Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 376ffc6ac491da74920aed1b8e35bc371cb766ac / . / Lib / test / test_cgi.py
blob: 239d97589cac26d45f8049280ded010bfe94a7f8 [file] [log] [blame]
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]1import cgi
2import os
3import sys
Thomas Wouters00ee7ba2006-08-21 19:07:27 +0000[diff] [blame]4import tempfile
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]5import unittest
Senthil Kumaran6b102f22013-01-23 02:50:15 -0800[diff] [blame]6from collections import namedtuple
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]7from io import StringIO, BytesIO
Martin Panter1cd27722016-06-06 01:53:28 +0000[diff] [blame]8from test import support
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]9
10class HackedSysModule:
11 # The regression test will have real values in sys.argv, which
Fred Drake004d5e62000-10-23 17:22:08 +0000[diff] [blame]12 # will completely confuse the test of the cgi module
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]13 argv = []
14 stdin = sys.stdin
15
16cgi.sys = HackedSysModule()
17
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]18class ComparableException:
19 def __init__(self, err):
20 self.err = err
21
22 def __str__(self):
23 return str(self.err)
24
Guido van Rossum47b9ff62006-08-24 00:41:19 +0000[diff] [blame]25 def __eq__(self, anExc):
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]26 if not isinstance(anExc, Exception):
Guido van Rossum47b9ff62006-08-24 00:41:19 +0000[diff] [blame]27 return NotImplemented
28 return (self.err.__class__ == anExc.__class__ and
29 self.err.args == anExc.args)
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]30
31 def __getattr__(self, attr):
Guido van Rossum846d6db2001-01-17 15:08:37 +0000[diff] [blame]32 return getattr(self.err, attr)
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]33
34def do_test(buf, method):
35 env = {}
36 if method == "GET":
37 fp = None
38 env['REQUEST_METHOD'] = 'GET'
39 env['QUERY_STRING'] = buf
40 elif method == "POST":
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]41 fp = BytesIO(buf.encode('latin-1')) # FieldStorage expects bytes
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]42 env['REQUEST_METHOD'] = 'POST'
43 env['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'
44 env['CONTENT_LENGTH'] = str(len(buf))
45 else:
Collin Winter3add4d72007-08-29 23:37:32 +0000[diff] [blame]46 raise ValueError("unknown method: %s" % method)
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]47 try:
48 return cgi.parse(fp, env, strict_parsing=1)
Guido van Rossumcd16bf62007-06-13 18:07:49 +0000[diff] [blame]49 except Exception as err:
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]50 return ComparableException(err)
51
Neil Schemenauer66edb622004-07-19 15:38:11 +0000[diff] [blame]52parse_strict_test_cases = [
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]53 ("", ValueError("bad query field: ''")),
54 ("&", ValueError("bad query field: ''")),
55 ("&&", ValueError("bad query field: ''")),
56 # Should the next few really be valid?
