Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsea…

…rch, without the risk of denial of service Description: Added a test case to verify up to 10 empty values and a negative case to check max limit. Relates: #4379 Reviewed by: @vashirov, @bsimonova, @droideck (Thanks!)
389ds · Jun 2, 2021 · ff83060 · ff83060
1 parent 268d1c7
commit ff83060
Showing 1 changed file with 27 additions and 28 deletions.
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -1314,6 +1314,33 @@ def test_critical_msg_on_empty_range_idl(topology_st):
     # Step 5
     assert not topology_st.standalone.searchErrorsLog('CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext.')
 
+@pytest.mark.bz1870624
+@pytest.mark.ds4379
+@pytest.mark.parametrize("case,value", [('positive', ['cn','','']),
+                                        ("positive", ['cn', '', '', '', '', '', '', '', '', '', '']),
+                                        ("negative", ['cn', '', '', '', '', '', '', '', '', '', '', ''])])
+def test_attr_description_limit(topology_st, case, value):
+    """Test that up to 10 empty attributeDescription is allowed
+
+    :id: 5afd3dcd-1028-428d-822d-a489ecf4b67e
+    :customerscenario: True
+    :parametrized: yes
+    :setup: Standalone instance
+    :steps:
+        1. Check that 2 empty values are allowed
+        2. Check that 10 empty values are allowed
+        3. Check that more than 10 empty values are allowed
+    :expectedresults:
+        1. Should succeed
+        2. Should succeed
+        3. Should fail
+    """
+    if case == 'positive':
+        DSLdapObjects(topology_st.standalone, basedn='').filter("(objectclass=*)", attrlist=value, scope=0)
+    else:
+        with pytest.raises(ldap.PROTOCOL_ERROR):
+            DSLdapObjects(topology_st.standalone, basedn='').filter("(objectclass=*)", attrlist=value, scope=0)
+
 
 @pytest.mark.bz1647099
 @pytest.mark.ds50026
@@ -1637,34 +1664,6 @@ def test_dscreate_with_different_rdn(dscreate_test_rdn_value):
             assert True
 
 
-@pytest.mark.bz1870624
-@pytest.mark.ds4379
-@pytest.mark.parametrize("case,value", [('positive', ['cn','','']),
-                                        ("positive", ['cn', '', '', '', '', '', '', '', '', '', '']),
-                                        ("negative", ['cn', '', '', '', '', '', '', '', '', '', '', ''])])
-def test_attr_description_limit(topology_st, case, value):
-    """Test that up to 10 empty attributeDescription is allowed
-
-    :id: 5afd3dcd-1028-428d-822d-a489ecf4b67e
-    :customerscenario: True
-    :parametrized: yes
-    :setup: Standalone instance
-    :steps:
-        1. Check that 2 empty values are allowed
-        2. Check that 10 empty values are allowed
-        3. Check that more than 10 empty values are allowed
-    :expectedresults:
-        1. Should succeeds
-        2. Should succeeds
-        3. Should fail
-    """
-    if case == 'positive':
-        DSLdapObjects(topology_st.standalone, basedn='').filter("(objectclass=*)", attrlist=value, scope=0)
-    else:
-        with pytest.raises(ldap.PROTOCOL_ERROR):
-            DSLdapObjects(topology_st.standalone, basedn='').filter("(objectclass=*)", attrlist=value, scope=0)
-
-
 if __name__ == '__main__':
     # Run isolated
     # -s for DEBUG mode