[Zope-Checkins] CVS: Zope/lib/python/ZTUtils/tests - testTree.py:1.5
Tres Seaver
tseaver at zope.com
Thu Jan 15 18:00:23 EST 2004
Update of /cvs-repository/Zope/lib/python/ZTUtils/tests
In directory cvs.zope.org:/tmp/cvs-serv22749/tests
Modified Files:
testTree.py
Log Message:
- SimpleTree.py: CGI escapes (merged from 2.6 / 2.7 audit).
- Tree.py: prevent DoS agains tree state cookie decompression (merged
from 2.6 / 2.7 audit).
=== Zope/lib/python/ZTUtils/tests/testTree.py 1.4 => 1.5 ===
--- Zope/lib/python/ZTUtils/tests/testTree.py:1.4 Sat Oct 5 17:24:03 2002
+++ Zope/lib/python/ZTUtils/tests/testTree.py Thu Jan 15 18:00:17 2004
@@ -207,6 +207,16 @@
self.assertEqual(treeroot1.size, treeroot2.size)
self.assertEqual(len(treeroot1), len(treeroot2))
+
+ def testDecodeInputSizeLimit(self):
+ self.assertRaises(ValueError, Tree.decodeExpansion, 'x' * 10000)
+
+ def testDecodeDecompressedSizeLimit(self):
+ import zlib
+ from ZTUtils.Tree import b2a, a2b, encodeExpansion, decodeExpansion
+ big = b2a(zlib.compress('x' * (1024*1100)))
+ self.assert_(len(big) < 8192) # Must be under the input size limit
+ self.assertRaises(ValueError, Tree.decodeExpansion, ':' + big)
def test_suite():
More information about the Zope-Checkins
mailing list