Mercurial > public > sg101

diff core/tests/test_ssl_images.py @ 963:4619290d171d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Whitelist hot-linked image sources.
author Brian Neal <bgneal@gmail.com>
date Tue, 01 Sep 2015 20:33:40 -0500
parents 37e75385e931
children 26de15fb5a80
line wrap: on
line diff
--- a/core/tests/test_ssl_images.py	Tue Aug 04 16:58:17 2015 -0500
+++ b/core/tests/test_ssl_images.py	Tue Sep 01 20:33:40 2015 -0500
@@ -4,6 +4,7 @@
 from urlparse import urlparse
 
 import mock
+from django.conf import settings
 
 from core.management.commands.ssl_images import html_check
 from core.management.commands.ssl_images import process_post
@@ -14,6 +15,10 @@
 
     SG101_RE = re.compile(r'http://(?:www\.)?surfguitar101.com/', re.I)
 
+    def setUp(self):
+        self.assertTrue(len(settings.USER_IMAGES_SOURCES) > 0)
+        self.safe_host = settings.USER_IMAGES_SOURCES[0]
+
     def tearDown(self):
         core.management.commands.ssl_images.url_cache = {}
 
@@ -50,9 +55,9 @@
 
     def test_https_already(self):
         test_str = """An image that is already using https:
-            ![flyer](https://example.com/zzz.png)
+            ![flyer](https://{}/zzz.png)
             It's cool.
-            """
+            """.format(self.safe_host)
         result = process_post(test_str)
         self.assertEqual(test_str, result)
 
@@ -70,19 +75,19 @@
 
     def test_multiple_non_http(self):
         test_str = """An image: ![image](http://www.surfguitar101.com/img.jpg)
-        And another: ![pic](HTTPS://example.com/foo/bar/img.png).
-        More stuff here."""
+        And another: ![pic](HTTPS://{}/foo/bar/img.png).
+        More stuff here.""".format(self.safe_host)
         expected = """An image: ![image](/img.jpg)
-        And another: ![pic](HTTPS://example.com/foo/bar/img.png).
-        More stuff here."""
+        And another: ![pic](HTTPS://{}/foo/bar/img.png).
+        More stuff here.""".format(self.safe_host)
         result = process_post(test_str)
         self.assertEqual(expected, result)
 
     def test_https_already_with_title(self):
         test_str = """An image that is already using https:
-            ![flyer](https://example.com/zzz.png "the title")
+            ![flyer](https://{}/zzz.png "the title")
             It's cool.
-            """
+            """.format(self.safe_host)
         result = process_post(test_str)
         self.assertEqual(test_str, result)
 
@@ -112,13 +117,13 @@
 
     def test_https_already_brackets(self):
         test_str = """An image that is already using https:
-            ![flyer](<https://example.com/zzz.png>)
+            ![flyer](<https://{}/zzz.png>)
             It's cool.
-            """
+            """.format(self.safe_host)
         expected = """An image that is already using https:
-            ![flyer](https://example.com/zzz.png)
+            ![flyer](https://{}/zzz.png)
             It's cool.
-            """
+            """.format(self.safe_host)
         result = process_post(test_str)
         self.assertEqual(expected, result)
 
@@ -172,13 +177,13 @@
     def test_multiple_replacement_2(self, upload_mock):
         old_src = [
             'http://example.com/images/my_image.jpg',
-            'https://example.com/static/wow.gif',
+            'https://{}/static/wow.gif'.format(self.safe_host),
             'http://www.surfguitar101.com/media/a/b/c/pic.png',
             'http://surfguitar101.com/media/a/b/c/pic2.png',
         ]
         new_src = [
             'https://cloud.com/some/path/012345.jpg',
-            'https://example.com/static/wow.gif',
+            'https://{}/static/wow.gif'.format(self.safe_host),
             '/media/a/b/c/pic.png',
             '/media/a/b/c/pic2.png',
         ]