backup/pywb
1
0
Fork 0
mirror of https://github.com/webrecorder/pywb.git synced 2025-03-15 00:03:28 +01:00
Code Issues Projects Releases Activity

Add path traversal tests

Browse Source
This commit is contained in:
Tessa Walsh 2024-10-31 12:18:15 -04:00
parent d89a0d3699
commit 57730187ed
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tests/test_integration.py
View File

@ -516,6 +516,17 @@ class TestWbIntegration(BaseConfigTest):
assert 'Static file not found: <b>notfound.css</b>' in resp.text
def test_path_traversal_not_found(self):
resp = self.testapp.get('/static/../../../../osfile.txt', status = 404)
assert resp.status_int == 404
assert 'Static file not found: <b>../../../../osfile.txt</b>' in resp.text
resp = self.testapp.get('/static%2F..%2F..%2F..%2F..%2Fosfile.txt', status = 404)
assert resp.status_int == 404
assert 'Static file not found: <b>..%2F..%2F..%2F..%2Fosfile.txt</b>' in resp.text
def test_cdx_server_filters(self):
resp = self.testapp.get('/pywb/cdx?url=http://www.iana.org/_css/2013.1/screen.css&filter=mime:warc/revisit&filter=filename:dupes.warc.gz')
assert resp.content_type == 'text/x-cdxj'