Add test: vulnerable settings should fail importing
This commit is contained in:
parent
d8668ed226
commit
6afdbd6fd3
2 changed files with 19 additions and 0 deletions
|
@ -3,6 +3,7 @@ package org.schabi.newpipe.settings
|
||||||
import android.content.SharedPreferences
|
import android.content.SharedPreferences
|
||||||
import org.junit.Assert.assertEquals
|
import org.junit.Assert.assertEquals
|
||||||
import org.junit.Assert.assertFalse
|
import org.junit.Assert.assertFalse
|
||||||
|
import org.junit.Assert.assertThrows
|
||||||
import org.junit.Assert.assertTrue
|
import org.junit.Assert.assertTrue
|
||||||
import org.junit.Assume
|
import org.junit.Assume
|
||||||
import org.junit.Before
|
import org.junit.Before
|
||||||
|
@ -192,4 +193,22 @@ class ImportExportManagerTest {
|
||||||
verify(editor, atLeastOnce()).putString(anyString(), anyString())
|
verify(editor, atLeastOnce()).putString(anyString(), anyString())
|
||||||
verify(editor, atLeastOnce()).putInt(anyString(), anyInt())
|
verify(editor, atLeastOnce()).putInt(anyString(), anyInt())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
fun `Importing preferences with a serialization injected class should fail`() {
|
||||||
|
val settings = File.createTempFile("newpipe_", "")
|
||||||
|
`when`(fileLocator.settings).thenReturn(settings)
|
||||||
|
|
||||||
|
val emptyZip = File(classloader.getResource("settings/vulnerable_serialization.zip")?.file!!)
|
||||||
|
`when`(storedFileHelper.stream).thenReturn(FileStream(emptyZip))
|
||||||
|
Assume.assumeTrue(ImportExportManager(fileLocator).extractSettings(storedFileHelper))
|
||||||
|
|
||||||
|
val preferences = Mockito.mock(SharedPreferences::class.java, withSettings().stubOnly())
|
||||||
|
val editor = Mockito.mock(SharedPreferences.Editor::class.java)
|
||||||
|
`when`(preferences.edit()).thenReturn(editor)
|
||||||
|
|
||||||
|
assertThrows(ClassNotFoundException::class.java) {
|
||||||
|
ImportExportManager(fileLocator).loadSharedPreferences(preferences)
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
BIN
app/src/test/resources/settings/vulnerable_serialization.zip
Normal file
BIN
app/src/test/resources/settings/vulnerable_serialization.zip
Normal file
Binary file not shown.
Loading…
Reference in a new issue