def test_attachment(self):
app = flask.Flask(__name__)
with catch_warnings() as captured:
with app.test_request_context():
f = open(os.path.join(app.root_path, 'static/index.html'))
rv = flask.send_file(f, as_attachment=True)
value, options = parse_options_header(rv.headers['Content-Disposition'])
assert value == 'attachment'
# mimetypes + etag
assert len(captured) == 2
with app.test_request_context():
assert options['filename'] == 'index.html'
rv = flask.send_file('static/index.html', as_attachment=True)
value, options = parse_options_header(rv.headers['Content-Disposition'])
assert value == 'attachment'
assert options['filename'] == 'index.html'
with app.test_request_context():
rv = flask.send_file(StringIO('Test'), as_attachment=True,
attachment_filename='index.txt',
add_etags=False)
assert rv.mimetype == 'text/plain'
value, options = parse_options_header(rv.headers['Content-Disposition'])
assert value == 'attachment'
assert options['filename'] == 'index.txt'
def test_templates_and_static(self):
from moduleapp import app
c = app.test_client()
rv = c.get("/")
assert rv.data == "Hello from the Frontend"
rv = c.get("/admin/")
assert rv.data == "Hello from the Admin"
rv = c.get("/admin/index2")
assert rv.data == "Hello from the Admin"
rv = c.get("/admin/static/test.txt")
assert rv.data.strip() == "Admin File"
rv = c.get("/admin/static/css/test.css")
assert rv.data.strip() == "/* nested file */"
with app.test_request_context():
assert flask.url_for("admin.static", filename="test.txt") == "/admin/static/test.txt"
with app.test_request_context():
try:
flask.render_template("missing.html")
except TemplateNotFound, e:
assert e.name == "missing.html"
else:
def test_templates_and_static(self):
from moduleapp import app
c = app.test_client()
rv = c.get('/')
assert rv.data == 'Hello from the Frontend'
rv = c.get('/admin/')
assert rv.data == 'Hello from the Admin'
rv = c.get('/admin/index2')
assert rv.data == 'Hello from the Admin'
rv = c.get('/admin/static/test.txt')
assert rv.data.strip() == 'Admin File'
rv = c.get('/admin/static/css/test.css')
assert rv.data.strip() == '/* nested file */'
with app.test_request_context():
assert flask.url_for('admin.static', filename='test.txt') \
== '/admin/static/test.txt'
with app.test_request_context():
try:
flask.render_template('missing.html')
except TemplateNotFound, e:
assert e.name == 'missing.html'
else:
def test_send_file_object(self):
app = flask.Flask(__name__)
with app.test_request_context():
f = open(os.path.join(app.root_path, 'static/index.html'))
rv = flask.send_file(f)
with app.open_resource('static/index.html') as f:
assert rv.data == f.read()
assert rv.mimetype == 'text/html'
app.use_x_sendfile = True
with app.test_request_context():
f = open(os.path.join(app.root_path, 'static/index.html'))
rv = flask.send_file(f)
assert rv.mimetype == 'text/html'
assert 'x-sendfile' in rv.headers
assert rv.headers['x-sendfile'] == \
os.path.join(app.root_path, 'static/index.html')
app.use_x_sendfile = False
with app.test_request_context():
f = StringIO('Test')
rv = flask.send_file(f)
assert rv.data == 'Test'
assert rv.mimetype == 'application/octet-stream'
f = StringIO('Test')
rv = flask.send_file(f, mimetype='text/plain')
assert rv.data == 'Test'
assert rv.mimetype == 'text/plain'
app.use_x_sendfile = True
with app.test_request_context():
f = StringIO('Test')
rv = flask.send_file(f)
assert 'x-sendfile' not in rv.headers
def test_templates_and_static(self):
from moduleapp import app
c = app.test_client()
rv = c.get('/')
assert rv.data == 'Hello from the Frontend'
rv = c.get('/admin/')
assert rv.data == 'Hello from the Admin'
rv = c.get('/admin/index2')
assert rv.data == 'Hello from the Admin'
rv = c.get('/admin/static/test.txt')
assert rv.data.strip() == 'Admin File'
rv = c.get('/admin/static/css/test.css')
assert rv.data.strip() == '/* nested file */'
with app.test_request_context():
assert flask.url_for('admin.static', filename='test.txt') \
== '/admin/static/test.txt'
with app.test_request_context():
try:
flask.render_template('missing.html')
except TemplateNotFound, e:
