mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-08 08:20:28 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix all bandit B310 urllib_urlopen

Browse source 
"Audit url open for permitted schemes. Allowing use of ‘file:’’ or custom
schemes is often unexpected."

https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b310-urllib-urlopen
This commit is contained in:
Hans-Christoph Steiner 2020-01-31 15:20:24 +01:00
parent d8f3d94997
commit 3df276cc3c
No known key found for this signature in database
GPG key ID: 3E177817BA1B9BFA
4 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tests/checkupdates.TestCase
View file

@ -19,6 +19,7 @@ if localmodule not in sys.path:
import fdroidserver.checkupdates
import fdroidserver.metadata
from fdroidserver.exception import FDroidException
class CommonTest(unittest.TestCase):
@ -123,6 +124,17 @@ class CommonTest(unittest.TestCase):
self.assertEqual(vername, '1.1.9')
self.assertEqual(vercode, '10109')
def test_check_http_blocks_unknown_schemes(self):
app = fdroidserver.metadata.App()
for scheme in ('file', 'ssh', 'http', ';pwn'):
app.id = scheme
faked = scheme + '://fake.url/for/testing/scheme'
app.UpdateCheckData = faked + '|ignored|' + faked + '|ignored'
app.metadatapath = 'metadata/' + app.id + '.yml'
vername, vercode = fdroidserver.checkupdates.check_http(app)
self.assertIsNone(vername)
self.assertTrue(FDroidException.__name__ in vercode)
def test_check_http_ignore(self):
fdroidserver.checkupdates.options = mock.Mock()