/
test_mechanize_download.rb
100 lines (70 loc) · 2.13 KB
/
test_mechanize_download.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
require 'mechanize/test_case'
class TestMechanizeDownload < Mechanize::TestCase
def setup
super
@parser = Mechanize::Download
end
def test_body
uri = URI.parse 'http://example/foo.html'
body_io = StringIO.new '0123456789'
download = @parser.new uri, nil, body_io
assert_equal '0123456789', download.body
assert_equal 0, download.body_io.pos
end
def test_save_string_io
uri = URI.parse 'http://example/foo.html'
body_io = StringIO.new '0123456789'
download = @parser.new uri, nil, body_io
in_tmpdir do
filename = download.save
assert File.exist? 'foo.html'
assert_equal "foo.html", filename
end
end
def test_save_bang
uri = URI.parse 'http://example/foo.html'
body_io = StringIO.new '0123456789'
download = @parser.new uri, nil, body_io
in_tmpdir do
filename = download.save!
assert File.exist? 'foo.html'
assert_equal "foo.html", filename
end
end
def test_save_bang_does_not_allow_command_injection
uri = URI.parse 'http://example/foo.html'
body_io = StringIO.new '0123456789'
download = @parser.new uri, nil, body_io
in_tmpdir do
download.save!('| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\'')
refute_operator(File, :exist?, "vul.txt")
end
end
def test_save_tempfile
uri = URI.parse 'http://example/foo.html'
Tempfile.open @NAME do |body_io|
body_io.unlink
body_io.write '0123456789'
body_io.flush
body_io.rewind
download = @parser.new uri, nil, body_io
in_tmpdir do
filename = download.save
assert File.exist? 'foo.html'
assert_equal "foo.html", filename
filename = download.save
assert File.exist? 'foo.html.1'
assert_equal "foo.html.1", filename
filename = download.save
assert File.exist? 'foo.html.2'
assert_equal "foo.html.2", filename
end
end
end
def test_filename
uri = URI.parse 'http://example/foo.html'
body_io = StringIO.new '0123456789'
download = @parser.new uri, nil, body_io
assert_equal "foo.html", download.filename
end
end