File: redirections_spec.rb

package info (click to toggle)
ruby-open-uri-redirections 0.2.1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 120 kB
  • sloc: ruby: 183; makefile: 3
file content (149 lines) | stat: -rw-r--r-- 4,976 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# -*- encoding: utf-8 -*-

require File.join(File.dirname(__FILE__), "/spec_helper")

class << OpenURI
  alias_method :open_uri_original__, :open_uri_original
end

describe "OpenURI" do
  describe "#open" do
    describe "Default settings" do
      it "should disallow HTTP => HTTPS redirections" do
        expect {
          open("http://safe.com")
        }.to raise_error(RuntimeError, "redirection forbidden: http://safe.com -> https://safe.com/")
      end

      it "should disallow HTTPS => HTTP redirections" do
        expect {
          open("https://unsafe.com")
        }.to raise_error(RuntimeError, "redirection forbidden: https://unsafe.com -> http://unsafe.com/")
      end
    end

    describe ":allow_redirections => :safe" do
      it "should allow HTTP => HTTPS redirections" do
        expect {
          open("http://safe.com", :allow_redirections => :safe)
        }.to_not raise_error
      end

      it "should disallow HTTPS => HTTP redirections" do
        expect {
          open("https://unsafe.com", :allow_redirections => :safe)
        }.to raise_error(RuntimeError, "redirection forbidden: https://unsafe.com -> http://unsafe.com/")
      end

      it "should follow safe redirections" do
        expect(
          open("http://safe.com", :allow_redirections => :safe).read
        ).to eq("Hello, this is Safe.")
      end

      it "should follow safe double redirections" do
        expect(
          open("http://safe2.com", :allow_redirections => :safe).read
        ).to eq("Hello, this is Safe.")
      end

      it "should follow safe redirections with block" do
        expect { |b|
          open("http://safe.com", :allow_redirections => :safe, &b)
        }.to yield_control
      end
    end

    describe ":allow_redirections => :all" do
      it "should allow HTTP => HTTPS redirections" do
        expect {
          open("http://safe.com", :allow_redirections => :all)
        }.to_not raise_error
      end

      it "should allow HTTPS => HTTP redirections" do
        expect {
          open("https://unsafe.com", :allow_redirections => :all)
        }.to_not raise_error
      end

      it "should follow safe redirections" do
        expect(
          open("http://safe.com", :allow_redirections => :all).read
        ).to eq("Hello, this is Safe.")
      end

      it "should follow unsafe redirections" do
        expect(
          open("https://unsafe.com", :allow_redirections => :all).read
        ).to eq("Hello, this is Unsafe.")
      end

      it "should follow safe redirections with block" do
        expect { |b|
          open("http://safe.com", :allow_redirections => :all, &b)
        }.to yield_control
      end

      it "should follow unsafe redirections with block" do
        expect { |b|
          open("https://unsafe.com", :allow_redirections => :all, &b)
        }.to yield_control
      end
    end

    describe "passing arguments down the stack" do
      it "should disallow HTTP => HTTPS redirections" do
        expect {
          open("http://safe.com", 'r', 0444, "User-Agent" => "Mozilla/5.0")
        }.to raise_error(RuntimeError, "redirection forbidden: http://safe.com -> https://safe.com/")
      end

      it "should allow HTTP => HTTPS redirections" do
        expect {
          open("http://safe.com", 'r', 0444, "User-Agent" => "Mozilla/5.0", :allow_redirections => :safe)
        }.to_not raise_error
      end

      it "should pass the arguments down the stack" do
        expect(OpenURI).to receive(:open_uri_original).with(an_instance_of(URI::HTTP), "r", 0444, { "User-Agent" => "Mozilla/5.0" })

        open("http://safe.com", 'r', 0444, "User-Agent" => "Mozilla/5.0", :allow_redirections => :safe)
      end
    end

    describe "threads" do
      it "seems to work (could be false positive)" do
        allow(OpenURI).to receive(:open_uri_original) { |*a,&b| sleep rand; OpenURI.open_uri_original__ *a, &b }
        ts = []
        Thread.abort_on_exception = true
        begin
          100.times {
            ts << Thread.new {
              expect {
                open("http://safe.com")
              }.to raise_error(RuntimeError, "redirection forbidden: http://safe.com -> https://safe.com/")
            }
            ts << Thread.new {
              expect {
                open("http://safe.com", :allow_redirections => :safe)
              }.to_not raise_error
            }
            ts << Thread.new {
              expect {
                open("https://unsafe.com")
              }.to raise_error(RuntimeError, "redirection forbidden: https://unsafe.com -> http://unsafe.com/")
            }
            ts << Thread.new {
              expect {
                open("https://unsafe.com", :allow_redirections => :safe)
              }.to raise_error(RuntimeError, "redirection forbidden: https://unsafe.com -> http://unsafe.com/")
            }
          }
        ensure
          ts.each(&:join)
        end
      end
    end
  end
end