oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-08-07 18:30:54 +00:00
Code Wiki Activity

Test for anti-DoS for expand

Browse source 
The only response from the server is a 400

Signed-off-by: David Greaves <david@dgreaves.com>
This commit is contained in:
David Greaves 2025-07-08 15:08:44 +01:00
parent 61850d9b13
commit 3f4f405554
2 changed files with 63 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

28
radicale/tests/static/event_daily_rrule_forever.ics Normal file
View file

@ -0,0 +1,28 @@
BEGIN:VCALENDAR
VERSION:2.0
BEGIN:VTIMEZONE
LAST-MODIFIED:20040110T032845Z
TZID:US/Eastern
BEGIN:DAYLIGHT
DTSTART:20000404T020000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:20001026T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=US/Eastern:20060102T120000
DURATION:PT1H
RRULE:FREQ=DAILY
SUMMARY:Recurring event
UID:event_daily_rrule_forever
END:VEVENT
END:VCALENDAR

36
radicale/tests/test_expand.py
View file

@ -23,7 +23,7 @@ Radicale tests with expand requests.
""" """
import os import os
from typing import ClassVar, List from typing import ClassVar, List, Optional
from xml.etree import ElementTree from xml.etree import ElementTree
from radicale.log import logger from radicale.log import logger
@ -154,6 +154,7 @@ permissions: RrWw""")
_, responses = self.report("/calendar.ics/", _, responses = self.report("/calendar.ics/",
self._req_with_expand(expected_uid, start, end)) self._req_with_expand(expected_uid, start, end))
assert len(responses) == 1 assert len(responses) == 1
response_with_expand = responses[f'/calendar.ics/{expected_uid}.ics'] response_with_expand = responses[f'/calendar.ics/{expected_uid}.ics']
@ -186,6 +187,29 @@ permissions: RrWw""")
assert len(uids) == len(expected_recurrence_ids) assert len(uids) == len(expected_recurrence_ids)
assert len(set(recurrence_ids)) == len(expected_recurrence_ids) assert len(set(recurrence_ids)) == len(expected_recurrence_ids)
def _test_expand_max(self,
expected_uid: str,
start: str,
end: str,
check: Optional[int] = None) -> None:
_, responses = self.report("/calendar.ics/",
self._req_without_expand(expected_uid, start, end))
assert len(responses) == 1
response_without_expand = responses[f'/calendar.ics/{expected_uid}.ics']
assert not isinstance(response_without_expand, int)
status, element = response_without_expand["C:calendar-data"]
assert status == 200 and element.text
assert "RRULE" in element.text
status, headers, answer = self.request(
"REPORT", "/calendar.ics/",
self._req_with_expand(expected_uid, start, end),
check=check)
assert status == 400
def test_report_with_expand_property(self) -> None: def test_report_with_expand_property(self) -> None:
"""Test report with expand property""" """Test report with expand property"""
self._test_expand( self._test_expand(
@ -298,3 +322,13 @@ permissions: RrWw""")
CONTAINS_TIMES, CONTAINS_TIMES,
1 1
) )
def test_report_with_expand_property_max_occur(self) -> None:
"""Test report with expand property too many vevents"""
self.configure({"reporting": {"max_freebusy_occurrence": 100}})
self._test_expand_max(
"event_daily_rrule_forever",
"20060103T000000Z",
"20060501T000000Z",
check=400
)