1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# Copyright 1999-2009 by Jeffrey Chang and Michiel de Hoon.
# All rights reserved.
# This code is part of the Biopython distribution and governed by its
# license. Please see the LICENSE file that should have been included
# as part of this package.
import unittest
from Bio.Blast import NCBIStandalone
class TestNCBIStandalone(unittest.TestCase):
def test_command_injection(self):
#Check the simple detection of command injection,
for func in [NCBIStandalone.blastall,
NCBIStandalone.blastpgp,
NCBIStandalone.rpsblast]:
try:
handle = func("/somewhere/blast", "blastz", "nr",
"/tmp/example.fasta",
expectation=10**-4,
matrix="IDENTITY -F 0; cat /etc/passwd'")
except ValueError, e:
self.assertEqual(str(e), "Rejecting suspicious argument for matrix")
#Good
else:
self.fail("Attempted command injection not caught!")
def test_pipe_redirection(self):
#Now check something similar using pipe redirection
for func in [NCBIStandalone.blastall,
NCBIStandalone.blastpgp,
NCBIStandalone.rpsblast]:
try:
handle = func("/somewhere/blast", "blastz", "nr",
"/tmp/example.fasta",
nprocessors=4,
expectation="0.001",
filter= "F > /etc/passwd'")
except ValueError, e:
self.assertEqual(str(e), "Rejecting suspicious argument for filter")
#Good
else:
self.fail("Attempted output redirection not caught!")
if __name__ == "__main__":
runner = unittest.TextTestRunner(verbosity = 2)
unittest.main(testRunner=runner)
|
