Пример #1
0
 def test_sanitize_url_with_data_xss(self):
     """ Test the ``sanitize_url`` method with a classic ``data:`` XSS injection. """
     output = sanitize_url("data:image/png;base64,iVBORw0KGgoAA"
                           "AANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAABlBMVEUAAAD///+l2Z/dAAAAM0l"
                           "EQVR4nGP4/5/h/1+G/58ZDrAz3D/McH8yw83NDDeNGe4Ug9C9zwz3gVLMDA/A6"
                           "P9/AFGGFyjOXZtQAAAAAElFTkSuQmCC")
     self.assertEqual('', output)
Пример #2
0
 def test_sanitize_url_with_html_entities_escape_disabled(self):
     """ Test the ``sanitize_url`` method with an URL containing HTML entities char inside. """
     output = sanitize_url(
         "https://github.com/TamiaLab/PySkCode?foo=bar&bar=foo",
         encode_html_entities=False)
     self.assertEqual(
         'https://github.com/TamiaLab/PySkCode?foo=bar&bar=foo', output)
Пример #3
0
 def test_sanitize_url_with_data_xss(self):
     """ Test the ``sanitize_url`` method with a classic ``data:`` XSS injection. """
     output = sanitize_url(
         "data:image/png;base64,iVBORw0KGgoAA"
         "AANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAABlBMVEUAAAD///+l2Z/dAAAAM0l"
         "EQVR4nGP4/5/h/1+G/58ZDrAz3D/McH8yw83NDDeNGe4Ug9C9zwz3gVLMDA/A6"
         "P9/AFGGFyjOXZtQAAAAAElFTkSuQmCC")
     self.assertEqual('', output)
Пример #4
0
    def test_sanitize_url_assertions(self):
        """ Test the assertions of the ``sanitize_url`` method. """
        with self.assertRaises(AssertionError) as e:
            sanitize_url('https://github.com/TamiaLab/PySkCode', default_scheme='')
        self.assertEqual('A default scheme is mandatory to avoid XSS.', str(e.exception))

        with self.assertRaises(AssertionError) as e:
            sanitize_url('https://github.com/TamiaLab/PySkCode', allowed_schemes=())
        self.assertEqual('You need to allow at least one scheme to get a result.', str(e.exception))

        with self.assertRaises(AssertionError) as e:
            sanitize_url('https://github.com/TamiaLab/PySkCode',
                         force_default_scheme=True, force_remove_scheme=True)
        self.assertEqual('You cannot force the default scheme and also force-remove the scheme.', str(e.exception))
Пример #5
0
    def test_sanitize_url_assertions(self):
        """ Test the assertions of the ``sanitize_url`` method. """
        with self.assertRaises(AssertionError) as e:
            sanitize_url('https://github.com/TamiaLab/PySkCode',
                         default_scheme='')
        self.assertEqual('A default scheme is mandatory to avoid XSS.',
                         str(e.exception))

        with self.assertRaises(AssertionError) as e:
            sanitize_url('https://github.com/TamiaLab/PySkCode',
                         allowed_schemes=())
        self.assertEqual(
            'You need to allow at least one scheme to get a result.',
            str(e.exception))

        with self.assertRaises(AssertionError) as e:
            sanitize_url('https://github.com/TamiaLab/PySkCode',
                         force_default_scheme=True,
                         force_remove_scheme=True)
        self.assertEqual(
            'You cannot force the default scheme and also force-remove the scheme.',
            str(e.exception))
Пример #6
0
 def test_sanitize_url_with_force_remove_scheme(self):
     """ Test the ``sanitize_url`` method with a valid URL and the force_remove_scheme set. """
     output = sanitize_url('https://github.com/TamiaLab/PySkCode',
                           force_remove_scheme=True)
     self.assertEqual('//github.com/TamiaLab/PySkCode', output)
Пример #7
0
 def test_sanitize_url_with_force_remove_scheme(self):
     """ Test the ``sanitize_url`` method with a valid URL and the force_remove_scheme set. """
