Skip to content

gh-103186: assert in tests that UnsafeMailcapInput warnings are provided #103217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 6, 2023
Merged

gh-103186: assert in tests that UnsafeMailcapInput warnings are provided #103217

merged 9 commits into from
Apr 6, 2023

Conversation

TabLand
Copy link
Contributor

@TabLand TabLand commented Apr 3, 2023
edited by bedevere-bot
Loading

These warnings are expected as the function result being asserted is None

@TabLand TabLand requested a review from a team as a code owner April 3, 2023 17:35
@bedevere-bot bedevere-bot mentioned this pull request Apr 3, 2023
Closed
@bedevere-bot bedevere-bot added the tests Tests in the Lib/test dir label Apr 3, 2023
@bedevere-bot

This comment was marked as outdated.

Sign in to view
iritkatriel
iritkatriel reviewed Apr 5, 2023
View reviewed changes
Lib/test/test_mailcap.py Outdated
with warnings_helper.check_warnings(('', tc[2]["warn_type"]), quiet=True):
self.assertEqual(mailcap.subst(*tc[0]), tc[1])
else:
self.assertEqual(mailcap.subst(*tc[0]), tc[1])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems a bit over-engineered. I'd split this into a separate test function, which tests that the warning is issued in cases that deserve the warning. This exception is raised from 3 places in the Lib/mailcap.py, so shouldn't we have at least 3 test cases for it?

CC @encukou .

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Irit,

Thank you, I'll rework the affected cases into a separate test function and update the patch.
Will add 2x new test cases for unsafe filename and parameters, only the MIME type warnings are raised at present

iritkatriel
iritkatriel reviewed Apr 6, 2023
View reviewed changes
Lib/test/test_mailcap.py Outdated
with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,'Refusing to substitute MIME type.*into a shell'):
self.assertEqual(mailcap.subst("echo %t", "audio/*", "foo.txt"), None)

with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,'Refusing to use mailcap with filename.*Use a safe temporary filename.'):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PEP 8: wrap lines at 80 chars, and have whitespace between the , and the next function arg.

Suggested change
with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,'Refusing to use mailcap with filename.*Use a safe temporary filename.'):
with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
'Refusing to use mailcap with filename.*Use a safe temporary filename.'):

iritkatriel
iritkatriel reviewed Apr 6, 2023
View reviewed changes
Lib/test/test_mailcap.py Outdated
@@ -245,6 +241,19 @@ def test_test(self):
]
self._run_cases(cases)

def test_unsafe_mailcap_input(self):
c = MAILCAPDICT
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
c = MAILCAPDICT
c = MAILCAPDICT

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is only used in one place, you could move it there.

iritkatriel
iritkatriel reviewed Apr 6, 2023
View reviewed changes
Lib/test/test_mailcap.py Outdated
Comment on lines 257 to 258
self.assertEqual(mailcap.findmatch(MAILCAPDICT,
"audio/wav", filename="foo*.txt"), (None, None))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't want to break the first arg into two lines and then continue with the second arg on the same line.

You can assign the return value of findmatch to a variable and then compare the variable to expected value.
Otherwise, add a newline before the (None, None) and indent it like "mailcap.findmatch".

iritkatriel
iritkatriel reviewed Apr 6, 2023
View reviewed changes
Lib/test/test_mailcap.py Outdated
@@ -242,17 +242,20 @@ def test_test(self):
self._run_cases(cases)

def test_unsafe_mailcap_input(self):
c = MAILCAPDICT
plist = ["total=*"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is also only used in one place.

iritkatriel
iritkatriel reviewed Apr 6, 2023
View reviewed changes
Lib/test/test_mailcap.py Outdated
self.assertEqual(mailcap.subst("echo %t", "audio/*", "foo.txt"), None)

with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
'Refusing to use mailcap with filename.*Use a safe temporary filename.'):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
'Refusing to use mailcap with filename.*Use a safe temporary filename.'):
'Refusing to use mailcap with filename.*'
'Use a safe temporary filename.'):

iritkatriel
iritkatriel reviewed Apr 6, 2023
View reviewed changes
Lib/test/test_mailcap.py Outdated
plist = ["total=*"]
with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
'Refusing to substitute parameter.*into a shell command'):
self.assertEqual(mailcap.subst("echo %{total}", "audio/wav", "foo.txt", plist), None)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is also > 80 chars

@iritkatriel iritkatriel changed the title gh-103186 Suppress UnsafeMailcapInput warnings gh-103186: assert in tests that UnsafeMailcapInput warnings are provided Apr 6, 2023
@iritkatriel iritkatriel merged commit 1724553 into python:main Apr 6, 2023
@iritkatriel
Copy link
Member

Thank you @TabLand, congrats on your first commit to cpython!

@TabLand
Copy link
Contributor Author

TabLand commented Apr 6, 2023

First of hopefully lots of more in the future!
Many thanks!

warsaw pushed a commit to warsaw/cpython that referenced this pull request Apr 11, 2023
@TabLand @warsaw
pythongh-103186: assert in tests that UnsafeMailcapInput warnings are…
e23bf26 
… provided (python#103217)
@serhiy-storchaka serhiy-storchaka added the needs backport to 3.11 only security fixes label Sep 2, 2023
@miss-islington
Copy link
Contributor

Thanks @TabLand for the PR, and @iritkatriel for merging it 🌮🎉.. I'm working now to backport this PR to: 3.11.
🐍🍒⛏🤖

@bedevere-bot
Copy link

GH-108800 is a backport of this pull request to the 3.11 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.11 only security fixes label Sep 2, 2023
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 2, 2023
@TabLand @miss-islington
pythongh-103186: assert in tests that UnsafeMailcapInput warnings are…
915d0ed 
… provided (pythonGH-103217)

(cherry picked from commit 1724553)

Co-authored-by: Ijtaba Hussain <[email protected]>
serhiy-storchaka pushed a commit that referenced this pull request Sep 2, 2023
@miss-islington @TabLand
[3.11] gh-103186: assert in tests that UnsafeMailcapInput warnings ar…
fc114a7 
…e provided (GH-103217) (GH-108800)

(cherry picked from commit 1724553)

Co-authored-by: Ijtaba Hussain <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iritkatriel iritkatriel iritkatriel approved these changes

Assignees
No one assigned
Labels
skip news tests Tests in the Lib/test dir topic-email
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@TabLand @bedevere-bot @iritkatriel @miss-islington @serhiy-storchaka @arhadthedev