diff options
| author | Geremia Taglialatela <[email protected]> | 2023-05-23 00:07:36 +0200 |
|---|---|---|
| committer | Geremia Taglialatela <[email protected]> | 2023-05-23 00:07:36 +0200 |
| commit | 088d388e6d4dda42d9278e6da96ac3183ff09dcd (patch) | |
| tree | 876b788707fe36ea1ebe8d23384c0908b5954508 /test | |
| parent | 6752225bbb8a9eec905ec02a98f1a25a309c404a (diff) | |
| download | caxlsx-088d388e6d4dda42d9278e6da96ac3183ff09dcd.tar.gz caxlsx-088d388e6d4dda42d9278e6da96ac3183ff09dcd.zip | |
Enable Security cops
Also fixes a Security/Open offense that couldn't be exploited, because
the only invocation of `get_mime_type_from_uri` was validating the
input with a `URI::DEFAULT_PARSER` regexp
Diffstat (limited to 'test')
| -rw-r--r-- | test/util/tc_mime_type_utils.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/test/util/tc_mime_type_utils.rb b/test/util/tc_mime_type_utils.rb index 568aa61d..fc7d9d79 100644 --- a/test/util/tc_mime_type_utils.rb +++ b/test/util/tc_mime_type_utils.rb @@ -17,4 +17,8 @@ class TestMimeTypeUtils < Test::Unit::TestCase assert_equal('image/jpeg', Axlsx::MimeTypeUtils::get_mime_type(@test_img)) assert_equal('image/png', Axlsx::MimeTypeUtils::get_mime_type_from_uri(@test_img_url)) end + + def test_escape_uri + assert_raise(URI::InvalidURIError) { Axlsx::MimeTypeUtils::get_mime_type_from_uri('| ls') } + end end |