Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(101)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ftp/ftp_network_transaction_unittest.cc

Issue 1827893002: Fix handling of escaped slashes ("%2f") in FTP paths. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove accidentally included test code Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ftp/ftp_network_transaction.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ftp/ftp_network_transaction.h" 5 #include "net/ftp/ftp_network_transaction.h"
6 6
7 #include "build/build_config.h" 7 #include "build/build_config.h"
8 8
9 #include "base/compiler_specific.h" 9 #include "base/compiler_specific.h"
10 #include "base/macros.h" 10 #include "base/macros.h"
(...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after
423 return Verify("RETR /file\r\n", data, PRE_QUIT, "200 OK\r\n"); 423 return Verify("RETR /file\r\n", data, PRE_QUIT, "200 OK\r\n");
424 default: 424 default:
425 return FtpSocketDataProvider::OnWrite(data); 425 return FtpSocketDataProvider::OnWrite(data);
426 } 426 }
427 } 427 }
428 428
429 private: 429 private:
430 DISALLOW_COPY_AND_ASSIGN(FtpSocketDataProviderFileDownload); 430 DISALLOW_COPY_AND_ASSIGN(FtpSocketDataProviderFileDownload);
431 }; 431 };
432 432
433 class FtpSocketDataProviderPathSeparatorsNotUnescaped
434 : public FtpSocketDataProvider {
435 public:
436 FtpSocketDataProviderPathSeparatorsNotUnescaped() {}
437
438 MockWriteResult OnWrite(const std::string& data) override {
439 if (InjectFault())
440 return MockWriteResult(ASYNC, data.length());
441 switch (state()) {
442 case PRE_SIZE:
443 return Verify("SIZE /foo%2f..%2fbar%5c\r\n", data, PRE_CWD,
444 "213 18\r\n");
445 case PRE_CWD:
446 return Verify("CWD /foo%2f..%2fbar%5c\r\n", data,
447 use_epsv() ? PRE_RETR_EPSV : PRE_RETR_PASV,
448 "550 Not a directory\r\n");
449 case PRE_RETR:
450 return Verify("RETR /foo%2f..%2fbar%5c\r\n", data, PRE_QUIT,
451 "200 OK\r\n");
452 default:
453 return FtpSocketDataProvider::OnWrite(data);
454 }
455 }
456
457 private:
458 DISALLOW_COPY_AND_ASSIGN(FtpSocketDataProviderPathSeparatorsNotUnescaped);
459 };
460
433 class FtpSocketDataProviderFileNotFound : public FtpSocketDataProvider { 461 class FtpSocketDataProviderFileNotFound : public FtpSocketDataProvider {
434 public: 462 public:
435 FtpSocketDataProviderFileNotFound() { 463 FtpSocketDataProviderFileNotFound() {
436 } 464 }
437 465
438 MockWriteResult OnWrite(const std::string& data) override { 466 MockWriteResult OnWrite(const std::string& data) override {
439 if (InjectFault()) 467 if (InjectFault())
440 return MockWriteResult(ASYNC, data.length()); 468 return MockWriteResult(ASYNC, data.length());
441 switch (state()) { 469 switch (state()) {
442 case PRE_SIZE: 470 case PRE_SIZE:
(...skipping 859 matching lines...) Expand 10 before | Expand all | Expand 10 after
1302 TEST_P(FtpNetworkTransactionTest, DownloadTransactionSpaceInLogin) { 1330 TEST_P(FtpNetworkTransactionTest, DownloadTransactionSpaceInLogin) {
1303 FtpSocketDataProviderEvilLogin ctrl_socket("hello world", "test"); 1331 FtpSocketDataProviderEvilLogin ctrl_socket("hello world", "test");
1304 ExecuteTransaction(&ctrl_socket, "ftp://hello%20world:test@host/file", OK); 1332 ExecuteTransaction(&ctrl_socket, "ftp://hello%20world:test@host/file", OK);
1305 } 1333 }
1306 1334
1307 TEST_P(FtpNetworkTransactionTest, DownloadTransactionSpaceInPassword) { 1335 TEST_P(FtpNetworkTransactionTest, DownloadTransactionSpaceInPassword) {
1308 FtpSocketDataProviderEvilLogin ctrl_socket("test", "hello world"); 1336 FtpSocketDataProviderEvilLogin ctrl_socket("test", "hello world");
1309 ExecuteTransaction(&ctrl_socket, "ftp://test:hello%20world@host/file", OK); 1337 ExecuteTransaction(&ctrl_socket, "ftp://test:hello%20world@host/file", OK);
1310 } 1338 }
1311 1339
1340 // Make sure FtpNetworkTransaction doesn't request paths like
1341 // "/foo/../bar". Doing so wouldn't be a security issue, client side, but just
1342 // doesn't seem like a good idea.
1343 TEST_P(FtpNetworkTransactionTest,
1344 DownloadTransactionPathSeparatorsNotUnescaped) {
1345 FtpSocketDataProviderPathSeparatorsNotUnescaped ctrl_socket;
1346 ExecuteTransaction(&ctrl_socket, "ftp://host/foo%2f..%2fbar%5c", OK);
1347
1348 // We pass an artificial value of 18 as a response to the SIZE command.
1349 EXPECT_EQ(18, transaction_.GetResponseInfo()->expected_content_size);
1350 }
1351
1312 TEST_P(FtpNetworkTransactionTest, EvilRestartUser) { 1352 TEST_P(FtpNetworkTransactionTest, EvilRestartUser) {
1313 FtpSocketDataProvider ctrl_socket1; 1353 FtpSocketDataProvider ctrl_socket1;
1314 ctrl_socket1.InjectFailure(FtpSocketDataProvider::PRE_PASSWD, 1354 ctrl_socket1.InjectFailure(FtpSocketDataProvider::PRE_PASSWD,
1315 FtpSocketDataProvider::PRE_QUIT, 1355 FtpSocketDataProvider::PRE_QUIT,
1316 "530 Login authentication failed\r\n"); 1356 "530 Login authentication failed\r\n");
1317 mock_socket_factory_.AddSocketDataProvider(&ctrl_socket1); 1357 mock_socket_factory_.AddSocketDataProvider(&ctrl_socket1);
1318 1358
1319 FtpRequestInfo request_info = GetRequestInfo("ftp://host/file"); 1359 FtpRequestInfo request_info = GetRequestInfo("ftp://host/file");
1320 1360
1321 ASSERT_EQ(ERR_IO_PENDING, 1361 ASSERT_EQ(ERR_IO_PENDING,
(...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after
1613 FtpSocketDataProvider::PRE_TYPE, 1653 FtpSocketDataProvider::PRE_TYPE,
1614 "257 \"\"\r\n", 1654 "257 \"\"\r\n",
1615 OK); 1655 OK);
1616 } 1656 }
1617 1657
1618 INSTANTIATE_TEST_CASE_P(FTP, 1658 INSTANTIATE_TEST_CASE_P(FTP,
1619 FtpNetworkTransactionTest, 1659 FtpNetworkTransactionTest,
1620 ::testing::Values(AF_INET, AF_INET6)); 1660 ::testing::Values(AF_INET, AF_INET6));
1621 1661
1622 } // namespace net 1662 } // namespace net
OLDNEW
« no previous file with comments | « net/ftp/ftp_network_transaction.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698