예제 #1
0
def test_escape_root(tmp_path):
    td = str(tmp_path)
    cm = FileContentsManager(root_dir=td)
    # make foo, bar next to root
    with open(os.path.join(cm.root_dir, '..', 'foo'), 'w') as f:
        f.write('foo')
    with open(os.path.join(cm.root_dir, '..', 'bar'), 'w') as f:
        f.write('bar')

    with pytest.raises(HTTPError) as e:
        cm.get('..')
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.get('foo/../../../bar')
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.delete('../foo')
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.rename('../foo', '../bar')
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.save(model={
            'type': 'file',
            'content': u'',
            'format': 'text',
        },
                path='../foo')
    expected_http_error(e, 404)
예제 #2
0
def test_escape_root(tmp_path):
    td = str(tmp_path)
    cm = FileContentsManager(root_dir=td)
    # make foo, bar next to root
    with open(os.path.join(cm.root_dir, "..", "foo"), "w") as f:
        f.write("foo")
    with open(os.path.join(cm.root_dir, "..", "bar"), "w") as f:
        f.write("bar")

    with pytest.raises(HTTPError) as e:
        cm.get("..")
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.get("foo/../../../bar")
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.delete("../foo")
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.rename("../foo", "../bar")
    expected_http_error(e, 404)

    with pytest.raises(HTTPError) as e:
        cm.save(model={
            "type": "file",
            "content": u"",
            "format": "text",
        },
                path="../foo")
    expected_http_error(e, 404)