示例#1
0
    def test_path_outside_widget_folder_sendfile(self):

        request, get_object_or_404_mock, build_sendfile_response_mock, serve_mock = self.build_mocks()

        with self.settings(USE_XSENDFILE=True):
            with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock):
                response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'test//../../../../../../manage.py')
                self.assertEqual(response.status_code, 302)
                self.assertNotIn('..', response['Location'])
示例#2
0
    def test_path_file_found_operator(self):

        request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks('operator')

        response_mock = Mock()
        response_mock.status_code = 200
        build_downloadfile_response_mock.return_value = response_mock

        with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock):
            response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'image/catalogue.png')
            self.assertEqual(response, response_mock)
示例#3
0
    def test_path_file_found_operator(self):

        request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks('operator')

        response_mock = Mock()
        response_mock.status_code = 200
        build_downloadfile_response_mock.return_value = response_mock

        with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock):
            response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'image/catalogue.png')
            self.assertEqual(response, response_mock)
示例#4
0
    def test_path_file_found_sendfile(self):

        request, get_object_or_404_mock, build_sendfile_response_mock, serve_mock = self.build_mocks('widget')

        response_mock = Mock()
        response_mock.status_code = 200
        build_sendfile_response_mock.return_value = response_mock

        with self.settings(USE_XSENDFILE=True):
            with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_sendfile_response=build_sendfile_response_mock):
                response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'image/catalogue.png')
                self.assertEqual(response, response_mock)
示例#5
0
    def test_path_outside_widget_folder(self):

        request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks()

        response_mock = MagicMock()
        response_mock.status_code = 302
        headers = {'Location': 'manage.py'}
        def set_header(key, value):
            headers[key] = value
        def get_header(key):
            return headers[key]
        response_mock.__setitem__.side_effect = set_header
        response_mock.__getitem__.side_effect = get_header
        build_downloadfile_response_mock.return_value = response_mock

        with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock):
            response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'test/../../../../../../manage.py')
            self.assertEqual(response.status_code, 302)
            self.assertEqual(response['Location'], reverse('wirecloud_catalogue.media', kwargs= {"vendor": 'Wirecloud', "name": 'Test', "version": '1.0', "file_path": 'manage.py'}))
            self.assertTrue(response['Location'].endswith('manage.py'))
示例#6
0
    def test_path_outside_widget_folder(self):

        request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks()

        response_mock = MagicMock()
        response_mock.status_code = 302
        headers = {'Location': 'manage.py'}

        def set_header(key, value):
            headers[key] = value

        def get_header(key):
            return headers[key]

        response_mock.__setitem__.side_effect = set_header
        response_mock.__getitem__.side_effect = get_header
        build_downloadfile_response_mock.return_value = response_mock

        with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock):
            response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'test/../../../../../../manage.py')
            self.assertEqual(response.status_code, 302)
            self.assertEqual(response['Location'], reverse('wirecloud_catalogue.media', kwargs={"vendor": 'Wirecloud', "name": 'Test', "version": '1.0', "file_path": 'manage.py'}))
            self.assertTrue(response['Location'].endswith('manage.py'))