Skip to content

Commit

Permalink
Add path traversal tests
Browse files Browse the repository at this point in the history
  • Loading branch information
tw4l committed Oct 31, 2024
1 parent de6d8c2 commit 8227a5a
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions tests/test_integration.py
Original file line number Diff line number Diff line change
Expand Up @@ -516,6 +516,17 @@ def test_static_not_found(self):

assert 'Static file not found: <b>notfound.css</b>' in resp.text

def test_path_traversal_not_found(self):
resp = self.testapp.get('/static/../../../../osfile.txt', status = 404)
assert resp.status_int == 404

assert 'Static file not found: <b>../../../../osfile.txt</b>' in resp.text

resp = self.testapp.get('/static%2F..%2F..%2F..%2F..%2Fosfile.txt', status = 404)
assert resp.status_int == 404

assert 'Static file not found: <b>..%2F..%2F..%2F..%2Fosfile.txt</b>' in resp.text

def test_cdx_server_filters(self):
resp = self.testapp.get('/pywb/cdx?url=http://www.iana.org/_css/2013.1/screen.css&filter=mime:warc/revisit&filter=filename:dupes.warc.gz')
assert resp.content_type == 'text/x-cdxj'
Expand Down

0 comments on commit 8227a5a

Please sign in to comment.