Added test for SanitizedFile class.

2015-01-26 13:53:15 +11:00 · 2015-01-26 13:53:15 +11:00 · afef5ea233
commit afef5ea233
parent 37b3f1ff57
2 changed files with 45 additions and 1 deletions
--- a/F-Droid/src/org/fdroid/fdroid/data/SanitizedFile.java
+++ b/F-Droid/src/org/fdroid/fdroid/data/SanitizedFile.java
@ -10,6 +10,6 @@ import java.io.File;
 */
 public class SanitizedFile extends File {
    public SanitizedFile(File parent, String name) {
-        super(parent, name.replaceAll("[^A-Za-z0-9.-_]", ""));
+        super(parent, name.replaceAll("[^A-Za-z0-9-._]", ""));
    }
 }
--- a/F-Droid/test/src/org/fdroid/fdroid/SanitizedFileTest.java
+++ b/F-Droid/test/src/org/fdroid/fdroid/SanitizedFileTest.java
@ -0,0 +1,44 @@
+package org.fdroid.fdroid;
+
+import android.test.AndroidTestCase;
+import org.fdroid.fdroid.data.SanitizedFile;
+
+import java.io.File;
+
+public class SanitizedFileTest extends AndroidTestCase {
+
+    public void testSanitizedFile() {
+
+        File directory = new File("/tmp/blah");
+
+        String safeFile = "safe";
+        String nonEvilFile = "$%^safe-and_bleh.boo*@~";
+        String evilFile = ";rm /etc/shadow;";
+
+        File safeNotSanitized = new File(directory, safeFile);
+        File nonEvilNotSanitized = new File(directory, nonEvilFile);
+        File evilNotSanitized = new File(directory, evilFile);
+
+        assertEquals("/tmp/blah/safe", safeNotSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/$%^safe-and_bleh.boo*@~", nonEvilNotSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/;rm /etc/shadow;", evilNotSanitized.getAbsolutePath());
+
+        assertEquals("safe", safeNotSanitized.getName());
+        assertEquals("$%^safe-and_bleh.boo*@~", nonEvilNotSanitized.getName());
+        assertEquals("shadow;", evilNotSanitized.getName()); // Should be ;rm /etc/shadow; but the forward slashes are naughty.
+
+        SanitizedFile safeSanitized = new SanitizedFile(directory, safeFile);
+        SanitizedFile nonEvilSanitized = new SanitizedFile(directory, nonEvilFile);
+        SanitizedFile evilSanitized = new SanitizedFile(directory, evilFile);
+
+        assertEquals("/tmp/blah/safe", safeSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/safe-and_bleh.boo", nonEvilSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/rmetcshadow", evilSanitized.getAbsolutePath());
+
+        assertEquals("safe", safeSanitized.getName());
+        assertEquals("safe-and_bleh.boo", nonEvilSanitized.getName());
+        assertEquals("rmetcshadow", evilSanitized.getName());
+
+    }
+
+}