diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-01-02 20:18:27 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-01-10 10:49:51 +0100 |
commit | 98e6629154044e4ab1ee7cff8351c7ebcb131e88 (patch) | |
tree | e02c52b9eab8cce69bbd885c3b52202451290f75 /tests | |
parent | afeb8d99022255279ee63125f2fa0f69810ce9c3 (diff) |
xattr: strip credentials from any URL that is stored
Both user and password are cleared uncondtitionally.
Added unit test 1621 to verify.
Fixes #3423
Closes #3433
Diffstat (limited to 'tests')
-rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
-rw-r--r-- | tests/data/test1621 | 27 | ||||
-rw-r--r-- | tests/unit/Makefile.inc | 6 | ||||
-rw-r--r-- | tests/unit/unit1621.c | 89 |
4 files changed, 122 insertions, 2 deletions
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 79bbc657d..85cf2755c 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -182,7 +182,7 @@ test1560 test1561 test1562 \ test1590 test1591 test1592 \ \ test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 \ -test1608 test1609 test1620 \ +test1608 test1609 test1620 test1621 \ \ test1650 test1651 test1652 test1653 \ \ diff --git a/tests/data/test1621 b/tests/data/test1621 new file mode 100644 index 000000000..1117d1bd2 --- /dev/null +++ b/tests/data/test1621 @@ -0,0 +1,27 @@ +<testcase> +<info> +<keywords> +unittest +stripcredentials +</keywords> +</info> + +# +# Client-side +<client> +<server> +none +</server> +<features> +unittest +https +</features> + <name> +unit tests for stripcredentials from URL + </name> +<tool> +unit1621 +</tool> +</client> + +</testcase> diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc index 8b1a6071a..82eaec797 100644 --- a/tests/unit/Makefile.inc +++ b/tests/unit/Makefile.inc @@ -10,7 +10,7 @@ UNITPROGS = unit1300 unit1301 unit1302 unit1303 unit1304 unit1305 unit1307 \ unit1330 unit1394 unit1395 unit1396 unit1397 unit1398 \ unit1399 \ unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \ - unit1608 unit1609 unit1620 \ + unit1608 unit1609 unit1620 unit1621 \ unit1650 unit1651 unit1652 unit1653 unit1300_SOURCES = unit1300.c $(UNITFILES) @@ -100,6 +100,10 @@ unit1609_CPPFLAGS = $(AM_CPPFLAGS) unit1620_SOURCES = unit1620.c $(UNITFILES) unit1620_CPPFLAGS = $(AM_CPPFLAGS) +unit1621_SOURCES = unit1621.c $(UNITFILES) +unit1621_CPPFLAGS = $(AM_CPPFLAGS) +unit1621_LDADD = $(top_builddir)/src/libcurltool.la $(top_builddir)/lib/libcurl.la + unit1650_SOURCES = unit1650.c $(UNITFILES) unit1650_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/tests/unit/unit1621.c b/tests/unit/unit1621.c new file mode 100644 index 000000000..6e07b6ea9 --- /dev/null +++ b/tests/unit/unit1621.c @@ -0,0 +1,89 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curlcheck.h" + +#include "urldata.h" +#include "url.h" + +#include "memdebug.h" /* LAST include file */ + +static CURLcode unit_setup(void) +{ + return CURLE_OK; +} + +static void unit_stop(void) +{ +} + +#ifdef __MINGW32__ +UNITTEST_START +{ + return 0; +} +UNITTEST_STOP +#else + +bool stripcredentials(char **url); + +struct checkthis { + const char *input; + const char *output; +}; + +static struct checkthis tests[] = { + { "ninja://foo@example.com", "ninja://foo@example.com" }, + { "https://foo@example.com", "https://example.com/" }, + { "https://localhost:45", "https://localhost:45/" }, + { "https://foo@localhost:45", "https://localhost:45/" }, + { "http://daniel:password@localhost", "http://localhost/" }, + { "http://daniel@localhost", "http://localhost/" }, + { "http://localhost/", "http://localhost/" }, + { NULL, NULL } /* end marker */ +}; + +UNITTEST_START +{ + bool cleanup; + char *url; + int i; + int rc = 0; + + for(i = 0; tests[i].input; i++) { + url = (char *)tests[i].input; + cleanup = stripcredentials(&url); + printf("Test %u got input \"%s\", output: \"%s\"\n", + i, tests[i].input, url); + + if(strcmp(tests[i].output, url)) { + fprintf(stderr, "Test %u got input \"%s\", expected output \"%s\"\n" + " Actual output: \"%s\"\n", i, tests[i].input, tests[i].output, + url); + rc++; + } + if(cleanup) + curl_free(url); + } + return rc; +} +UNITTEST_STOP +#endif |