def test_attachment(self): app = flask.Flask(__name__) with catch_warnings() as captured: with app.test_request_context(): f = open(os.path.join(app.root_path, 'static/index.html')) rv = flask.send_file(f, as_attachment=True) value, options = parse_options_header(rv.headers['Content-Disposition']) assert value == 'attachment' # mimetypes + etag assert len(captured) == 2 with app.test_request_context(): assert options['filename'] == 'index.html' rv = flask.send_file('static/index.html', as_attachment=True) value, options = parse_options_header(rv.headers['Content-Disposition']) assert value == 'attachment' assert options['filename'] == 'index.html' with app.test_request_context(): rv = flask.send_file(StringIO('Test'), as_attachment=True, attachment_filename='index.txt', add_etags=False) assert rv.mimetype == 'text/plain' value, options = parse_options_header(rv.headers['Content-Disposition']) assert value == 'attachment' assert options['filename'] == 'index.txt'
def test_templates_and_static(self): from moduleapp import app c = app.test_client() rv = c.get("/") assert rv.data == "Hello from the Frontend" rv = c.get("/admin/") assert rv.data == "Hello from the Admin" rv = c.get("/admin/index2") assert rv.data == "Hello from the Admin" rv = c.get("/admin/static/test.txt") assert rv.data.strip() == "Admin File" rv = c.get("/admin/static/css/test.css") assert rv.data.strip() == "/* nested file */" with app.test_request_context(): assert flask.url_for("admin.static", filename="test.txt") == "/admin/static/test.txt" with app.test_request_context(): try: flask.render_template("missing.html") except TemplateNotFound, e: assert e.name == "missing.html" else:
def test_templates_and_static(self): from moduleapp import app c = app.test_client() rv = c.get('/') assert rv.data == 'Hello from the Frontend' rv = c.get('/admin/') assert rv.data == 'Hello from the Admin' rv = c.get('/admin/index2') assert rv.data == 'Hello from the Admin' rv = c.get('/admin/static/test.txt') assert rv.data.strip() == 'Admin File' rv = c.get('/admin/static/css/test.css') assert rv.data.strip() == '/* nested file */' with app.test_request_context(): assert flask.url_for('admin.static', filename='test.txt') \ == '/admin/static/test.txt' with app.test_request_context(): try: flask.render_template('missing.html') except TemplateNotFound, e: assert e.name == 'missing.html' else:
def test_send_file_object(self): app = flask.Flask(__name__) with app.test_request_context(): f = open(os.path.join(app.root_path, 'static/index.html')) rv = flask.send_file(f) with app.open_resource('static/index.html') as f: assert rv.data == f.read() assert rv.mimetype == 'text/html' app.use_x_sendfile = True with app.test_request_context(): f = open(os.path.join(app.root_path, 'static/index.html')) rv = flask.send_file(f) assert rv.mimetype == 'text/html' assert 'x-sendfile' in rv.headers assert rv.headers['x-sendfile'] == \ os.path.join(app.root_path, 'static/index.html') app.use_x_sendfile = False with app.test_request_context(): f = StringIO('Test') rv = flask.send_file(f) assert rv.data == 'Test' assert rv.mimetype == 'application/octet-stream' f = StringIO('Test') rv = flask.send_file(f, mimetype='text/plain') assert rv.data == 'Test' assert rv.mimetype == 'text/plain' app.use_x_sendfile = True with app.test_request_context(): f = StringIO('Test') rv = flask.send_file(f) assert 'x-sendfile' not in rv.headers
def test_send_file_object(self): app = flask.Flask(__name__) with catch_warnings() as captured: with app.test_request_context(): f = open(os.path.join(app.root_path, "static/index.html")) rv = flask.send_file(f) with app.open_resource("static/index.html") as f: assert rv.data == f.read() assert rv.mimetype == "text/html" # mimetypes + etag assert len(captured) == 2 app.use_x_sendfile = True with catch_warnings() as captured: with app.test_request_context(): f = open(os.path.join(app.root_path, "static/index.html")) rv = flask.send_file(f) assert rv.mimetype == "text/html" assert "x-sendfile" in rv.headers assert rv.headers["x-sendfile"] == os.path.join(app.root_path, "static/index.html") # mimetypes + etag assert len(captured) == 2 app.use_x_sendfile = False with app.test_request_context(): with catch_warnings() as captured: f = StringIO("Test") rv = flask.send_file(f) assert rv.data == "Test" assert rv.mimetype == "application/octet-stream" # etags assert len(captured) == 1 with catch_warnings() as captured: f = StringIO("Test") rv = flask.send_file(f, mimetype="text/plain") assert rv.data == "Test" assert rv.mimetype == "text/plain" # etags assert len(captured) == 1 app.use_x_sendfile = True with catch_warnings() as captured: with app.test_request_context(): f = StringIO("Test") rv = flask.send_file(f) assert "x-sendfile" not in rv.headers # etags assert len(captured) == 1
