Hey Niels, Niels Thykier [2013-01-20 12:50 +0100]: > Test names are separated by whitespace and should contain only > characters which are legal in package names, plus `/'. > """ > > First, it is unclear to me what exactly is meant by "only characters > which are legal in package names". I read it as that any character > legal in the package and addition to that the symbol "/".
Right, but that indeed seems to be an overzealous claim in the spec,
I'll fix that. The adt-run code explicity disallows this, presumably
to avoid directory traversal problems as you mentioned:
if '/' in tname:
raise Unsupported(base[' lno'],
'test name may not contain / character')
There is the "Tests-Directory:" field if you really want to put tests
into a different dir. That one must not be absolute; you can still do
tricks like "../../../etc/..", but as you say this is hardly a
security issue, so let's not overthink this.
But this also pointed out a different bug if you actually try this:
adt-run: unexpected, exceptional, error:
Traceback (most recent call last):
File "/home/martin/debian/autopkgtest/runner/adt-run", line 1962, in main
process_actions()
File "/home/martin/debian/autopkgtest/runner/adt-run", line 1935, in
process_actions
act, os.path.join(act.arg, 'debian/tests/control'))
File "/home/martin/debian/autopkgtest/runner/adt-run", line 1328, in
read_control
t = Test(tname, base, act)
File "/home/martin/debian/autopkgtest/runner/adt-run", line 1069, in __init__
raise Unsupported(base[' lno'],
KeyError: ' lno'
So, I'll write a test which reproduces this crash, makes sure that
tests with / are disallowed, and fix the spec.
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
