(t *testing.T)
| 423 | } |
| 424 | |
| 425 | func TestContextAttachment(t *testing.T) { |
| 426 | var testCases = []struct { |
| 427 | name string |
| 428 | whenName string |
| 429 | expectHeader string |
| 430 | }{ |
| 431 | { |
| 432 | name: "ok", |
| 433 | whenName: "walle.png", |
| 434 | expectHeader: `attachment; filename="walle.png"`, |
| 435 | }, |
| 436 | { |
| 437 | name: "ok, escape quotes in malicious filename", |
| 438 | whenName: `malicious.sh"; \"; dummy=.txt`, |
| 439 | expectHeader: `attachment; filename="malicious.sh\"; \\\"; dummy=.txt"`, |
| 440 | }, |
| 441 | } |
| 442 | for _, tc := range testCases { |
| 443 | t.Run(tc.name, func(t *testing.T) { |
| 444 | e := New() |
| 445 | rec := httptest.NewRecorder() |
| 446 | req := httptest.NewRequest(http.MethodGet, "/", nil) |
| 447 | c := e.NewContext(req, rec) |
| 448 | |
| 449 | err := c.Attachment("_fixture/images/walle.png", tc.whenName) |
| 450 | if assert.NoError(t, err) { |
| 451 | assert.Equal(t, tc.expectHeader, rec.Header().Get(HeaderContentDisposition)) |
| 452 | |
| 453 | assert.Equal(t, http.StatusOK, rec.Code) |
| 454 | assert.Equal(t, 219885, rec.Body.Len()) |
| 455 | } |
| 456 | }) |
| 457 | } |
| 458 | } |
| 459 | |
| 460 | func TestContextInline(t *testing.T) { |
| 461 | var testCases = []struct { |
nothing calls this directly
no test coverage detected
searching dependent graphs…