Projects
Eulaceura:Mainline
rubygem-dalli
_service:obs_scm:CVE-2022-4064-2.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:CVE-2022-4064-2.patch of Package rubygem-dalli
diff --git a/test/integration/test_network.rb b/test/integration/test_network.rb index e0ea862c..bf20baae 100644 --- a/test/integration/test_network.rb +++ b/test/integration/test_network.rb @@ -7,8 +7,8 @@ describe "using the #{p} protocol" do describe 'assuming a bad network' do it 'handle no server available' do + dc = Dalli::Client.new 'localhost:19333' assert_raises Dalli::RingError, message: 'No server available' do - dc = Dalli::Client.new 'localhost:19333' dc.get 'foo' end end @@ -16,8 +16,8 @@ describe 'with a fake server' do it 'handle connection reset' do memcached_mock(->(sock) { sock.close }) do + dc = Dalli::Client.new('localhost:19123') assert_raises Dalli::RingError, message: 'No server available' do - dc = Dalli::Client.new('localhost:19123') dc.get('abc') end end @@ -26,8 +26,8 @@ it 'handle connection reset with unix socket' do socket_path = MemcachedMock::UNIX_SOCKET_PATH memcached_mock(->(sock) { sock.close }, :start_unix, socket_path) do + dc = Dalli::Client.new(socket_path) assert_raises Dalli::RingError, message: 'No server available' do - dc = Dalli::Client.new(socket_path) dc.get('abc') end end @@ -35,8 +35,8 @@ it 'handle malformed response' do memcached_mock(->(sock) { sock.write('123') }) do + dc = Dalli::Client.new('localhost:19123') assert_raises Dalli::RingError, message: 'No server available' do - dc = Dalli::Client.new('localhost:19123') dc.get('abc') end end @@ -47,8 +47,8 @@ sleep(0.6) sock.close }, :delayed_start) do + dc = Dalli::Client.new('localhost:19123') assert_raises Dalli::RingError, message: 'No server available' do - dc = Dalli::Client.new('localhost:19123') dc.get('abc') end end @@ -59,8 +59,8 @@ sleep(0.6) sock.write('giraffe') }) do + dc = Dalli::Client.new('localhost:19123') assert_raises Dalli::RingError, message: 'No server available' do - dc = Dalli::Client.new('localhost:19123') dc.get('abc') end end diff --git a/test/protocol/meta/test_request_formatter.rb b/test/protocol/meta/test_request_formatter.rb index 1eef499b..755e7305 100644 --- a/test/protocol/meta/test_request_formatter.rb +++ b/test/protocol/meta/test_request_formatter.rb @@ -77,11 +77,28 @@ Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags, cas: cas) end + it 'excludes CAS if set to 0' do + assert_equal "ms #{key} #{val.bytesize} c F#{bitflags} MS\r\n#{val}\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags, cas: 0) + end + + it 'excludes non-numeric CAS values' do + assert_equal "ms #{key} #{val.bytesize} c F#{bitflags} MS\r\n#{val}\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags, + cas: "\nset importantkey 1 1000 8\ninjected") + end + it 'sets the quiet mode if configured' do assert_equal "ms #{key} #{val.bytesize} c F#{bitflags} MS q\r\n#{val}\r\n", Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags, quiet: true) end + + it 'sets the base64 mode if configured' do + assert_equal "ms #{key} #{val.bytesize} c b F#{bitflags} MS\r\n#{val}\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags, + base64: true) + end end describe 'meta_delete' do @@ -93,7 +110,7 @@ Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key) end - it 'returns incorporates CAS when passed cas' do + it 'incorporates CAS when passed cas' do assert_equal "md #{key} C#{cas}\r\n", Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, cas: cas) end @@ -102,6 +119,87 @@ assert_equal "md #{key} q\r\n", Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, quiet: true) end + + it 'excludes CAS when set to 0' do + assert_equal "md #{key}\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, cas: 0) + end + + it 'excludes non-numeric CAS values' do + assert_equal "md #{key}\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, + cas: "\nset importantkey 1 1000 8\ninjected") + end + + it 'sets the base64 mode if configured' do + assert_equal "md #{key} b\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, base64: true) + end + end + + describe 'meta_arithmetic' do + let(:key) { SecureRandom.hex(4) } + let(:delta) { rand(500..999) } + let(:initial) { rand(500..999) } + let(:cas) { rand(500..999) } + let(:ttl) { rand(500..999) } + + it 'returns the expected string with the default N flag when passed non-nil key, delta, and initial' do + assert_equal "ma #{key} v D#{delta} J#{initial} N0 MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial) + end + + it 'excludes the J and N flags when initial is nil and ttl is not set' do + assert_equal "ma #{key} v D#{delta} MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: nil) + end + + it 'omits the D flag is delta is nil' do + assert_equal "ma #{key} v J#{initial} N0 MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: nil, initial: initial) + end + + it 'uses ttl for the N flag when ttl passed explicitly along with an initial value' do + assert_equal "ma #{key} v D#{delta} J#{initial} N#{ttl} MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial, + ttl: ttl) + end + + it 'incorporates CAS when passed cas' do + assert_equal "ma #{key} v D#{delta} J#{initial} N0 C#{cas} MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial, + cas: cas) + end + + it 'excludes CAS when CAS is set to 0' do + assert_equal "ma #{key} v D#{delta} J#{initial} N0 MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial, + cas: 0) + end + + it 'includes the N flag when ttl passed explicitly with a nil initial value' do + assert_equal "ma #{key} v D#{delta} N#{ttl} MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: nil, + ttl: ttl) + end + + it 'swaps from MI to MD when the incr value is explicitly false' do + assert_equal "ma #{key} v D#{delta} J#{initial} N0 MD\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial, + incr: false) + end + + it 'includes the quiet flag when specified' do + assert_equal "ma #{key} v D#{delta} J#{initial} N0 q MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial, + quiet: true) + end + + it 'sets the base64 mode if configured' do + assert_equal "ma #{key} v b D#{delta} J#{initial} N0 MI\r\n", + Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial, + base64: true) + end end describe 'meta_noop' do @@ -130,6 +228,11 @@ assert_equal "flush_all #{delay}\r\n", Dalli::Protocol::Meta::RequestFormatter.flush(delay: delay) end + it 'santizes the delay argument' do + delay = "\nset importantkey 1 1000 8\ninjected" + assert_equal "flush_all 0\r\n", Dalli::Protocol::Meta::RequestFormatter.flush(delay: delay) + end + it 'adds noreply with a delay and quiet argument' do delay = rand(1000..1999) assert_equal "flush_all #{delay} noreply\r\n", diff --git a/test/test_rack_session.rb b/test/test_rack_session.rb index e56a098e..93860345 100644 --- a/test/test_rack_session.rb +++ b/test/test_rack_session.rb @@ -54,15 +54,15 @@ let(:incrementor) { Rack::Lint.new(incrementor_proc) } it 'faults on no connection' do + rsd = Rack::Session::Dalli.new(incrementor, memcache_server: 'nosuchserver') assert_raises Dalli::RingError do - rsd = Rack::Session::Dalli.new(incrementor, memcache_server: 'nosuchserver') rsd.data.with { |c| c.set('ping', '') } end end it 'connects to existing server' do + rsd = Rack::Session::Dalli.new(incrementor, namespace: 'test:rack:session') assert_silent do - rsd = Rack::Session::Dalli.new(incrementor, namespace: 'test:rack:session') rsd.data.with { |c| c.set('ping', '') } end end
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2