def test_odd_name(session, admin_client, pool): pool['pool'] = 'test-pool<script></script>' session.add(Pool(**pool)) session.commit() resp = admin_client.get('/pool/list/') check_content_in_response('test-pool<script>', resp) check_content_not_in_response('test-pool<script>', resp)
def test_get_logs_with_metadata_failure(dag_faker_client): resp = dag_faker_client.get( GET_LOGS_WITH_METADATA_URL, follow_redirects=True, ) check_content_not_in_response('"message":', resp) check_content_not_in_response('"metadata":', resp)
def test_page_instance_name_xss_prevention(admin_client): xss_string = "<script>alert('Give me your credit card number')</script>" with conf_vars({('webserver', 'instance_name'): xss_string}): resp = admin_client.get('home', follow_redirects=True) escaped_xss_string = "<script>alert('Give me your credit card number')</script>" check_content_in_response(escaped_xss_string, resp) check_content_not_in_response(xss_string, resp)
def test_dag_autocomplete_success(client_all_dags): resp = client_all_dags.get( 'dagmodel/autocomplete?query=example_bash', follow_redirects=False, ) check_content_in_response('example_bash_operator', resp) check_content_not_in_response('example_subdag_operator', resp)
def test_code_from_db(admin_client): dag = DagBag(include_examples=True).get_dag("example_bash_operator") DagCode(dag.fileloc, DagCode._get_code_from_file(dag.fileloc)).sync_to_db() url = 'code?dag_id=example_bash_operator' resp = admin_client.get(url) check_content_not_in_response('Failed to load file', resp) check_content_in_response('example_bash_operator', resp)
def test_success_fail_for_read_only_task_instance_access(client_only_dags_tis): form = dict( task_id="run_this_last", dag_id="example_bash_operator", execution_date=DEFAULT_DATE, upstream="false", downstream="false", future="false", past="false", ) resp = client_only_dags_tis.post('success', data=form) check_content_not_in_response('Wait a minute', resp, resp_code=302)
def test_task_stats_success( client_all_dags_dagruns_tis, dags_to_run, unexpected_dag_ids, ): resp = client_all_dags_dagruns_tis.post('task_stats', data={'dag_ids': dags_to_run}, follow_redirects=True) assert resp.status_code == 200 for dag_id in unexpected_dag_ids: check_content_not_in_response(dag_id, resp) stats = json.loads(resp.data.decode()) for dag_id in dags_to_run: assert dag_id in stats
def test_blocked_success_when_selecting_dags( admin_client, dags_to_block, unexpected_dag_ids, ): resp = admin_client.post( 'blocked', data={'dag_ids': dags_to_block}, follow_redirects=True, ) assert resp.status_code == 200 for dag_id in unexpected_dag_ids: check_content_not_in_response(dag_id, resp) blocked_dags = {blocked['dag_id'] for blocked in json.loads(resp.data.decode())} for dag_id in dags_to_block: assert dag_id in blocked_dags
def test_last_dagruns_success_when_selecting_dags(admin_client): resp = admin_client.post('last_dagruns', data={'dag_ids': ['example_subdag_operator']}, follow_redirects=True) assert resp.status_code == 200 stats = json.loads(resp.data.decode('utf-8')) assert 'example_bash_operator' not in stats assert 'example_subdag_operator' in stats # Multiple resp = admin_client.post( 'last_dagruns', data={'dag_ids': ['example_subdag_operator', 'example_bash_operator']}, follow_redirects=True, ) stats = json.loads(resp.data.decode('utf-8')) assert 'example_bash_operator' in stats assert 'example_subdag_operator' in stats check_content_not_in_response('example_xcom', resp)
def test_code(admin_client): url = 'code?dag_id=example_bash_operator' resp = admin_client.get(url, follow_redirects=True) check_content_not_in_response('Failed to load file', resp) check_content_in_response('example_bash_operator', resp)
def test_plugin_endpoint_should_not_be_unauthenticated(app): resp = app.test_client().get('/plugin', follow_redirects=True) check_content_not_in_response("test_plugin", resp) check_content_in_response("Sign In - Airflow", resp)
def test_dag_details_failure(dag_faker_client): url = 'dag_details?dag_id=example_bash_operator' resp = dag_faker_client.get(url, follow_redirects=True) check_content_not_in_response('DAG Details', resp)
def test_code_failure(dag_test_client): url = 'code?dag_id=example_bash_operator' resp = dag_test_client.get(url, follow_redirects=True) check_content_not_in_response('example_bash_operator', resp)
def test_task_stats_failure(dag_test_client): resp = dag_test_client.post('task_stats', follow_redirects=True) check_content_not_in_response('example_subdag_operator', resp)
def test_index_failure(dag_test_client): # This user can only access/view example_bash_operator dag. resp = dag_test_client.get('/', follow_redirects=True) check_content_not_in_response('example_subdag_operator', resp)
def test_odd_name(admin_client, pool_factory): pool_factory(pool="test-pool<script></script>") resp = admin_client.get('/pool/list/') check_content_in_response('test-pool<script>', resp) check_content_not_in_response('test-pool<script>', resp)
def test_xss_prevention(admin_client): xss = "/variable/list/<img%20src=''%20onerror='alert(1);'>" resp = admin_client.get(xss, follow_redirects=True) check_content_not_in_response("<img src='' onerror='alert(1);'>", resp, resp_code=404)
def test_failure(dag_faker_client, url, unexpected_content): resp = dag_faker_client.get(url, follow_redirects=True) check_content_not_in_response(unexpected_content, resp)