From a1a18f77a50804e0127dfa4b0f5240c49c541184 Mon Sep 17 00:00:00 2001 From: Scott Jackson Date: Mon, 2 Jul 2012 21:24:02 -0700 Subject: Initial Commit --- .../subsonic/service/SecurityServiceTestCase.java | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 subsonic-main/src/test/java/net/sourceforge/subsonic/service/SecurityServiceTestCase.java (limited to 'subsonic-main/src/test/java/net/sourceforge/subsonic/service/SecurityServiceTestCase.java') diff --git a/subsonic-main/src/test/java/net/sourceforge/subsonic/service/SecurityServiceTestCase.java b/subsonic-main/src/test/java/net/sourceforge/subsonic/service/SecurityServiceTestCase.java new file mode 100644 index 00000000..001b124c --- /dev/null +++ b/subsonic-main/src/test/java/net/sourceforge/subsonic/service/SecurityServiceTestCase.java @@ -0,0 +1,59 @@ +/* + This file is part of Subsonic. + + Subsonic is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + Subsonic is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with Subsonic. If not, see . + + Copyright 2009 (C) Sindre Mehus + */ +package net.sourceforge.subsonic.service; + +import junit.framework.*; +/** + * Unit test of {@link SecurityService}. + * + * @author Sindre Mehus + */ +public class SecurityServiceTestCase extends TestCase { + + public void testIsFileInFolder() { + SecurityService service = new SecurityService(); + + assertTrue(service.isFileInFolder("/music/foo.mp3", "\\")); + assertTrue(service.isFileInFolder("/music/foo.mp3", "/")); + + assertTrue(service.isFileInFolder("/music/foo.mp3", "/music")); + assertTrue(service.isFileInFolder("\\music\\foo.mp3", "/music")); + assertTrue(service.isFileInFolder("/music/foo.mp3", "\\music")); + assertTrue(service.isFileInFolder("/music/foo.mp3", "\\music\\")); + + assertFalse(service.isFileInFolder("", "/tmp")); + assertFalse(service.isFileInFolder("foo.mp3", "/tmp")); + assertFalse(service.isFileInFolder("/music/foo.mp3", "/tmp")); + assertFalse(service.isFileInFolder("/music/foo.mp3", "/tmp/music")); + + // Test that references to the parent directory (..) is not allowed. + assertTrue(service.isFileInFolder("/music/foo..mp3", "/music")); + assertTrue(service.isFileInFolder("/music/foo..", "/music")); + assertTrue(service.isFileInFolder("/music/foo.../", "/music")); + assertFalse(service.isFileInFolder("/music/foo/..", "/music")); + assertFalse(service.isFileInFolder("../music/foo", "/music")); + assertFalse(service.isFileInFolder("/music/../foo", "/music")); + assertFalse(service.isFileInFolder("/music/../bar/../foo", "/music")); + assertFalse(service.isFileInFolder("/music\\foo\\..", "/music")); + assertFalse(service.isFileInFolder("..\\music/foo", "/music")); + assertFalse(service.isFileInFolder("/music\\../foo", "/music")); + assertFalse(service.isFileInFolder("/music/..\\bar/../foo", "/music")); + } +} + -- cgit v1.2.3