2017-07-04 11:04:40 -04:00
|
|
|
|
require "test_helper"
|
|
|
|
|
|
2017-07-06 05:33:29 -04:00
|
|
|
|
class ActiveStorage::FilenameTest < ActiveSupport::TestCase
|
2017-07-04 11:04:40 -04:00
|
|
|
|
test "sanitize" do
|
|
|
|
|
"%$|:;/\t\r\n\\".each_char do |character|
|
2017-07-06 05:33:29 -04:00
|
|
|
|
filename = ActiveStorage::Filename.new("foo#{character}bar.pdf")
|
2017-07-13 18:09:56 -04:00
|
|
|
|
assert_equal "foo-bar.pdf", filename.sanitized
|
|
|
|
|
assert_equal "foo-bar.pdf", filename.to_s
|
2017-07-04 11:04:40 -04:00
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "sanitize transcodes to valid UTF-8" do
|
|
|
|
|
{ "\xF6".force_encoding(Encoding::ISO8859_1) => "ö",
|
|
|
|
|
"\xC3".force_encoding(Encoding::ISO8859_1) => "Ã",
|
|
|
|
|
"\xAD" => "<EFBFBD>",
|
|
|
|
|
"\xCF" => "<EFBFBD>",
|
|
|
|
|
"\x00" => "",
|
|
|
|
|
}.each do |actual, expected|
|
2017-07-06 05:33:29 -04:00
|
|
|
|
assert_equal expected, ActiveStorage::Filename.new(actual).sanitized
|
2017-07-04 11:04:40 -04:00
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "strips RTL override chars used to spoof unsafe executables as docs" do
|
|
|
|
|
# Would be displayed in Windows as "evilexe.pdf" due to the right-to-left
|
|
|
|
|
# (RTL) override char!
|
2017-07-13 18:09:56 -04:00
|
|
|
|
assert_equal "evil-fdp.exe", ActiveStorage::Filename.new("evil\u{202E}fdp.exe").sanitized
|
2017-07-04 11:04:40 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "compare case-insensitively" do
|
2017-07-13 18:09:56 -04:00
|
|
|
|
assert_operator ActiveStorage::Filename.new("foobar.pdf"), :==, ActiveStorage::Filename.new("FooBar.PDF")
|
2017-07-04 11:04:40 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "compare sanitized" do
|
2017-07-13 18:09:56 -04:00
|
|
|
|
assert_operator ActiveStorage::Filename.new("foo-bar.pdf"), :==, ActiveStorage::Filename.new("foo\tbar.pdf")
|
2017-07-04 11:04:40 -04:00
|
|
|
|
end
|
|
|
|
|
end
|