diff options
| author | Sean Quah <seanq@element.io> | 2021-11-19 13:39:15 +0000 |
|---|---|---|
| committer | Sean Quah <seanq@element.io> | 2021-11-19 13:39:15 +0000 |
| commit | 91f2bd0907f1d05af67166846988e49644eb650c (patch) | |
| tree | 1e1cb3881d0cf97b603e6a73f88af340ba491f58 /tests/http | |
| parent | 1.47.0 (diff) | |
| download | synapse-91f2bd0907f1d05af67166846988e49644eb650c.tar.xz | |
Prevent the media store from writing outside of the configured directory
Also tighten validation of server names by forbidding invalid characters in IPv6 addresses and empty domain labels.
Diffstat (limited to 'tests/http')
| -rw-r--r-- | tests/http/test_endpoint.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/http/test_endpoint.py b/tests/http/test_endpoint.py index 1f9a2f9b1d..c8cc21cadd 100644 --- a/tests/http/test_endpoint.py +++ b/tests/http/test_endpoint.py @@ -36,8 +36,11 @@ class ServerNameTestCase(unittest.TestCase): "localhost:http", # non-numeric port "1234]", # smells like ipv6 literal but isn't "[1234", + "[1.2.3.4]", "underscore_.com", "percent%65.com", + "newline.com\n", + ".empty-label.com", "1234:5678:80", # too many colons ] for i in test_data: |