assert e.name == 'missing.html'
else:
def test_send_file_object(self):
app = flask.Flask(__name__)
with app.test_request_context():
f = open(os.path.join(app.root_path, 'static/index.html'))
rv = flask.send_file(f)
with app.open_resource('static/index.html') as f:
assert rv.data == f.read()
assert rv.mimetype == 'text/html'
app.use_x_sendfile = True
with app.test_request_context():
f = open(os.path.join(app.root_path, 'static/index.html'))
rv = flask.send_file(f)
assert rv.mimetype == 'text/html'
assert 'x-sendfile' in rv.headers
assert rv.headers['x-sendfile'] == \
os.path.join(app.root_path, 'static/index.html')
app.use_x_sendfile = False
with app.test_request_context():
f = StringIO('Test')
rv = flask.send_file(f)
assert rv.data == 'Test'
assert rv.mimetype == 'application/octet-stream'
f = StringIO('Test')
rv = flask.send_file(f, mimetype='text/plain')
assert rv.data == 'Test'
assert rv.mimetype == 'text/plain'
app.use_x_sendfile = True
with app.test_request_context():
f = StringIO('Test')
rv = flask.send_file(f)
assert 'x-sendfile' not in rv.headers
def test_attachment(self):
app = flask.Flask(__name__)
with catch_warnings() as captured:
with app.test_request_context():
f = open(os.path.join(app.root_path, 'static/index.html'))
rv = flask.send_file(f, as_attachment=True)
value, options = parse_options_header(rv.headers['Content-Disposition'])
assert value == 'attachment'
# mimetypes + etag
assert len(captured) == 2
with app.test_request_context():
assert options['filename'] == 'index.html'
rv = flask.send_file('static/index.html', as_attachment=True)
value, options = parse_options_header(rv.headers['Content-Disposition'])
assert value == 'attachment'
assert options['filename'] == 'index.html'
with app.test_request_context():
rv = flask.send_file(StringIO('Test'), as_attachment=True,
attachment_filename='index.txt',
add_etags=False)
assert rv.mimetype == 'text/plain'
value, options = parse_options_header(rv.headers['Content-Disposition'])
assert value == 'attachment'
assert options['filename'] == 'index.txt'
def test_send_file_object(self):
app = flask.Flask(__name__)
with catch_warnings() as captured:
with app.test_request_context():
f = open(os.path.join(app.root_path, "static/index.html"))
rv = flask.send_file(f)
with app.open_resource("static/index.html") as f:
assert rv.data == f.read()
assert rv.mimetype == "text/html"
# mimetypes + etag
assert len(captured) == 2
app.use_x_sendfile = True
with catch_warnings() as captured:
with app.test_request_context():
f = open(os.path.join(app.root_path, "static/index.html"))
rv = flask.send_file(f)
assert rv.mimetype == "text/html"
assert "x-sendfile" in rv.headers
assert rv.headers["x-sendfile"] == os.path.join(app.root_path, "static/index.html")
# mimetypes + etag
assert len(captured) == 2
app.use_x_sendfile = False
with app.test_request_context():
with catch_warnings() as captured:
f = StringIO("Test")
rv = flask.send_file(f)
assert rv.data == "Test"
assert rv.mimetype == "application/octet-stream"
# etags
assert len(captured) == 1
with catch_warnings() as captured:
f = StringIO("Test")
rv = flask.send_file(f, mimetype="text/plain")
assert rv.data == "Test"
assert rv.mimetype == "text/plain"
# etags
assert len(captured) == 1
app.use_x_sendfile = True
with catch_warnings() as captured:
with app.test_request_context():
f = StringIO("Test")
rv = flask.send_file(f)
assert "x-sendfile" not in rv.headers
# etags
assert len(captured) == 1
def test_safe_access(self):
from moduleapp import app
with app.test_request_context():
f = app.view_functions['admin.static']
try:
f('/etc/passwd')
except NotFound:
pass
else:
assert 0, 'expected exception'
try:
f('../__init__.py')
except NotFound:
pass
else:
assert 0, 'expected exception'
# testcase for a security issue that may exist on windows systems
import os
import ntpath
old_path = os.path
os.path = ntpath
try:
try:
f('..\\__init__.py')
except NotFound:
pass
else:
assert 0, 'expected exception'
finally:
os.path = old_path
def test_safe_access(self):
from moduleapp import app
with app.test_request_context():
f = app.view_functions["admin.static"]