def test_safe_access(self): from moduleapp import app with app.test_request_context(): f = app.view_functions['admin.static'] try: f('/etc/passwd') except NotFound: pass else: assert 0, 'expected exception' try: f('../__init__.py') except NotFound: pass else: assert 0, 'expected exception' # testcase for a security issue that may exist on windows systems import os import ntpath old_path = os.path os.path = ntpath try: try: f('..\\__init__.py') except NotFound: pass else: assert 0, 'expected exception' finally: os.path = old_path
def test_safe_access(self): from moduleapp import app with app.test_request_context(): f = app.view_functions["admin.static"] try: f("/etc/passwd") except NotFound: pass else: assert 0, "expected exception" try: f("../__init__.py") except NotFound: pass else: assert 0, "expected exception" # testcase for a security issue that may exist on windows systems import os import ntpath old_path = os.path os.path = ntpath try: try: f("..\\__init__.py") except NotFound: pass else: assert 0, "expected exception" finally: os.path = old_path
def test_send_file_regular(self): app = flask.Flask(__name__) with app.test_request_context(): rv = flask.send_file('static/index.html') assert rv.direct_passthrough assert rv.mimetype == 'text/html' with app.open_resource('static/index.html') as f: assert rv.data == f.read()
def test_send_file_xsendfile(self): app = flask.Flask(__name__) app.use_x_sendfile = True with app.test_request_context(): rv = flask.send_file("static/index.html") assert rv.direct_passthrough assert "x-sendfile" in rv.headers assert rv.headers["x-sendfile"] == os.path.join(app.root_path, "static/index.html") assert rv.mimetype == "text/html"
def test_send_file_xsendfile(self): app = flask.Flask(__name__) app.use_x_sendfile = True with app.test_request_context(): rv = flask.send_file('static/index.html') assert rv.direct_passthrough assert 'x-sendfile' in rv.headers assert rv.headers['x-sendfile'] == \ os.path.join(app.root_path, 'static/index.html') assert rv.mimetype == 'text/html'
def test_static_path_without_url_prefix(self): app = flask.Flask(__name__) app.config['SERVER_NAME'] = 'example.com' from testmodule import mod app.register_module(mod) c = app.test_client() f = 'hello.txt' rv = c.get('/static/' + f, 'http://example.com/') assert rv.data.strip() == 'Hello Maindomain' with app.test_request_context(base_url='http://example.com'): assert flask.url_for('static', filename=f) == '/static/' + f assert flask.url_for('static', filename=f, _external=True) \ == 'http://example.com/static/' + f
def test_attachment(self): app = flask.Flask(__name__) with catch_warnings() as captured: with app.test_request_context(): f = open(os.path.join(app.root_path, "static/index.html")) rv = flask.send_file(f, as_attachment=True) value, options = parse_options_header(rv.headers["Content-Disposition"]) assert value == "attachment" # mimetypes + etag assert len(captured) == 2 with app.test_request_context(): assert options["filename"] == "index.html" rv = flask.send_file("static/index.html", as_attachment=True) value, options = parse_options_header(rv.headers["Content-Disposition"]) assert value == "attachment" assert options["filename"] == "index.html" with app.test_request_context(): rv = flask.send_file(StringIO("Test"), as_attachment=True, attachment_filename="index.txt", add_etags=False) assert rv.mimetype == "text/plain" value, options = parse_options_header(rv.headers["Content-Disposition"]) assert value == "attachment" assert options["filename"] == "index.txt"
def test_safe_access(self): from moduleapp import app with app.test_request_context(): f = app.view_functions['admin.static'] try: rv = f('/etc/passwd') except NotFound: pass else: assert 0, 'expected exception' try: rv = f('../__init__.py') except NotFound: pass else: assert 0, 'expected exception'
def test_safe_access(self): from moduleapp import app with app.test_request_context(): f = app.view_functions['admin.static'] try: f('/etc/passwd') except NotFound: pass else: assert 0, 'expected exception' try: f('../__init__.py') except NotFound: pass else: assert 0, 'expected exception'