57 ("=", {}),
58 ("=&=", {}),
59 # This rest seem to make sense
60 ("=a", {'': ['a']}),
61 ("&=a", ValueError("bad query field: ''")),
62 ("=a&", ValueError("bad query field: ''")),
63 ("=&a", ValueError("bad query field: 'a'")),
64 ("b=a", {'b': ['a']}),
65 ("b+=a", {'b ': ['a']}),
66 ("a=b=a", {'a': ['b=a']}),
67 ("a=+b=a", {'a': [' b=a']}),
68 ("&b=a", ValueError("bad query field: ''")),
69 ("b&=a", ValueError("bad query field: 'b'")),
70 ("a=a+b&b=b+c", {'a': ['a b'], 'b': ['b c']}),
71 ("a=a+b&a=b+a", {'a': ['a b', 'b a']}),
72 ("x=1&y=2.0&z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}),
73 ("Hbc5161168c542333633315dee1182227:key_store_seqid=400006&cuyer=r&view=bustomer&order_id=0bb2e248638833d48cb7fed300000f1b&expire=964546263&lobale=en-US&kid=130003.300038&ss=env",
74 {'Hbc5161168c542333633315dee1182227:key_store_seqid': ['400006'],
75 'cuyer': ['r'],
76 'expire': ['964546263'],
77 'kid': ['130003.300038'],
78 'lobale': ['en-US'],
79 'order_id': ['0bb2e248638833d48cb7fed300000f1b'],
80 'ss': ['env'],
81 'view': ['bustomer'],
82 }),
Fred Drake004d5e62000-10-23 17:22:08 +0000[diff] [blame]83
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]84 ("group_id=5470&set=custom&_assigned_to=31392&_status=1&_category=100&SUBMIT=Browse",
85 {'SUBMIT': ['Browse'],
86 '_assigned_to': ['31392'],
87 '_category': ['100'],
88 '_status': ['1'],
89 'group_id': ['5470'],
90 'set': ['custom'],
91 })
92 ]
93
Guido van Rossum47b9ff62006-08-24 00:41:19 +0000[diff] [blame]94def norm(seq):
Guido van Rossumcc2b0162007-02-11 06:12:03 +0000[diff] [blame]95 return sorted(seq, key=repr)
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]96
97def first_elts(list):
Guido van Rossumc1f779c2007-07-03 08:25:58 +0000[diff] [blame]98 return [p[0] for p in list]
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]99
100def first_second_elts(list):
Guido van Rossumc1f779c2007-07-03 08:25:58 +0000[diff] [blame]101 return [(p[0], p[1][0]) for p in list]
102
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]103def gen_result(data, environ):
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]104 encoding = 'latin-1'
105 fake_stdin = BytesIO(data.encode(encoding))
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]106 fake_stdin.seek(0)
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]107 form = cgi.FieldStorage(fp=fake_stdin, environ=environ, encoding=encoding)
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]108
109 result = {}
110 for k, v in dict(form).items():
Florent Xicluna8fbddf12010-03-17 20:29:51 +0000[diff] [blame]111 result[k] = isinstance(v, list) and form.getlist(k) or v.value
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]112
113 return result
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]114
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]115class CgiTests(unittest.TestCase):
Neil Schemenauer66edb622004-07-19 15:38:11 +0000[diff] [blame]116
Senthil Kumaran6b102f22013-01-23 02:50:15 -0800[diff] [blame]117 def test_parse_multipart(self):
118 fp = BytesIO(POSTDATA.encode('latin1'))
119 env = {'boundary': BOUNDARY.encode('latin1'),
120 'CONTENT-LENGTH': '558'}
121 result = cgi.parse_multipart(fp, env)
Pierre Quentelcc3fa202017-05-08 14:08:34 +0200[diff] [blame]122 expected = {'submit': [' Add '], 'id': ['1234'],
123 'file': [b'Testing 123.\n'], 'title': ['']}
Senthil Kumaran6b102f22013-01-23 02:50:15 -0800[diff] [blame]124 self.assertEqual(result, expected)
125
rogerd8cf3512020-06-15 16:58:54 +0200[diff] [blame]126 def test_parse_multipart_without_content_length(self):
127 POSTDATA = '''--JfISa01
128Content-Disposition: form-data; name="submit-name"
129
130just a string
131
132--JfISa01--
133'''
134 fp = BytesIO(POSTDATA.encode('latin1'))
135 env = {'boundary': 'JfISa01'.encode('latin1')}
136 result = cgi.parse_multipart(fp, env)
137 expected = {'submit-name': ['just a string\n']}
138 self.assertEqual(result, expected)
139
Amber Brown545c9552018-05-14 18:11:55 -0400[diff] [blame]140 def test_parse_multipart_invalid_encoding(self):
141 BOUNDARY = "JfISa01"
142 POSTDATA = """--JfISa01
143Content-Disposition: form-data; name="submit-name"
144Content-Length: 3
145
146\u2603
147--JfISa01"""
148 fp = BytesIO(POSTDATA.encode('utf8'))
