SanitizedFileTest.java example

Explorer

fdroidclient-master
- app
  - src
- extern
  - nanohttpd
    - core
      - src
        main
        java
        fi
        iki
        elonen
        NanoHTTPD.java
  - support-v4-preferencefragment
    - src
      - android
        support
        v4
        preference
        PreferenceFragment.java
        PreferenceManagerCompat.java
  - zipsigner
    - src
      - main
        java
        kellinwood
        logging
        AbstractLogger.java
        ConsoleLoggerFactory.java
        LoggerFactory.java
        LoggerInterface.java
        LoggerManager.java
        NullLoggerFactory.java
        StreamLogger.java
        security
        zipsigner
        AutoKeyException.java
        Base64.java
        DefaultResourceAdapter.java
        HexDumpEncoder.java
        HexEncoder.java
        KeySet.java
        ProgressEvent.java
        ProgressHelper.java
        ProgressListener.java
        ResourceAdapter.java
        ZipSignature.java
        ZipSigner.java
        optional
        CertCreator.java
        CustomKeySigner.java
        DistinguishedNameValues.java
        Fingerprint.java
        JKS.java
        JksKeyStore.java
        KeyNameConflictException.java
        KeyStoreFileManager.java
        LoadKeystoreException.java
        PasswordObfuscator.java
        SignatureBlockGenerator.java
        zipio
        CentralEnd.java
        ZioEntry.java
        ZioEntryInputStream.java
        ZioEntryOutputStream.java
        ZipInput.java
        ZipListingHelper.java
        ZipOutput.java

package org.fdroid.fdroid.data;

import org.junit.Test;

import java.io.File;

import static org.junit.Assert.assertEquals;
import static org.junit.Assume.assumeTrue;

public class SanitizedFileTest {

    @Test
    public void testSanitizedFile() {
        assumeTrue("/".equals(System.getProperty("file.separator")));

        File directory = new File("/tmp/blah");

        String safeFile = "safe";
        String nonEvilFile = "$%^safe-and_bleh.boo*@~";
        String evilFile = ";rm /etc/shadow;";

        File safeNotSanitized = new File(directory, safeFile);
        File nonEvilNotSanitized = new File(directory, nonEvilFile);
        File evilNotSanitized = new File(directory, evilFile);

        assertEquals("/tmp/blah/safe", safeNotSanitized.getAbsolutePath());
        assertEquals("/tmp/blah/$%^safe-and_bleh.boo*@~", nonEvilNotSanitized.getAbsolutePath());
        assertEquals("/tmp/blah/;rm /etc/shadow;", evilNotSanitized.getAbsolutePath());

        assertEquals("safe", safeNotSanitized.getName());
        assertEquals("$%^safe-and_bleh.boo*@~", nonEvilNotSanitized.getName());
        assertEquals("shadow;", evilNotSanitized.getName()); // Should be ;rm /etc/shadow; but the forward slashes are naughty.

        SanitizedFile safeSanitized = new SanitizedFile(directory, safeFile);
        SanitizedFile nonEvilSanitized = new SanitizedFile(directory, nonEvilFile);
        SanitizedFile evilSanitized = new SanitizedFile(directory, evilFile);

        assertEquals("/tmp/blah/safe", safeSanitized.getAbsolutePath());
        assertEquals("/tmp/blah/safe-and_bleh.boo", nonEvilSanitized.getAbsolutePath());
        assertEquals("/tmp/blah/rmetcshadow", evilSanitized.getAbsolutePath());

        assertEquals("safe", safeSanitized.getName());
        assertEquals("safe-and_bleh.boo", nonEvilSanitized.getName());
        assertEquals("rmetcshadow", evilSanitized.getName());

    }

}