def test_path_outside_widget_folder_sendfile(self):
request, get_object_or_404_mock, build_sendfile_response_mock, serve_mock = self.build_mocks()
with self.settings(USE_XSENDFILE=True):
with patch.multiple('wirecloud.platform.widget.views', get_object_or_404=get_object_or_404_mock):
response = serve_showcase_media(request, 'Wirecloud', 'Test', '1.0', 'test//../../../../../../manage.py')
self.assertEqual(response.status_code, 302)
self.assertNotIn('..', response['Location'])
def test_path_file_found(self):
request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks()
response_mock = Mock()
response_mock.status_code = 200
build_downloadfile_response_mock.return_value = response_mock
with self.settings(USE_XSENDFILE=False):
with patch.multiple('wirecloud.platform.widget.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock):
response = serve_showcase_media(request, 'Wirecloud', 'Test', '1.0', 'js/file.js')
self.assertEqual(response, response_mock)
def test_path_outside_widget_folder(self):
request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks()
response_mock = MagicMock()
response_mock.status_code = 302
headers = {'Location': 'manage.py'}
def set_header(key, value):
headers[key] = value
def get_header(key):
return headers[key]
response_mock.__setitem__.side_effect = set_header
response_mock.__getitem__.side_effect = get_header
build_downloadfile_response_mock.return_value = response_mock
with self.settings(USE_XSENDFILE=False):
with patch.multiple('wirecloud.platform.widget.views', get_object_or_404=get_object_or_404_mock):
response = serve_showcase_media(request, 'Wirecloud', 'Test', '1.0', 'test/../../../../../../manage.py')
self.assertEqual(response.status_code, 302)
self.assertNotIn('..', response['Location'])