149 env = {'boundary': BOUNDARY.encode('latin1'),
150 'CONTENT-LENGTH': str(len(POSTDATA.encode('utf8')))}
151 result = cgi.parse_multipart(fp, env, encoding="ascii",
152 errors="surrogateescape")
153 expected = {'submit-name': ["\udce2\udc98\udc83"]}
154 self.assertEqual(result, expected)
155 self.assertEqual("\u2603".encode('utf8'),
156 result["submit-name"][0].encode('utf8', 'surrogateescape'))
157
Senthil Kumaran6b102f22013-01-23 02:50:15 -0800[diff] [blame]158 def test_fieldstorage_properties(self):
159 fs = cgi.FieldStorage()
160 self.assertFalse(fs)
161 self.assertIn("FieldStorage", repr(fs))
162 self.assertEqual(list(fs), list(fs.keys()))
163 fs.list.append(namedtuple('MockFieldStorage', 'name')('fieldvalue'))
164 self.assertTrue(fs)
165
Senthil Kumaranb4cbb922014-01-11 22:20:16 -0800[diff] [blame]166 def test_fieldstorage_invalid(self):
167 self.assertRaises(TypeError, cgi.FieldStorage, "not-a-file-obj",
168 environ={"REQUEST_METHOD":"PUT"})
169 self.assertRaises(TypeError, cgi.FieldStorage, "foo", "bar")
170 fs = cgi.FieldStorage(headers={'content-type':'text/plain'})
171 self.assertRaises(TypeError, bool, fs)
172
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]173 def test_strict(self):
174 for orig, expect in parse_strict_test_cases:
175 # Test basic parsing
176 d = do_test(orig, "GET")
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]177 self.assertEqual(d, expect, "Error parsing %s method GET" % repr(orig))
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]178 d = do_test(orig, "POST")
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]179 self.assertEqual(d, expect, "Error parsing %s method POST" % repr(orig))
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]180
181 env = {'QUERY_STRING': orig}
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]182 fs = cgi.FieldStorage(environ=env)
Florent Xicluna8fbddf12010-03-17 20:29:51 +0000[diff] [blame]183 if isinstance(expect, dict):
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]184 # test dict interface
Georg Brandl49d1b4f2008-05-11 21:42:51 +0000[diff] [blame]185 self.assertEqual(len(expect), len(fs))
Ezio Melotti263cbdf2010-11-29 02:02:10 +0000[diff] [blame]186 self.assertCountEqual(expect.keys(), fs.keys())
Georg Brandl49d1b4f2008-05-11 21:42:51 +0000[diff] [blame]187 ##self.assertEqual(norm(expect.values()), norm(fs.values()))
188 ##self.assertEqual(norm(expect.items()), norm(fs.items()))
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]189 self.assertEqual(fs.getvalue("nonexistent field", "default"), "default")
190 # test individual fields
191 for key in expect.keys():
192 expect_val = expect[key]
Benjamin Peterson577473f2010-01-19 00:09:57 +0000[diff] [blame]193 self.assertIn(key, fs)
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]194 if len(expect_val) > 1:
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]195 self.assertEqual(fs.getvalue(key), expect_val)
196 else:
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]197 self.assertEqual(fs.getvalue(key), expect_val[0])
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]198
Adam Goldschmidtfcbe0cb2021-02-15 00:41:57 +0200[diff] [blame]199 def test_separator(self):
200 parse_semicolon = [
201 ("x=1;y=2.0", {'x': ['1'], 'y': ['2.0']}),
202 ("x=1;y=2.0;z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}),
203 (";", ValueError("bad query field: ''")),
204 (";;", ValueError("bad query field: ''")),
205 ("=;a", ValueError("bad query field: 'a'")),
206 (";b=a", ValueError("bad query field: ''")),
207 ("b;=a", ValueError("bad query field: 'b'")),
208 ("a=a+b;b=b+c", {'a': ['a b'], 'b': ['b c']}),
209 ("a=a+b;a=b+a", {'a': ['a b', 'b a']}),
210 ]
211 for orig, expect in parse_semicolon:
212 env = {'QUERY_STRING': orig}
213 fs = cgi.FieldStorage(separator=';', environ=env)
214 if isinstance(expect, dict):
215 for key in expect.keys():
216 expect_val = expect[key]
217 self.assertIn(key, fs)
218 if len(expect_val) > 1:
219 self.assertEqual(fs.getvalue(key), expect_val)
220 else:
221 self.assertEqual(fs.getvalue(key), expect_val[0])
222
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]223 def test_log(self):
224 cgi.log("Testing")
225
226 cgi.logfp = StringIO()
