mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
33af154b7f
The actual value is less important than whether it matches the regular expression. A number of legal but difficult to know in context realms could be passed in here (trust for example). This fixes CVE-2024-1481 Fixes: https://pagure.io/freeipa/issue/9541 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
33 lines
976 B
Python
33 lines
976 B
Python
#
|
|
# Copyright (C) 2024 FreeIPA Contributors see COPYING for license
|
|
#
|
|
"""Tests for ipalib.install.kinit module
|
|
"""
|
|
|
|
import pytest
|
|
|
|
from ipalib.install.kinit import validate_principal
|
|
|
|
|
|
# None means no exception is expected
|
|
@pytest.mark.parametrize('principal, exception', [
|
|
('testuser', None),
|
|
('testuser@EXAMPLE.TEST', None),
|
|
('test/ipa.example.test', None),
|
|
('test/ipa.example.test@EXAMPLE.TEST', None),
|
|
('test/ipa@EXAMPLE.TEST', RuntimeError),
|
|
('test/-ipa.example.test@EXAMPLE.TEST', RuntimeError),
|
|
('test/ipa.1example.test@EXAMPLE.TEST', None),
|
|
('test /ipa.example,test', RuntimeError),
|
|
('testuser@OTHER.TEST', None),
|
|
('test/ipa.example.test@OTHER.TEST', None)
|
|
])
|
|
def test_validate_principal(principal, exception):
|
|
try:
|
|
validate_principal(principal)
|
|
except Exception as e:
|
|
assert e.__class__ == exception
|
|
else:
|
|
if exception is not None:
|
|
raise RuntimeError('Test should have failed')
|