From cbea1785d068bfb1e402234e08d8d74512a70c5e Mon Sep 17 00:00:00 2001
From: Tommi Virtanen <tv@eagain.net>
Date: Tue, 11 Dec 2007 22:43:05 +0200
Subject: Enforce safe usernames also when reading public key files from
 keydir.

Warning: if your keyfiles contain more than just a-z0-9, at sign, dots
or dashes, you will likely end up cutting off your access to your
gitosis repository with this upgrade.
---
 gitosis/test/test_ssh.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'gitosis/test/test_ssh.py')

diff --git a/gitosis/test/test_ssh.py b/gitosis/test/test_ssh.py
index 16650c6..fc6ecbc 100644
--- a/gitosis/test/test_ssh.py
+++ b/gitosis/test/test_ssh.py
@@ -74,6 +74,16 @@ class ReadKeys_Test(object):
             ]))
 
     def test_multiple_lines(self):
+        tmp = maketemp()
+        keydir = os.path.join(tmp, 'keys')
+        mkdir(keydir)
+        writeFile(os.path.join(keydir, 'jd"oe.pub'), KEY_1+'\n')
+
+        gen = ssh.readKeys(keydir=keydir)
+        got = frozenset(gen)
+        eq(got, frozenset([]))
+
+    def test_bad_filename(self):
         tmp = maketemp()
         keydir = os.path.join(tmp, 'two')
         mkdir(keydir)
-- 
cgit v1.2.3