227 cgi.initlog("%s", "Testing initlog 1")
228 cgi.log("%s", "Testing log 2")
229 self.assertEqual(cgi.logfp.getvalue(), "Testing initlog 1\nTesting log 2\n")
Serhiy Storchaka85c30332015-02-15 13:58:23 +0200[diff] [blame]230 if os.path.exists(os.devnull):
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]231 cgi.logfp = None
Serhiy Storchaka85c30332015-02-15 13:58:23 +0200[diff] [blame]232 cgi.logfile = os.devnull
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]233 cgi.initlog("%s", "Testing log 3")
Victor Stinnerd33344a2011-07-14 22:28:36 +0200[diff] [blame]234 self.addCleanup(cgi.closelog)
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]235 cgi.log("Testing log 4")
236
237 def test_fieldstorage_readline(self):
238 # FieldStorage uses readline, which has the capacity to read all
239 # contents of the input file into memory; we use readline's size argument
240 # to prevent that for files that do not contain any newlines in
241 # non-GET/HEAD requests
242 class TestReadlineFile:
243 def __init__(self, file):
244 self.file = file
245 self.numcalls = 0
246
247 def readline(self, size=None):
248 self.numcalls += 1
249 if size:
250 return self.file.readline(size)
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]251 else:
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]252 return self.file.readline()
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]253
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]254 def __getattr__(self, name):
255 file = self.__dict__['file']
256 a = getattr(file, name)
257 if not isinstance(a, int):
258 setattr(self, name, a)
259 return a
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]260
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]261 f = TestReadlineFile(tempfile.TemporaryFile("wb+"))
Benjamin Peterson807a5a12010-10-30 22:59:37 +0000[diff] [blame]262 self.addCleanup(f.close)
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]263 f.write(b'x' * 256 * 1024)
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]264 f.seek(0)
265 env = {'REQUEST_METHOD':'PUT'}
266 fs = cgi.FieldStorage(fp=f, environ=env)
Benjamin Peterson807a5a12010-10-30 22:59:37 +0000[diff] [blame]267 self.addCleanup(fs.file.close)
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]268 # if we're not chunking properly, readline is only called twice
269 # (by read_binary); if we are chunking properly, it will be called 5 times
270 # as long as the chunksize is 1 << 16.
Serhiy Storchaka25d8aea2014-02-08 14:50:08 +0200[diff] [blame]271 self.assertGreater(f.numcalls, 2)
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]272 f.close()
Jeremy Hyltond9827c42000-08-03 22:11:43 +0000[diff] [blame]273
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]274 def test_fieldstorage_multipart(self):
275 #Test basic FieldStorage multipart parsing
Victor Stinnerf0e293c2011-03-01 23:09:57 +0000[diff] [blame]276 env = {
277 'REQUEST_METHOD': 'POST',
278 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
279 'CONTENT_LENGTH': '558'}
280 fp = BytesIO(POSTDATA.encode('latin-1'))
281 fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
Ezio Melottib3aedd42010-11-20 19:04:17 +0000[diff] [blame]282 self.assertEqual(len(fs.list), 4)
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]283 expect = [{'name':'id', 'filename':None, 'value':'1234'},
284 {'name':'title', 'filename':None, 'value':''},
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]285 {'name':'file', 'filename':'test.txt', 'value':b'Testing 123.\n'},
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]286 {'name':'submit', 'filename':None, 'value':' Add '}]
287 for x in range(len(fs.list)):
288 for k, exp in expect[x].items():
289 got = getattr(fs.list[x], k)
Ezio Melottib3aedd42010-11-20 19:04:17 +0000[diff] [blame]290 self.assertEqual(got, exp)
Thomas Wouters00ee7ba2006-08-21 19:07:27 +0000[diff] [blame]291
Donald Stufftd90f8d12015-03-29 16:43:23 -0400[diff] [blame]292 def test_fieldstorage_multipart_leading_whitespace(self):
293 env = {
294 'REQUEST_METHOD': 'POST',
295 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
296 'CONTENT_LENGTH': '560'}
297 # Add some leading whitespace to our post data that will cause the
298 # first line to not be the innerboundary.