     output = sanitize_url('https://github.com/TamiaLab/PySkCode', force_remove_scheme=True)
     self.assertEqual('//github.com/TamiaLab/PySkCode', output)
Пример #8
0
 def test_sanitize_url_with_force_default_scheme(self):
     """ Test the ``sanitize_url`` method with a local URL without a scheme but with force_default_scheme set. """
     output = sanitize_url('/TamiaLab/PySkCode', default_scheme='https', force_default_scheme=True)
     self.assertEqual('https:///TamiaLab/PySkCode', output)
Пример #9
0
 def test_sanitize_url_with_force_default_scheme(self):
     """ Test the ``sanitize_url`` method with a local URL without a scheme but with force_default_scheme set. """
     output = sanitize_url('/TamiaLab/PySkCode',
                           default_scheme='https',
                           force_default_scheme=True)
     self.assertEqual('https:///TamiaLab/PySkCode', output)
Пример #10
0
 def test_sanitize_url_with_malformed_url(self):
     """ Test the ``sanitize_url`` method with a malformed URL. """
     output = sanitize_url('https://[github.com/TamiaLab/PySkCode')
     self.assertEqual('', output)
Пример #11
0
 def test_sanitize_url_with_local_url_without_scheme(self):
     """ Test the ``sanitize_url`` method with a local URL without a scheme. """
     output = sanitize_url('/TamiaLab/PySkCode', default_scheme='https')
     self.assertEqual('/TamiaLab/PySkCode', output)
Пример #12
0
 def test_sanitize_url(self):
     """ Test the ``sanitize_url`` method with a valid URL. """
     output = sanitize_url('https://github.com/TamiaLab/PySkCode')
     self.assertEqual('https://github.com/TamiaLab/PySkCode', output)
Пример #13
0
 def test_sanitize_url_with_local_url_absolute_conversion(self):
     """ Test the ``sanitize_url`` method with a local URL without a scheme and absolute conversion set. """
     output = sanitize_url('/TamiaLab/PySkCode',
                           absolute_base_url='https://github.com')
     self.assertEqual('https://github.com/TamiaLab/PySkCode', output)
Пример #14
0
 def test_sanitize_url_with_no_url(self):
     """ Test the ``sanitize_url`` method without any URL. """
     output = sanitize_url('')
     self.assertEqual('', output)
Пример #15
0
 def test_sanitize_url_with_local_url_absolute_conversion(self):
     """ Test the ``sanitize_url`` method with a local URL without a scheme and absolute conversion set. """
     output = sanitize_url('/TamiaLab/PySkCode',
                           absolute_base_url='https://github.com')
     self.assertEqual('https://github.com/TamiaLab/PySkCode', output)
Пример #16
0
 def test_sanitize_url_ipv6(self):
     """ Test the ``sanitize_url`` method with a valid URL (using a IPv6 address). """
     output = sanitize_url('https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/')
     self.assertEqual('https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/', output)
Пример #17
0
 def test_sanitize_url(self):
     """ Test the ``sanitize_url`` method with a valid URL. """
     output = sanitize_url('https://github.com/TamiaLab/PySkCode')
     self.assertEqual('https://github.com/TamiaLab/PySkCode', output)
Пример #18
0
 def test_sanitize_url_with_html_entities_escape_disabled(self):
     """ Test the ``sanitize_url`` method with an URL containing HTML entities char inside. """
     output = sanitize_url("https://github.com/TamiaLab/PySkCode?foo=bar&bar=foo", encode_html_entities=False)
     self.assertEqual('https://github.com/TamiaLab/PySkCode?foo=bar&bar=foo', output)
Пример #19
0
 def test_sanitize_url_with_javascript_xss(self):
     """ Test the ``sanitize_url`` method with a classic ``javascript:`` XSS injection. """
     self.assertEqual('', sanitize_url("javascript:alert('XSS');"))
