@@ -128,7 +128,6 @@ def test_subst(self):
128128 (["" , "audio/*" , "foo.txt" ], "" ),
129129 (["echo foo" , "audio/*" , "foo.txt" ], "echo foo" ),
130130 (["echo %s" , "audio/*" , "foo.txt" ], "echo foo.txt" ),
131- (["echo %t" , "audio/*" , "foo.txt" ], None ),
132131 (["echo %t" , "audio/wav" , "foo.txt" ], "echo audio/wav" ),
133132 (["echo \\ %t" , "audio/*" , "foo.txt" ], "echo %t" ),
134133 (["echo foo" , "audio/*" , "foo.txt" , plist ], "echo foo" ),
@@ -211,9 +210,6 @@ def test_findmatch(self):
211210 ([c , "audio/basic" ],
212211 {"key" : "description" , "filename" : fname },
213212 ('"An audio fragment"' , audio_basic_entry )),
214- ([c , "audio/*" ],
215- {"filename" : fname },
216- (None , None )),
217213 ([c , "audio/wav" ],
218214 {"filename" : fname },
219215 ("/usr/local/bin/showaudio audio/wav" , audio_entry )),
@@ -246,6 +242,30 @@ def test_test(self):
246242 ]
247243 self ._run_cases (cases )
248244
245+ def test_unsafe_mailcap_input (self ):
246+ with self .assertWarnsRegex (mailcap .UnsafeMailcapInput ,
247+ 'Refusing to substitute parameter.*'
248+ 'into a shell command' ):
249+ unsafe_param = mailcap .subst ("echo %{total}" ,
250+ "audio/wav" ,
251+ "foo.txt" ,
252+ ["total=*" ])
253+ self .assertEqual (unsafe_param , None )
254+
255+ with self .assertWarnsRegex (mailcap .UnsafeMailcapInput ,
256+ 'Refusing to substitute MIME type'
257+ '.*into a shell' ):
258+ unsafe_mimetype = mailcap .subst ("echo %t" , "audio/*" , "foo.txt" )
259+ self .assertEqual (unsafe_mimetype , None )
260+
261+ with self .assertWarnsRegex (mailcap .UnsafeMailcapInput ,
262+ 'Refusing to use mailcap with filename.*'
263+ 'Use a safe temporary filename.' ):
264+ unsafe_filename = mailcap .findmatch (MAILCAPDICT ,
265+ "audio/wav" ,
266+ filename = "foo*.txt" )
267+ self .assertEqual (unsafe_filename , (None , None ))
268+
249269 def _run_cases (self , cases ):
250270 for c in cases :
251271 self .assertEqual (mailcap .findmatch (* c [0 ], ** c [1 ]), c [2 ])
0 commit comments