diff --git a/Tests/test_file_gif.py b/Tests/test_file_gif.py index 01ac1d95c..719847a96 100644 --- a/Tests/test_file_gif.py +++ b/Tests/test_file_gif.py @@ -1,6 +1,7 @@ from helper import unittest, PillowTestCase, tearDownModule, lena from PIL import Image +from PIL import GifImagePlugin codecs = dir(Image.core) @@ -89,6 +90,20 @@ class TestFileGif(PillowTestCase): reloaded = roundtrip(im)[1].convert('RGB') self.assert_image_equal(im, reloaded) + def test_save_netpbm_bmp_mode(self): + img = Image.open(file).convert("RGB") + + tempfile = self.tempfile("temp.gif") + GifImagePlugin._save_netpbm(img, 0, tempfile) + self.assert_image_similar(img, Image.open(tempfile).convert("RGB"), 0) + + def test_save_netpbm_l_mode(self): + img = Image.open(file).convert("L") + + tempfile = self.tempfile("temp.gif") + GifImagePlugin._save_netpbm(img, 0, tempfile) + self.assert_image_similar(img, Image.open(tempfile).convert("L"), 0) + if __name__ == '__main__': unittest.main() diff --git a/Tests/test_file_jpeg.py b/Tests/test_file_jpeg.py index dae1d0019..5b2ba45e7 100644 --- a/Tests/test_file_jpeg.py +++ b/Tests/test_file_jpeg.py @@ -5,6 +5,7 @@ from io import BytesIO from PIL import Image from PIL import ImageFile +from PIL import JpegImagePlugin codecs = dir(Image.core) @@ -273,8 +274,21 @@ class TestFileJpeg(PillowTestCase): qtables={0:standard_l_qtable, 1:standard_chrominance_qtable}), 30) - - + + def test_load_djpeg(self): + img = Image.open(test_file) + img.load_djpeg() + self.assert_image_similar(img, Image.open(test_file), 0) + + def test_save_cjpeg(self): + img = Image.open(test_file) + + tempfile = self.tempfile("temp.jpg") + JpegImagePlugin._save_cjpeg(img, 0, tempfile) + # Default save quality is 75%, so a tiny bit of difference is alright + self.assert_image_similar(img, Image.open(tempfile), 1) + + if __name__ == '__main__': unittest.main() diff --git a/Tests/test_shell_injection.py b/Tests/test_shell_injection.py new file mode 100644 index 000000000..d20f9b1a6 --- /dev/null +++ b/Tests/test_shell_injection.py @@ -0,0 +1,51 @@ +from helper import unittest, PillowTestCase, tearDownModule + +import shutil + +from PIL import Image, JpegImagePlugin, GifImagePlugin + +test_jpg = "Tests/images/lena.jpg" +test_gif = "Tests/images/lena.gif" + +test_filenames = ( + "temp_';", + "temp_\";", + "temp_'\"|", + "temp_'\"||", + "temp_'\"&&", +) + +class TestShellInjection(PillowTestCase): + + def assert_save_filename_check(self, src_img, save_func): + for filename in test_filenames: + dest_file = self.tempfile(filename) + save_func(src_img, 0, dest_file) + # If file can't be opened, shell injection probably occurred + Image.open(dest_file).load() + + def test_load_djpeg_filename(self): + for filename in test_filenames: + src_file = self.tempfile(filename) + shutil.copy(test_jpg, src_file) + + im = Image.open(src_file) + im.load_djpeg() + + def test_save_cjpeg_filename(self): + im = Image.open(test_jpg) + self.assert_save_filename_check(im, JpegImagePlugin._save_cjpeg) + + def test_save_netpbm_filename_bmp_mode(self): + im = Image.open(test_gif).convert("RGB") + self.assert_save_filename_check(im, GifImagePlugin._save_netpbm) + + def test_save_netpbm_filename_l_mode(self): + im = Image.open(test_gif).convert("L") + self.assert_save_filename_check(im, GifImagePlugin._save_netpbm) + + +if __name__ == '__main__': + unittest.main() + +# End of file