299 fp = BytesIO(b"\r\n" + POSTDATA.encode('latin-1'))
300 fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
301 self.assertEqual(len(fs.list), 4)
302 expect = [{'name':'id', 'filename':None, 'value':'1234'},
303 {'name':'title', 'filename':None, 'value':''},
304 {'name':'file', 'filename':'test.txt', 'value':b'Testing 123.\n'},
305 {'name':'submit', 'filename':None, 'value':' Add '}]
306 for x in range(len(fs.list)):
307 for k, exp in expect[x].items():
308 got = getattr(fs.list[x], k)
309 self.assertEqual(got, exp)
310
Victor Stinnerf0e293c2011-03-01 23:09:57 +0000[diff] [blame]311 def test_fieldstorage_multipart_non_ascii(self):
312 #Test basic FieldStorage multipart parsing
313 env = {'REQUEST_METHOD':'POST',
314 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
315 'CONTENT_LENGTH':'558'}
316 for encoding in ['iso-8859-1','utf-8']:
317 fp = BytesIO(POSTDATA_NON_ASCII.encode(encoding))
318 fs = cgi.FieldStorage(fp, environ=env,encoding=encoding)
319 self.assertEqual(len(fs.list), 1)
320 expect = [{'name':'id', 'filename':None, 'value':'\xe7\xf1\x80'}]
321 for x in range(len(fs.list)):
322 for k, exp in expect[x].items():
323 got = getattr(fs.list[x], k)
324 self.assertEqual(got, exp)
325
Serhiy Storchakac7bfe0e2013-06-17 16:34:41 +0300[diff] [blame]326 def test_fieldstorage_multipart_maxline(self):
327 # Issue #18167
328 maxline = 1 << 16
329 self.maxDiff = None
330 def check(content):
331 data = """---123
332Content-Disposition: form-data; name="upload"; filename="fake.txt"
333Content-Type: text/plain
334
335%s
336---123--
337""".replace('\n', '\r\n') % content
338 environ = {
339 'CONTENT_LENGTH': str(len(data)),
340 'CONTENT_TYPE': 'multipart/form-data; boundary=-123',
341 'REQUEST_METHOD': 'POST',
342 }
343 self.assertEqual(gen_result(data, environ),
344 {'upload': content.encode('latin1')})
345 check('x' * (maxline - 1))
346 check('x' * (maxline - 1) + '\r')
347 check('x' * (maxline - 1) + '\r' + 'y' * (maxline - 1))
348
Florent Xicluna331c3fd2013-07-07 12:44:28 +0200[diff] [blame]349 def test_fieldstorage_multipart_w3c(self):
350 # Test basic FieldStorage multipart parsing (W3C sample)
351 env = {
352 'REQUEST_METHOD': 'POST',
353 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY_W3),
354 'CONTENT_LENGTH': str(len(POSTDATA_W3))}
355 fp = BytesIO(POSTDATA_W3.encode('latin-1'))
356 fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
357 self.assertEqual(len(fs.list), 2)
358 self.assertEqual(fs.list[0].name, 'submit-name')
359 self.assertEqual(fs.list[0].value, 'Larry')
360 self.assertEqual(fs.list[1].name, 'files')
361 files = fs.list[1].value
362 self.assertEqual(len(files), 2)
363 expect = [{'name': None, 'filename': 'file1.txt', 'value': b'... contents of file1.txt ...'},
364 {'name': None, 'filename': 'file2.gif', 'value': b'...contents of file2.gif...'}]
365 for x in range(len(files)):
366 for k, exp in expect[x].items():
367 got = getattr(files[x], k)
368 self.assertEqual(got, exp)
369
Victor Stinner65794592015-08-18 10:21:10 -0700[diff] [blame]370 def test_fieldstorage_part_content_length(self):
371 BOUNDARY = "JfISa01"
372 POSTDATA = """--JfISa01
