Issue 228: only follow transitive blobref links in known trusted schema fields.
(t *testing.T)
| 210 | |
| 211 | // Issue 228: only follow transitive blobref links in known trusted schema fields. |
| 212 | func TestSharingTransitiveSafety(t *testing.T) { |
| 213 | st := newShareTester(t) |
| 214 | defer st.done() |
| 215 | |
| 216 | content := "the secret" |
| 217 | contentRef := blob.RefFromString(content) |
| 218 | |
| 219 | // User-injected blob, somehow. |
| 220 | evilClaim := fmt.Sprintf("Some payload containing the ref: %v", contentRef) |
| 221 | evilClaimRef := blob.RefFromString(evilClaim) |
| 222 | |
| 223 | share := schema.NewShareRef(schema.ShareHaveRef, false). |
| 224 | SetShareTarget(evilClaimRef). |
| 225 | SetShareIsTransitive(true). |
| 226 | SetSigner(blob.RefFromString("irrelevant")). |
| 227 | SetRawStringField("camliSig", "alsounused") |
| 228 | shareRef := func() blob.Ref { return share.Blob().BlobRef() } |
| 229 | |
| 230 | st.put(share.Blob()) |
| 231 | st.putRaw(contentRef, content) |
| 232 | st.putRaw(evilClaimRef, evilClaim) |
| 233 | |
| 234 | st.testGet(shareRef().String(), noError) |
| 235 | st.testGet(fmt.Sprintf("%s?via=%s", evilClaimRef, shareRef()), noError) |
| 236 | |
| 237 | st.testGet(fmt.Sprintf("%s?via=%s,%s", contentRef, shareRef(), evilClaimRef), viaChainInvalidLink) |
| 238 | if !st.slept() { |
| 239 | t.Error("expected sleep after miss") |
| 240 | } |
| 241 | } |
| 242 | |
| 243 | // TODO(mpl): try to refactor TestHandleGet*, but there are enough subtle differences to barely make it worth it |
| 244 |
nothing calls this directly
no test coverage detected