diff options
author | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2021-12-16 15:12:13 +0100 |
---|---|---|
committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2021-12-17 09:50:28 +0100 |
commit | 44954497bcb2d6d589b9340a43323663061c7b42 (patch) | |
tree | 0d0d06b11e462ccff1a908c2b1c4dfd039b82787 /media/mediaType_test.go | |
parent | 22ef5da20d1685dfe6aff3bd9364c9b1f1d0d8f8 (diff) |
Always use content to resolve content type in resources.GetRemote
This is a security hardening measure; don't trust the URL extension or any `Content-Type`/`Content-Disposition` header on its own, always look at the file content using Go's `http.DetectContentType`.
This commit also adds ttf and otf media type definitions to Hugo.
Fixes #9302
Fixes #9301
Diffstat (limited to 'media/mediaType_test.go')
-rw-r--r-- | media/mediaType_test.go | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/media/mediaType_test.go b/media/mediaType_test.go index b33ca174c..f3a06e8ed 100644 --- a/media/mediaType_test.go +++ b/media/mediaType_test.go @@ -15,10 +15,14 @@ package media import ( "encoding/json" + "io/ioutil" + "path/filepath" "sort" + "strings" "testing" qt "github.com/frankban/quicktest" + "github.com/gohugoio/hugo/common/paths" ) func TestDefaultTypes(t *testing.T) { @@ -47,6 +51,8 @@ func TestDefaultTypes(t *testing.T) { {XMLType, "application", "xml", "xml", "application/xml", "application/xml"}, {TOMLType, "application", "toml", "toml", "application/toml", "application/toml"}, {YAMLType, "application", "yaml", "yaml", "application/yaml", "application/yaml"}, + {TrueTypeFontType, "font", "ttf", "ttf", "font/ttf", "font/ttf"}, + {OpenTypeFontType, "font", "otf", "otf", "font/otf", "font/otf"}, } { c.Assert(test.tp.MainType, qt.Equals, test.expectedMainType) c.Assert(test.tp.SubType, qt.Equals, test.expectedSubType) @@ -56,7 +62,7 @@ func TestDefaultTypes(t *testing.T) { } - c.Assert(len(DefaultTypes), qt.Equals, 28) + c.Assert(len(DefaultTypes), qt.Equals, 30) } func TestGetByType(t *testing.T) { @@ -175,6 +181,26 @@ func TestFromExtensionMultipleSuffixes(t *testing.T) { } +func TestFromContent(t *testing.T) { + c := qt.New(t) + + files, err := filepath.Glob("./testdata/resource.*") + c.Assert(err, qt.IsNil) + mtypes := DefaultTypes + + for _, filename := range files { + c.Run(filepath.Base(filename), func(c *qt.C) { + content, err := ioutil.ReadFile(filename) + c.Assert(err, qt.IsNil) + ext := strings.TrimPrefix(paths.Ext(filename), ".") + expected, _, found := mtypes.GetFirstBySuffix(ext) + c.Assert(found, qt.IsTrue) + got := FromContent(mtypes, ext, content) + c.Assert(got, qt.Equals, expected) + }) + } +} + func TestDecodeTypes(t *testing.T) { c := qt.New(t) |