py @ 8268:05d8806b25ad

fix: issue2551387 - TypeError: not indexable. Fix crash due to uninitialized list element on a (Mini)FieldStorage when unexpected input is posted via wsgi. This doesn't happen when running roundup-server. It might happen under other front ends. Moved the code that sets '.list = [] if .list == None' to the main flow. Added an exception hander that logs the value of self.form if self.form.list raises an AttributeError. This exception should never happen if I understand the code correctly (but I probably don't). Fixed a number of test cases that were broken because I was calling Client and passing '[]' rather than a cgi.formStorage object. Added test cases: create a FileStorage (self.form) with .list = None. check AttributeError exception and verify logging. Problem reported and debugged by Christof Meerwald.

author	John Rouillard <rouilj@ieee.org>
date	Sun, 12 Jan 2025 12:34:52 -0500
parents	8c1e0459b73d
children	1ffa1f42e1da

comparison

equal deleted inserted replaced

-:7f0c7966d204
+:05d8806b25ad
 import pytest
 import unittest
 import shutil
 import sys
 import errno
+import logging
 from time import sleep
 from datetime import datetime, timedelta
 from roundup.anypy.cgi_ import cgi
 from roundup.anypy.datetime_ import utcnow
 NEEDS_INSTANCE = 1
 class TestCase():
+@pytest.fixture(autouse=True)
+def inject_fixtures(self, caplog):
+self._caplog = caplog
 backend = None
 url_pfx = 'http://tracker.example/cgi-bin/roundup.cgi/bugs/rest/data/'
 def setUp(self):
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 'HTTP_ORIGIN': 'http://tracker.example'
 }
 self.dummy_client = client.Client(self.instance, MockNull(),
-self.client_env, [], None)
+self.client_env,
+cgi.FieldStorage(), None)
 self.dummy_client.request.headers.get = self.get_header
 self.dummy_client.db = self.db
 self.empty_form = cgi.FieldStorage()
 # under python2 invoking:
 self.server.client.additional_headers['X-Content-Type-Options'])
 else:
 self.assertNotIn("X-Content-Type-Options",
 self.server.client.additional_headers)
+def testBadFormAttributeErrorException(self):
+env = {
+'PATH_INFO': 'rest/data/user',
+'HTTP_HOST': 'localhost',
+'TRACKER_NAME': 'rounduptest',
+"REQUEST_METHOD": "GET"
+}
+with self._caplog.at_level(logging.ERROR, logger="roundup"):
+with self.assertRaises(AttributeError) as exc:
+self.dummy_client = client.Client(
+self.instance, MockNull(), env, [], None)
+self.assertEqual(exc.exception.args[0],
+"'list' object has no attribute 'list'")
+# log should look like (with string not broken into parts):
+#    [('roundup', 40,
+#       'Invalid self.form found (please report to the '
+#       'roundup-users mailing list): []')]
+log = self._caplog.record_tuples[:]
+self.assertIn("Invalid self.form found", log[0][2])
 def testDispatchBadAccept(self):
 # simulate: /rest/data/issue expect failure unknown accept settings
 body=b'{ "title": "Joe Doe has problems", \
 "nosy": [ "1", "3" ], \
 "assignedto": "2", \
 'PATH_INFO': 'rest/data/user',
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 cgi.MiniFieldStorage('@verbose', '0'),
 ]
-self.dummy_client.form = cgi.FieldStorage()
 self.dummy_client.form.list = [
 cgi.MiniFieldStorage('@fields', 'username,address'),
 ]
 # accumulate json output for further analysis
 self.dummy_client.write = wh
 self.db.config['WEB_JWT_SECRET'] = "%s,  %s, " % (
 self.new_secret, self.old_secret
 )
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [
 'HTTP_HOST': 'localhost',
 'TRACKER_NAME': 'rounduptest',
 "REQUEST_METHOD": "GET"
 }
 self.dummy_client = client.Client(self.instance, MockNull(), env,
-[], None)
+cgi.FieldStorage(), None)
 self.dummy_client.db = self.db
 self.dummy_client.request.headers.get = self.get_header
 self.empty_form = cgi.FieldStorage()
 self.terse_form = cgi.FieldStorage()
 self.terse_form.list = [

Mercurial > p > roundup > code

comparison test/rest_common.py @ 8268:05d8806b25ad