From 1724553e6e8baae655901488968a40df981f32da Mon Sep 17 00:00:00 2001
From: Ijtaba Hussain <ijtabahussain@live.com>
Date: Thu, 6 Apr 2023 23:13:33 +0500
Subject: gh-103186: assert in tests that UnsafeMailcapInput warnings are
 provided (#103217)

---
 Lib/test/test_mailcap.py | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/Lib/test/test_mailcap.py b/Lib/test/test_mailcap.py
index 819dc80..8a94b0c 100644
--- a/Lib/test/test_mailcap.py
+++ b/Lib/test/test_mailcap.py
@@ -127,7 +127,6 @@ class HelperFunctionTest(unittest.TestCase):
             (["", "audio/*", "foo.txt"], ""),
             (["echo foo", "audio/*", "foo.txt"], "echo foo"),
             (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
-            (["echo %t", "audio/*", "foo.txt"], None),
             (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
             (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
             (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
@@ -210,9 +209,6 @@ class FindmatchTest(unittest.TestCase):
             ([c, "audio/basic"],
              {"key": "description", "filename": fname},
              ('"An audio fragment"', audio_basic_entry)),
-            ([c, "audio/*"],
-             {"filename": fname},
-             (None, None)),
             ([c, "audio/wav"],
              {"filename": fname},
              ("/usr/local/bin/showaudio audio/wav", audio_entry)),
@@ -245,6 +241,30 @@ class FindmatchTest(unittest.TestCase):
         ]
         self._run_cases(cases)
 
+    def test_unsafe_mailcap_input(self):
+        with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
+                                   'Refusing to substitute parameter.*'
+                                   'into a shell command'):
+            unsafe_param = mailcap.subst("echo %{total}",
+                                         "audio/wav",
+                                         "foo.txt",
+                                         ["total=*"])
+            self.assertEqual(unsafe_param, None)
+
+        with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
+                                   'Refusing to substitute MIME type'
+                                   '.*into a shell'):
+            unsafe_mimetype = mailcap.subst("echo %t", "audio/*", "foo.txt")
+            self.assertEqual(unsafe_mimetype, None)
+
+        with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
+                                   'Refusing to use mailcap with filename.*'
+                                   'Use a safe temporary filename.'):
+            unsafe_filename = mailcap.findmatch(MAILCAPDICT,
+                                                "audio/wav",
+                                                filename="foo*.txt")
+            self.assertEqual(unsafe_filename, (None, None))
+
     def _run_cases(self, cases):
         for c in cases:
             self.assertEqual(mailcap.findmatch(*c[0], **c[1]), c[2])
-- 
cgit v0.12