try:
f("/etc/passwd")
except NotFound:
pass
else:
assert 0, "expected exception"
try:
f("../__init__.py")
except NotFound:
pass
else:
assert 0, "expected exception"
# testcase for a security issue that may exist on windows systems
import os
import ntpath
old_path = os.path
os.path = ntpath
try:
try:
f("..\\__init__.py")
except NotFound:
pass
else:
assert 0, "expected exception"
finally:
os.path = old_path
def test_send_file_regular(self):
app = flask.Flask(__name__)
with app.test_request_context():
rv = flask.send_file('static/index.html')
assert rv.direct_passthrough
assert rv.mimetype == 'text/html'
with app.open_resource('static/index.html') as f:
assert rv.data == f.read()
def test_send_file_regular(self):
app = flask.Flask(__name__)
with app.test_request_context():
rv = flask.send_file('static/index.html')
assert rv.direct_passthrough
assert rv.mimetype == 'text/html'
with app.open_resource('static/index.html') as f:
assert rv.data == f.read()
def test_send_file_xsendfile(self):
app = flask.Flask(__name__)
app.use_x_sendfile = True
with app.test_request_context():
rv = flask.send_file("static/index.html")
assert rv.direct_passthrough
assert "x-sendfile" in rv.headers
assert rv.headers["x-sendfile"] == os.path.join(app.root_path, "static/index.html")
assert rv.mimetype == "text/html"
def test_send_file_xsendfile(self):
app = flask.Flask(__name__)
app.use_x_sendfile = True
with app.test_request_context():
rv = flask.send_file('static/index.html')
assert rv.direct_passthrough
assert 'x-sendfile' in rv.headers
assert rv.headers['x-sendfile'] == \
os.path.join(app.root_path, 'static/index.html')
assert rv.mimetype == 'text/html'
def test_send_file_xsendfile(self):
app = flask.Flask(__name__)
app.use_x_sendfile = True
with app.test_request_context():
rv = flask.send_file('static/index.html')
assert rv.direct_passthrough
assert 'x-sendfile' in rv.headers
assert rv.headers['x-sendfile'] == \
os.path.join(app.root_path, 'static/index.html')
assert rv.mimetype == 'text/html'
def test_static_path_without_url_prefix(self):
app = flask.Flask(__name__)
app.config['SERVER_NAME'] = 'example.com'
from testmodule import mod
app.register_module(mod)
c = app.test_client()
f = 'hello.txt'
rv = c.get('/static/' + f, 'http://example.com/')
assert rv.data.strip() == 'Hello Maindomain'
with app.test_request_context(base_url='http://example.com'):
assert flask.url_for('static', filename=f) == '/static/' + f
assert flask.url_for('static', filename=f, _external=True) \
== 'http://example.com/static/' + f
def test_attachment(self):
app = flask.Flask(__name__)
with catch_warnings() as captured:
with app.test_request_context():
f = open(os.path.join(app.root_path, "static/index.html"))
rv = flask.send_file(f, as_attachment=True)
value, options = parse_options_header(rv.headers["Content-Disposition"])
assert value == "attachment"
# mimetypes + etag
assert len(captured) == 2
with app.test_request_context():
assert options["filename"] == "index.html"
rv = flask.send_file("static/index.html", as_attachment=True)
value, options = parse_options_header(rv.headers["Content-Disposition"])
assert value == "attachment"
assert options["filename"] == "index.html"
with app.test_request_context():
rv = flask.send_file(StringIO("Test"), as_attachment=True, attachment_filename="index.txt", add_etags=False)
assert rv.mimetype == "text/plain"
value, options = parse_options_header(rv.headers["Content-Disposition"])
assert value == "attachment"
assert options["filename"] == "index.txt"
def test_safe_access(self):
from moduleapp import app
with app.test_request_context():
f = app.view_functions['admin.static']
try:
rv = f('/etc/passwd')
except NotFound:
pass
else:
assert 0, 'expected exception'
try:
rv = f('../__init__.py')
except NotFound:
pass
else:
assert 0, 'expected exception'
def test_safe_access(self):
from moduleapp import app
with app.test_request_context():
f = app.view_functions['admin.static']
try:
f('/etc/passwd')
except NotFound:
pass
else:
assert 0, 'expected exception'
try:
f('../__init__.py')
except NotFound:
pass
else:
assert 0, 'expected exception'
