diff options
author | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2020-09-18 18:32:59 +0200 |
---|---|---|
committer | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2020-09-18 18:34:30 +0200 |
commit | c4c602ee80b3bd6a158274df12019ba4e41e31d0 (patch) | |
tree | be27f4861292f574dab03c473ba77eee31c46883 /build | |
parent | 5e143845cb6d9591d506df4b554348b7dce0296e (diff) | |
download | nextcloud-server-c4c602ee80b3bd6a158274df12019ba4e41e31d0.tar.gz nextcloud-server-c4c602ee80b3bd6a158274df12019ba4e41e31d0.zip |
Add integration tests for transferring files of a user with a risky name
The files:transfer-ownership performs a sanitization of users with
"risky" display names (including characters like "\" or "/").
In order to allow (escaped) double quotes in the display name the
regular expression used in the "user XXX with displayname YYY exists"
step had to be adjusted.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'build')
3 files changed, 41 insertions, 1 deletions
diff --git a/build/integration/features/bootstrap/CommandLineContext.php b/build/integration/features/bootstrap/CommandLineContext.php index 3acb59ec404..6db8de6b485 100644 --- a/build/integration/features/bootstrap/CommandLineContext.php +++ b/build/integration/features/bootstrap/CommandLineContext.php @@ -27,6 +27,7 @@ require __DIR__ . '/../../vendor/autoload.php'; use Behat\Behat\Hook\Scope\BeforeScenarioScope; +use PHPUnit\Framework\Assert; class CommandLineContext implements \Behat\Behat\Context\Context { use CommandLine; @@ -129,4 +130,11 @@ class CommandLineContext implements \Behat\Behat\Context\Context { $davPath = rtrim($davPath, '/') . $this->lastTransferPath; $this->featureContext->usingDavPath($davPath); } + + /** + * @Then /^transfer folder name contains "([^"]+)"$/ + */ + public function transferFolderNameContains($text) { + Assert::assertContains($text, $this->lastTransferPath); + } } diff --git a/build/integration/features/bootstrap/Provisioning.php b/build/integration/features/bootstrap/Provisioning.php index daf5b11569c..31331092ae7 100644 --- a/build/integration/features/bootstrap/Provisioning.php +++ b/build/integration/features/bootstrap/Provisioning.php @@ -70,7 +70,7 @@ trait Provisioning { } /** - * @Given /^user "([^"]*)" with displayname "([^"]*)" exists$/ + * @Given /^user "([^"]*)" with displayname "((?:[^"]|\\")*)" exists$/ * @param string $user */ public function assureUserWithDisplaynameExists($user, $displayname) { diff --git a/build/integration/features/transfer-ownership.feature b/build/integration/features/transfer-ownership.feature index 7afaf1f3e59..46aeabb3aa7 100644 --- a/build/integration/features/transfer-ownership.feature +++ b/build/integration/features/transfer-ownership.feature @@ -29,6 +29,22 @@ Feature: transfer-ownership And using received transfer folder of "user1" as dav path And as "user1" the folder "/test" exists + Scenario: transferring ownership from user with risky display name + Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists + And user "user1" exists + And User "user0" created a folder "/test" + And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt" + When transferring ownership from "user0" to "user1" + And the command was successful + And As an "user1" + And using received transfer folder of "user1" as dav path + Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is" + And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on" + And using old dav path + And as "user0" the folder "/test" does not exist + And using received transfer folder of "user1" as dav path + And as "user1" the folder "/test" exists + Scenario: transferring ownership of file shares Given user "user0" exists And user "user1" exists @@ -319,6 +335,22 @@ Feature: transfer-ownership And using received transfer folder of "user1" as dav path And as "user1" the folder "/test" exists + Scenario: transferring ownership from user with risky display name + Given user "user0" with displayname "user0 \"risky\"? ヂspḷay 'na|\/|e':.#" exists + And user "user1" exists + And User "user0" created a folder "/test" + And User "user0" uploads file "data/textfile.txt" to "/test/somefile.txt" + When transferring ownership of path "test" from "user0" to "user1" + And the command was successful + And As an "user1" + And using received transfer folder of "user1" as dav path + Then Downloaded content when downloading file "/test/somefile.txt" with range "bytes=0-6" should be "This is" + And transfer folder name contains "transferred from user0 -risky- ヂspḷay -na|-|e- on" + And using old dav path + And as "user0" the folder "/test" does not exist + And using received transfer folder of "user1" as dav path + And as "user1" the folder "/test" exists + Scenario: transferring ownership of file shares Given user "user0" exists And user "user1" exists |