From afef5ea233af9b54db94798f39a4b2aef7b3b764 Mon Sep 17 00:00:00 2001
From: Peter Serwylo <peter@serwylo.com>
Date: Mon, 26 Jan 2015 13:53:15 +1100
Subject: [PATCH] Added test for SanitizedFile class.

---
 .../org/fdroid/fdroid/data/SanitizedFile.java |  2 +-
 .../org/fdroid/fdroid/SanitizedFileTest.java  | 44 +++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/F-Droid/src/org/fdroid/fdroid/data/SanitizedFile.java b/F-Droid/src/org/fdroid/fdroid/data/SanitizedFile.java
index 8e60837e6..4a3ed7651 100644
--- a/F-Droid/src/org/fdroid/fdroid/data/SanitizedFile.java
+++ b/F-Droid/src/org/fdroid/fdroid/data/SanitizedFile.java
@@ -10,6 +10,6 @@ import java.io.File;
  */
 public class SanitizedFile extends File {
     public SanitizedFile(File parent, String name) {
-        super(parent, name.replaceAll("[^A-Za-z0-9.-_]", ""));
+        super(parent, name.replaceAll("[^A-Za-z0-9-._]", ""));
     }
 }
diff --git a/F-Droid/test/src/org/fdroid/fdroid/SanitizedFileTest.java b/F-Droid/test/src/org/fdroid/fdroid/SanitizedFileTest.java
index e69de29bb..6cde747fc 100644
--- a/F-Droid/test/src/org/fdroid/fdroid/SanitizedFileTest.java
+++ b/F-Droid/test/src/org/fdroid/fdroid/SanitizedFileTest.java
@@ -0,0 +1,44 @@
+package org.fdroid.fdroid;
+
+import android.test.AndroidTestCase;
+import org.fdroid.fdroid.data.SanitizedFile;
+
+import java.io.File;
+
+public class SanitizedFileTest extends AndroidTestCase {
+
+    public void testSanitizedFile() {
+
+        File directory = new File("/tmp/blah");
+
+        String safeFile = "safe";
+        String nonEvilFile = "$%^safe-and_bleh.boo*@~";
+        String evilFile = ";rm /etc/shadow;";
+
+        File safeNotSanitized = new File(directory, safeFile);
+        File nonEvilNotSanitized = new File(directory, nonEvilFile);
+        File evilNotSanitized = new File(directory, evilFile);
+
+        assertEquals("/tmp/blah/safe", safeNotSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/$%^safe-and_bleh.boo*@~", nonEvilNotSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/;rm /etc/shadow;", evilNotSanitized.getAbsolutePath());
+
+        assertEquals("safe", safeNotSanitized.getName());
+        assertEquals("$%^safe-and_bleh.boo*@~", nonEvilNotSanitized.getName());
+        assertEquals("shadow;", evilNotSanitized.getName()); // Should be ;rm /etc/shadow; but the forward slashes are naughty.
+
+        SanitizedFile safeSanitized = new SanitizedFile(directory, safeFile);
+        SanitizedFile nonEvilSanitized = new SanitizedFile(directory, nonEvilFile);
+        SanitizedFile evilSanitized = new SanitizedFile(directory, evilFile);
+
+        assertEquals("/tmp/blah/safe", safeSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/safe-and_bleh.boo", nonEvilSanitized.getAbsolutePath());
+        assertEquals("/tmp/blah/rmetcshadow", evilSanitized.getAbsolutePath());
+
+        assertEquals("safe", safeSanitized.getName());
+        assertEquals("safe-and_bleh.boo", nonEvilSanitized.getName());
+        assertEquals("rmetcshadow", evilSanitized.getName());
+
+    }
+
+}