373Content-Disposition: form-data; name="submit-name"
374Content-Length: 5
375
376Larry
377--JfISa01"""
378 env = {
379 'REQUEST_METHOD': 'POST',
380 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
381 'CONTENT_LENGTH': str(len(POSTDATA))}
382 fp = BytesIO(POSTDATA.encode('latin-1'))
383 fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
384 self.assertEqual(len(fs.list), 1)
385 self.assertEqual(fs.list[0].name, 'submit-name')
386 self.assertEqual(fs.list[0].value, 'Larry')
387
Pierre Quentel2d7caca2019-09-11 13:05:53 +0200[diff] [blame]388 def test_field_storage_multipart_no_content_length(self):
389 fp = BytesIO(b"""--MyBoundary
390Content-Disposition: form-data; name="my-arg"; filename="foo"
391
392Test
393
394--MyBoundary--
395""")
396 env = {
397 "REQUEST_METHOD": "POST",
398 "CONTENT_TYPE": "multipart/form-data; boundary=MyBoundary",
399 "wsgi.input": fp,
400 }
401 fields = cgi.FieldStorage(fp, environ=env)
402
403 self.assertEqual(len(fields["my-arg"].file.read()), 5)
404
Berker Peksagbf5e9602015-02-06 10:21:37 +0200[diff] [blame]405 def test_fieldstorage_as_context_manager(self):
406 fp = BytesIO(b'x' * 10)
407 env = {'REQUEST_METHOD': 'PUT'}
408 with cgi.FieldStorage(fp=fp, environ=env) as fs:
409 content = fs.file.read()
410 self.assertFalse(fs.file.closed)
411 self.assertTrue(fs.file.closed)
412 self.assertEqual(content, 'x' * 10)
413 with self.assertRaisesRegex(ValueError, 'I/O operation on closed file'):
414 fs.file.read()
415
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]416 _qs_result = {
417 'key1': 'value1',
418 'key2': ['value2x', 'value2y'],
419 'key3': 'value3',
420 'key4': 'value4'
421 }
422 def testQSAndUrlEncode(self):
423 data = "key2=value2x&key3=value3&key4=value4"
424 environ = {
425 'CONTENT_LENGTH': str(len(data)),
426 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
427 'QUERY_STRING': 'key1=value1&key2=value2y',
428 'REQUEST_METHOD': 'POST',
429 }
430 v = gen_result(data, environ)
431 self.assertEqual(self._qs_result, v)
432
matthewbelisle-wf20914482018-10-19 05:52:59 -0500[diff] [blame]433 def test_max_num_fields(self):
434 # For application/x-www-form-urlencoded
435 data = '&'.join(['a=a']*11)
436 environ = {
437 'CONTENT_LENGTH': str(len(data)),
438 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
439 'REQUEST_METHOD': 'POST',
440 }
441
442 with self.assertRaises(ValueError):
443 cgi.FieldStorage(
444 fp=BytesIO(data.encode()),
445 environ=environ,
446 max_num_fields=10,
447 )
448
449 # For multipart/form-data
450 data = """---123
451Content-Disposition: form-data; name="a"
452
matthewbelisle-wfb79b5c02018-10-23 03:14:35 -0500[diff] [blame]4533
matthewbelisle-wf20914482018-10-19 05:52:59 -0500[diff] [blame]454---123
455Content-Type: application/x-www-form-urlencoded
456
matthewbelisle-wfb79b5c02018-10-23 03:14:35 -0500[diff] [blame]457a=4
458---123
459Content-Type: application/x-www-form-urlencoded
460
461a=5
matthewbelisle-wf20914482018-10-19 05:52:59 -0500[diff] [blame]462---123--
463"""
464 environ = {
465 'CONTENT_LENGTH': str(len(data)),
466 'CONTENT_TYPE': 'multipart/form-data; boundary=-123',
matthewbelisle-wfb79b5c02018-10-23 03:14:35 -0500[diff] [blame]467 'QUERY_STRING': 'a=1&a=2',