     self.assertEqual('', sanitize_url("jav\tascript:alert('XSS');"))
Пример #20
0
 def test_sanitize_url_with_no_url(self):
     """ Test the ``sanitize_url`` method without any URL. """
     output = sanitize_url('')
     self.assertEqual('', output)
Пример #21
0
 def test_sanitize_url_with_dangerous_char(self):
     """ Test the ``sanitize_url`` method with an URL containing dangerous char inside. """
     output = sanitize_url('{https}://github.com/<TamiaLab>/PySkCode')
     self.assertEqual('https://github.com/TamiaLab/PySkCode', output)
Пример #22
0
 def test_sanitize_url_with_javascript_xss(self):
     """ Test the ``sanitize_url`` method with a classic ``javascript:`` XSS injection. """
     self.assertEqual('', sanitize_url("javascript:alert('XSS');"))
     self.assertEqual('', sanitize_url("jav\tascript:alert('XSS');"))
Пример #23
0
 def test_sanitize_url_with_malformed_url(self):
     """ Test the ``sanitize_url`` method with a malformed URL. """
     output = sanitize_url('https://[github.com/TamiaLab/PySkCode')
     self.assertEqual('', output)
Пример #24
0
 def test_sanitize_url_with_scheme_not_in_white_list(self):
     """ Test the ``sanitize_url`` method with an URL and a scheme not in white list. """
     output = sanitize_url('https://github.com/TamiaLab/PySkCode', allowed_schemes=('http',))
     self.assertEqual('', output)
Пример #25
0
 def test_sanitize_url_ipv6(self):
     """ Test the ``sanitize_url`` method with a valid URL (using a IPv6 address). """
     output = sanitize_url(
         'https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/')
     self.assertEqual('https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/',
                      output)
Пример #26
0
 def test_sanitize_url_with_local_url_without_scheme(self):
     """ Test the ``sanitize_url`` method with a local URL without a scheme. """
     output = sanitize_url('/TamiaLab/PySkCode', default_scheme='https')
     self.assertEqual('/TamiaLab/PySkCode', output)
Пример #27
0
 def test_sanitize_url_with_dangerous_char(self):
     """ Test the ``sanitize_url`` method with an URL containing dangerous char inside. """
     output = sanitize_url('{https}://github.com/<TamiaLab>/PySkCode')
     self.assertEqual('https://github.com/TamiaLab/PySkCode', output)
Пример #28
0
 def test_sanitize_url_with_non_local_url_without_scheme_disabled(self):
     """ Test the ``sanitize_url`` method with a non local URL and without a scheme. """
     output = sanitize_url('github.com/TamiaLab/PySkCode', default_scheme='https', fix_non_local_urls=False)
     self.assertEqual('github.com/TamiaLab/PySkCode', output)
Пример #29
0
 def test_sanitize_url_with_scheme_not_in_white_list(self):
     """ Test the ``sanitize_url`` method with an URL and a scheme not in white list. """
     output = sanitize_url('https://github.com/TamiaLab/PySkCode',
                           allowed_schemes=('http', ))
     self.assertEqual('', output)
Пример #30
0
 def test_sanitize_url_with_only_domain_name(self):
     """ Test the ``sanitize_url`` method with onyl a domain name. """
     output = sanitize_url('github.com', default_scheme='https')
     self.assertEqual('https://github.com', output)
Пример #31
0
 def test_sanitize_url_with_non_local_url_without_scheme(self):
     """ Test the ``sanitize_url`` method with a non local URL and without a scheme. """
     output = sanitize_url('github.com/TamiaLab/PySkCode',
                           default_scheme='https')
     self.assertEqual('https://github.com/TamiaLab/PySkCode', output)
Пример #32
0
 def test_sanitize_url_with_only_domain_name(self):
     """ Test the ``sanitize_url`` method with onyl a domain name. """
     output = sanitize_url('github.com', default_scheme='https')
     self.assertEqual('https://github.com', output)