From fc114a72bcb460e0e702335db06907da735a44c1 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Fri, 1 Sep 2023 22:53:48 -0700
Subject: [PATCH] [3.11] gh-103186: assert in tests that UnsafeMailcapInput
 warnings are provided (GH-103217) (GH-108800)

(cherry picked from commit 1724553e6e8baae655901488968a40df981f32da)

Co-authored-by: Ijtaba Hussain <ijtabahussain@live.com>
---
 Lib/test/test_mailcap.py | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/Lib/test/test_mailcap.py b/Lib/test/test_mailcap.py
index 8185f4a78066..e80e34063b2f 100644
--- a/Lib/test/test_mailcap.py
+++ b/Lib/test/test_mailcap.py
@@ -128,7 +128,6 @@ class HelperFunctionTest(unittest.TestCase):
             (["", "audio/*", "foo.txt"], ""),
             (["echo foo", "audio/*", "foo.txt"], "echo foo"),
             (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
-            (["echo %t", "audio/*", "foo.txt"], None),
             (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
             (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
             (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
@@ -211,9 +210,6 @@ class FindmatchTest(unittest.TestCase):
             ([c, "audio/basic"],
              {"key": "description", "filename": fname},
              ('"An audio fragment"', audio_basic_entry)),
-            ([c, "audio/*"],
-             {"filename": fname},
-             (None, None)),
             ([c, "audio/wav"],
              {"filename": fname},
              ("/usr/local/bin/showaudio audio/wav", audio_entry)),
@@ -246,6 +242,30 @@ class FindmatchTest(unittest.TestCase):
         ]
         self._run_cases(cases)
 
+    def test_unsafe_mailcap_input(self):
+        with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
+                                   'Refusing to substitute parameter.*'
+                                   'into a shell command'):
+            unsafe_param = mailcap.subst("echo %{total}",
+                                         "audio/wav",
+                                         "foo.txt",
+                                         ["total=*"])
+            self.assertEqual(unsafe_param, None)
+
+        with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
+                                   'Refusing to substitute MIME type'
+                                   '.*into a shell'):
+            unsafe_mimetype = mailcap.subst("echo %t", "audio/*", "foo.txt")
+            self.assertEqual(unsafe_mimetype, None)
+
+        with self.assertWarnsRegex(mailcap.UnsafeMailcapInput,
+                                   'Refusing to use mailcap with filename.*'
+                                   'Use a safe temporary filename.'):
+            unsafe_filename = mailcap.findmatch(MAILCAPDICT,
+                                                "audio/wav",
+                                                filename="foo*.txt")
+            self.assertEqual(unsafe_filename, (None, None))
+
     def _run_cases(self, cases):
         for c in cases:
             self.assertEqual(mailcap.findmatch(*c[0], **c[1]), c[2])
-- 
2.47.3