matthewbelisle-wf20914482018-10-19 05:52:59 -0500[diff] [blame]468 'REQUEST_METHOD': 'POST',
469 }
470
471 # 2 GET entities
matthewbelisle-wfb79b5c02018-10-23 03:14:35 -0500[diff] [blame]472 # 1 top level POST entities
473 # 1 entity within the second POST entity
474 # 1 entity within the third POST entity
matthewbelisle-wf20914482018-10-19 05:52:59 -0500[diff] [blame]475 with self.assertRaises(ValueError):
476 cgi.FieldStorage(
477 fp=BytesIO(data.encode()),
478 environ=environ,
matthewbelisle-wfb79b5c02018-10-23 03:14:35 -0500[diff] [blame]479 max_num_fields=4,
matthewbelisle-wf20914482018-10-19 05:52:59 -0500[diff] [blame]480 )
481 cgi.FieldStorage(
482 fp=BytesIO(data.encode()),
483 environ=environ,
matthewbelisle-wfb79b5c02018-10-23 03:14:35 -0500[diff] [blame]484 max_num_fields=5,
matthewbelisle-wf20914482018-10-19 05:52:59 -0500[diff] [blame]485 )
486
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]487 def testQSAndFormData(self):
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]488 data = """---123
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]489Content-Disposition: form-data; name="key2"
490
491value2y
492---123
493Content-Disposition: form-data; name="key3"
494
495value3
496---123
497Content-Disposition: form-data; name="key4"
498
499value4
500---123--
501"""
502 environ = {
503 'CONTENT_LENGTH': str(len(data)),
504 'CONTENT_TYPE': 'multipart/form-data; boundary=-123',
505 'QUERY_STRING': 'key1=value1&key2=value2x',
506 'REQUEST_METHOD': 'POST',
507 }
508 v = gen_result(data, environ)
509 self.assertEqual(self._qs_result, v)
510
511 def testQSAndFormDataFile(self):
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]512 data = """---123
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]513Content-Disposition: form-data; name="key2"
514
515value2y
516---123
517Content-Disposition: form-data; name="key3"
518
519value3
520---123
521Content-Disposition: form-data; name="key4"
522
523value4
524---123
525Content-Disposition: form-data; name="upload"; filename="fake.txt"
526Content-Type: text/plain
527
528this is the content of the fake file
529
530---123--
531"""
532 environ = {
533 'CONTENT_LENGTH': str(len(data)),
534 'CONTENT_TYPE': 'multipart/form-data; boundary=-123',
535 'QUERY_STRING': 'key1=value1&key2=value2x',
536 'REQUEST_METHOD': 'POST',
537 }
538 result = self._qs_result.copy()
539 result.update({
Victor Stinner5c23b8e2011-01-14 13:05:21 +0000[diff] [blame]540 'upload': b'this is the content of the fake file\n'
Benjamin Petersondcf97b92008-07-02 17:30:14 +0000[diff] [blame]541 })
542 v = gen_result(data, environ)
543 self.assertEqual(result, v)
544
Fred Drake9a0a65b2008-12-04 19:24:50 +0000[diff] [blame]545 def test_parse_header(self):
546 self.assertEqual(
547 cgi.parse_header("text/plain"),
548 ("text/plain", {}))
549 self.assertEqual(
550 cgi.parse_header("text/vnd.just.made.this.up ; "),
551 ("text/vnd.just.made.this.up", {}))
552 self.assertEqual(
553 cgi.parse_header("text/plain;charset=us-ascii"),
554 ("text/plain", {"charset": "us-ascii"}))
555 self.assertEqual(
556 cgi.parse_header('text/plain ; charset="us-ascii"'),
