diff options
| author |  Hassan Abouelela <[email protected]> | 2021-11-05 16:31:05 +0400 |
|---|---|---|
| committer |  GitHub <[email protected]> | 2021-11-05 12:31:05 +0000 |
| commit | 67390298852513d13e0213870e50fb3cff1424e0 (patch) | |
| tree | 2b5e7284a310ed426523b956ea133efa3a9ec16f /tests | |
| parent | Add sql-fstring tag (diff) | |
Merge pull request from GHSA-j8c3-8x46-8pp6
* Don't Exit Token Filtering Early On URLs
The token filtering function would exit early if it detected a URL
within the message, but it made no extra checks to ensure there weren't
other tokens within that message that would trigger it. This made
sense when the filtering logic was written, but it's been modified since
to introduce this bug.
Regression tests included.
Signed-off-by: Hassan Abouelela <[email protected]>
* Links Advisory In Token Filter Tests
Adds a link to the advisory with reasoning for the existence of the
test.
Signed-off-by: Hassan Abouelela <[email protected]>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/bot/exts/filters/test_filtering.py | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/tests/bot/exts/filters/test_filtering.py b/tests/bot/exts/filters/test_filtering.py new file mode 100644 index 000000000..8ae59c1f1 --- /dev/null +++ b/tests/bot/exts/filters/test_filtering.py @@ -0,0 +1,40 @@ +import unittest +from unittest.mock import patch + +from bot.exts.filters import filtering +from tests.helpers import MockBot, autospec + + +class FilteringCogTests(unittest.IsolatedAsyncioTestCase): + """Tests the `Filtering` cog.""" + + def setUp(self): + """Instantiate the bot and cog.""" + self.bot = MockBot() + with patch("bot.utils.scheduling.create_task", new=lambda task, **_: task.close()): + self.cog = filtering.Filtering(self.bot) + + @autospec(filtering.Filtering, "_get_filterlist_items", pass_mocks=False, return_value=["TOKEN"]) + async def test_token_filter(self): + """Ensure that a filter token is correctly detected in a message.""" + messages = { + "": False, + "no matches": False, + "TOKEN": True, + + # See advisory https://github.com/python-discord/bot/security/advisories/GHSA-j8c3-8x46-8pp6 + "https://google.com TOKEN": True, + "https://google.com something else": False, + } + + for message, match in messages.items(): + with self.subTest(input=message, match=match): + result, _ = await self.cog._has_watch_regex_match(message) + + self.assertEqual( + match, + bool(result), + msg=f"Hit was {'expected' if match else 'not expected'} for this input." + ) + if result: + self.assertEqual("TOKEN", result.group()) |