def test__1(self): ''' Make sure that append() fails when it can't decode the prefix or the path ''' # Note: '/cio\xc3a8' is wrong on purpose here self.assertEqual( utils_path.append(six.b('/cio\xc3a8'), '/foobar', False), None) self.assertEqual( utils_path.append('/foobar', six.b('/cio\xc3\xa8'), False), None)
def test__2(self): ''' Verify that append() unquotes the path, if requested to do so ''' self.assertEqual( utils_path.append('/foobar', 'foo%2fbaz', False), "/foobar/foo%2fbaz", ) self.assertEqual( utils_path.append('/foobar', 'foo%2fbaz', True), "/foobar/foo/baz", )
def test__3(self): ''' Verify that append() does not allow to go above the rootdir ''' self.assertEqual(utils_path.append('/foobar', '../etc/passwd', False), None) self.assertEqual( utils_path.append('/foobar', six.b('\x2e\x2e\x2fetc\x2fpasswd'), False), None) self.assertEqual( utils_path.append('/foobar', six.b('..%2fetc%2fpasswd'), True), None)
def test__4(self): ''' Verify that append() ASCII-fies the path in any case ''' self.assertEqual( utils_path.append("/foobar", six.u("'/cio\xe8'"), True), None ) self.assertEqual( utils_path.append("/foobar", six.u("'/cio%e8'"), True), None )
def test__1(self): ''' Make sure that append() fails when it can't decode the prefix or the path ''' # Note: '/cio\xc3a8' is wrong on purpose here self.assertEqual( utils_path.append(six.b('/cio\xc3a8'), '/foobar', False), None ) self.assertEqual( utils_path.append('/foobar', six.b('/cio\xc3\xa8'), False), None )
def process_request(self, stream, request): response = HttpMessage() if not request.uri.startswith("/"): self._emit_error(stream, request, response, "403", "Forbidden") return if not self._rootdir: self._emit_error(stream, request, response, "403", "Forbidden") return if '?' in request.uri: request_uri = request.uri.split('?')[0] else: request_uri = request.uri fullpath = utils_path.append(self._rootdir, request_uri, True) if not fullpath: self._emit_error(stream, request, response, "403", "Forbidden") return try: filep = open(fullpath, "rb") except (IOError, OSError): self._emit_error(stream, request, response, "404", "Not Found") return response.compose(code="200", reason="Ok", body=filep, mimetype="text/plain") if request.method == "HEAD": utils.safe_seek(filep, 0, os.SEEK_END) stream.send_response(request, response)
def test__3(self): ''' Verify that append() does not allow to go above the rootdir ''' self.assertEqual( utils_path.append('/foobar', '../etc/passwd', False), None ) self.assertEqual( utils_path.append('/foobar', six.b('\x2e\x2e\x2fetc\x2fpasswd'), False), None ) self.assertEqual( utils_path.append('/foobar', six.b('..%2fetc%2fpasswd'), True), None )
def test__4(self): ''' Verify that append() ASCII-fies the path in any case ''' self.assertEqual( utils_path.append("/foobar", six.u("'/cio\xe8'"), True), None) self.assertEqual( utils_path.append("/foobar", six.u("'/cio%e8'"), True), None)