557 ("text/plain", {"charset": "us-ascii"}))
558 self.assertEqual(
559 cgi.parse_header('text/plain ; charset="us-ascii"; another=opt'),
560 ("text/plain", {"charset": "us-ascii", "another": "opt"}))
561 self.assertEqual(
562 cgi.parse_header('attachment; filename="silly.txt"'),
563 ("attachment", {"filename": "silly.txt"}))
564 self.assertEqual(
565 cgi.parse_header('attachment; filename="strange;name"'),
566 ("attachment", {"filename": "strange;name"}))
567 self.assertEqual(
568 cgi.parse_header('attachment; filename="strange;name";size=123;'),
569 ("attachment", {"filename": "strange;name", "size": "123"}))
Senthil Kumaran1ef0c032011-10-20 01:05:44 +0800[diff] [blame]570 self.assertEqual(
571 cgi.parse_header('form-data; name="files"; filename="fo\\"o;bar"'),
572 ("form-data", {"name": "files", "filename": 'fo"o;bar'}))
573
Martin Panter1cd27722016-06-06 01:53:28 +0000[diff] [blame]574 def test_all(self):
Victor Stinnerfbf43f02020-08-17 07:20:40 +0200[diff] [blame]575 not_exported = {
576 "logfile", "logfp", "initlog", "dolog", "nolog", "closelog", "log",
577 "maxlen", "valid_boundary"}
578 support.check__all__(self, cgi, not_exported=not_exported)
Martin Panter1cd27722016-06-06 01:53:28 +0000[diff] [blame]579
Fred Drake9a0a65b2008-12-04 19:24:50 +0000[diff] [blame]580
Victor Stinnerf0e293c2011-03-01 23:09:57 +0000[diff] [blame]581BOUNDARY = "---------------------------721837373350705526688164684"
582
583POSTDATA = """-----------------------------721837373350705526688164684
584Content-Disposition: form-data; name="id"
585
5861234
587-----------------------------721837373350705526688164684
588Content-Disposition: form-data; name="title"
589
590
591-----------------------------721837373350705526688164684
592Content-Disposition: form-data; name="file"; filename="test.txt"
593Content-Type: text/plain
594
595Testing 123.
596
597-----------------------------721837373350705526688164684
598Content-Disposition: form-data; name="submit"
599
600 Add\x20
601-----------------------------721837373350705526688164684--
602"""
603
604POSTDATA_NON_ASCII = """-----------------------------721837373350705526688164684
605Content-Disposition: form-data; name="id"
606
607\xe7\xf1\x80
608-----------------------------721837373350705526688164684
609"""
610
Florent Xicluna331c3fd2013-07-07 12:44:28 +0200[diff] [blame]611# http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4
612BOUNDARY_W3 = "AaB03x"
613POSTDATA_W3 = """--AaB03x
614Content-Disposition: form-data; name="submit-name"
615
616Larry
617--AaB03x
618Content-Disposition: form-data; name="files"
619Content-Type: multipart/mixed; boundary=BbC04y
620
621--BbC04y
622Content-Disposition: file; filename="file1.txt"
623Content-Type: text/plain
624
625... contents of file1.txt ...
626--BbC04y
627Content-Disposition: file; filename="file2.gif"
628Content-Type: image/gif
629Content-Transfer-Encoding: binary
630
631...contents of file2.gif...
632--BbC04y--
633--AaB03x--
634"""
635
Thomas Wouters89f507f2006-12-13 04:49:30 +0000[diff] [blame]636if __name__ == '__main__':
Berker Peksagbf5e9602015-02-06 10:21:37 +0200[diff] [blame]637 unittest.main()