File: test_mechanize_file_response.rb

package info (click to toggle)
ruby-mechanize 2.7.6-1%2Bdeb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,480 kB
  • sloc: ruby: 11,380; makefile: 5; sh: 4
file content (41 lines) | stat: -rw-r--r-- 1,203 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
require 'mechanize/test_case'

class TestMechanizeFileResponse < Mechanize::TestCase
  def test_content_type
    Tempfile.open %w[pi .nothtml] do |tempfile|
      res = Mechanize::FileResponse.new tempfile.path
      assert_nil res['content-type']
    end

    Tempfile.open %w[pi .xhtml] do |tempfile|
      res = Mechanize::FileResponse.new tempfile.path
      assert_equal 'text/html', res['content-type']
    end

    Tempfile.open %w[pi .html] do |tempfile|
      res = Mechanize::FileResponse.new tempfile.path
      assert_equal 'text/html', res['Content-Type']
    end
  end

  def test_read_body
    Tempfile.open %w[pi .html] do |tempfile|
      tempfile.write("asdfasdfasdf")
      tempfile.close

      res = Mechanize::FileResponse.new(tempfile.path)
      res.read_body do |input|
        assert_equal("asdfasdfasdf", input)
      end
    end
  end

  def test_read_body_does_not_allow_command_injection
    in_tmpdir do
      FileUtils.touch('| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\'')
      res = Mechanize::FileResponse.new('| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\'')
      res.read_body { |_| }
      refute_operator(File, :exist?, "vul.txt")
    end
  end
end