Merge pull request #8425 from francoisfreitag/leak-env

linkcheck: Prevent REQUESTS_CA_BUNDLE leak in tests
2025-02-25 18:55:22 -06:00 · 2020-11-15 13:54:32 +09:00 · 2020-11-15 13:54:32 +09:00 · 5a42348fd7
commit 5a42348fd7
parent 4c582b3d66 d453088b58
2 changed files with 34 additions and 5 deletions
--- a/tests/test_build_linkcheck.py
+++ b/tests/test_build_linkcheck.py
@ -10,7 +10,6 @@

 import http.server
 import json
-import os
 import re
 import textwrap
 from unittest import mock
@ -18,7 +17,7 @@ from unittest import mock
 import pytest
 import requests

-from utils import CERT_FILE, http_server, https_server
+from utils import CERT_FILE, http_server, https_server, modify_env


@pytest.mark.sphinx('linkcheck', testroot='linkcheck', freshenv=True)
@ -344,9 +343,8 @@ def test_connect_to_selfsigned_with_tls_cacerts(app):

@pytest.mark.sphinx('linkcheck', testroot='linkcheck-localserver-https', freshenv=True)
 def test_connect_to_selfsigned_with_requests_env_var(app):
-    os.environ["REQUESTS_CA_BUNDLE"] = CERT_FILE
-    with https_server(OKHandler):
-        app.builder.build_all()
+    with modify_env(REQUESTS_CA_BUNDLE=CERT_FILE), https_server(OKHandler):
+            app.builder.build_all()

    with open(app.outdir / 'output.json') as fp:
        content = json.load(fp)
@ -358,3 +356,20 @@ def test_connect_to_selfsigned_with_requests_env_var(app):
        "uri": "https://localhost:7777/",
        "info": "",
    }
+
+@pytest.mark.sphinx('linkcheck', testroot='linkcheck-localserver-https', freshenv=True)
+def test_connect_to_selfsigned_nonexistent_cert_file(app):
+    app.config.tls_cacerts = "does/not/exist"
+    with https_server(OKHandler):
+        app.builder.build_all()
+
+    with open(app.outdir / 'output.json') as fp:
+        content = json.load(fp)
+    assert content == {
+        "code": 0,
+        "status": "broken",
+        "filename": "index.rst",
+        "lineno": 1,
+        "uri": "https://localhost:7777/",
+        "info": "Could not find a suitable TLS CA certificate bundle, invalid path: does/not/exist",
+    }
--- a/tests/utils.py
+++ b/tests/utils.py
@ -1,5 +1,6 @@
 import contextlib
 import http.server
+import os
 import pathlib
 import ssl
 import threading
@ -46,3 +47,16 @@ def create_server(thread_class):

 http_server = create_server(HttpServerThread)
 https_server = create_server(HttpsServerThread)
+
+
+@contextlib.contextmanager
+def modify_env(**env):
+    original_env = os.environ.copy()
+    for k, v in env.items():
+        os.environ[k] = v
+    yield
+    for k in env:
+        try:
+            os.environ[k] = original_env[k]
+        except KeyError:
+            os.unsetenv(k)