@@ -127,7 +127,6 @@ def test_subst(self):
127127 (["" , "audio/*" , "foo.txt" ], "" ),
128128 (["echo foo" , "audio/*" , "foo.txt" ], "echo foo" ),
129129 (["echo %s" , "audio/*" , "foo.txt" ], "echo foo.txt" ),
130- (["echo %t" , "audio/*" , "foo.txt" ], None ),
131130 (["echo %t" , "audio/wav" , "foo.txt" ], "echo audio/wav" ),
132131 (["echo \\ %t" , "audio/*" , "foo.txt" ], "echo %t" ),
133132 (["echo foo" , "audio/*" , "foo.txt" , plist ], "echo foo" ),
@@ -210,9 +209,6 @@ def test_findmatch(self):
210209 ([c , "audio/basic" ],
211210 {"key" : "description" , "filename" : fname },
212211 ('"An audio fragment"' , audio_basic_entry )),
213- ([c , "audio/*" ],
214- {"filename" : fname },
215- (None , None )),
216212 ([c , "audio/wav" ],
217213 {"filename" : fname },
218214 ("/usr/local/bin/showaudio audio/wav" , audio_entry )),
@@ -245,6 +241,30 @@ def test_test(self):
245241 ]
246242 self ._run_cases (cases )
247243
244+ def test_unsafe_mailcap_input (self ):
245+ with self .assertWarnsRegex (mailcap .UnsafeMailcapInput ,
246+ 'Refusing to substitute parameter.*'
247+ 'into a shell command' ):
248+ unsafe_param = mailcap .subst ("echo %{total}" ,
249+ "audio/wav" ,
250+ "foo.txt" ,
251+ ["total=*" ])
252+ self .assertEqual (unsafe_param , None )
253+
254+ with self .assertWarnsRegex (mailcap .UnsafeMailcapInput ,
255+ 'Refusing to substitute MIME type'
256+ '.*into a shell' ):
257+ unsafe_mimetype = mailcap .subst ("echo %t" , "audio/*" , "foo.txt" )
258+ self .assertEqual (unsafe_mimetype , None )
259+
260+ with self .assertWarnsRegex (mailcap .UnsafeMailcapInput ,
261+ 'Refusing to use mailcap with filename.*'
262+ 'Use a safe temporary filename.' ):
263+ unsafe_filename = mailcap .findmatch (MAILCAPDICT ,
264+ "audio/wav" ,
265+ filename = "foo*.txt" )
266+ self .assertEqual (unsafe_filename , (None , None ))
267+
248268 def _run_cases (self , cases ):
249269 for c in cases :
250270 self .assertEqual (mailcap .findmatch (* c [0 ], ** c [1 ]), c [2 ])
0 commit comments