def test_path_outside_widget_folder_sendfile(self): request, get_object_or_404_mock, build_sendfile_response_mock, serve_mock = self.build_mocks() with self.settings(USE_XSENDFILE=True): with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock): response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'test//../../../../../../manage.py') self.assertEqual(response.status_code, 302) self.assertNotIn('..', response['Location'])
def test_path_file_found_operator(self): request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks('operator') response_mock = Mock() response_mock.status_code = 200 build_downloadfile_response_mock.return_value = response_mock with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock): response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'image/catalogue.png') self.assertEqual(response, response_mock)
def test_path_file_found_sendfile(self): request, get_object_or_404_mock, build_sendfile_response_mock, serve_mock = self.build_mocks('widget') response_mock = Mock() response_mock.status_code = 200 build_sendfile_response_mock.return_value = response_mock with self.settings(USE_XSENDFILE=True): with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_sendfile_response=build_sendfile_response_mock): response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'image/catalogue.png') self.assertEqual(response, response_mock)
def test_path_outside_widget_folder(self): request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks() response_mock = MagicMock() response_mock.status_code = 302 headers = {'Location': 'manage.py'} def set_header(key, value): headers[key] = value def get_header(key): return headers[key] response_mock.__setitem__.side_effect = set_header response_mock.__getitem__.side_effect = get_header build_downloadfile_response_mock.return_value = response_mock with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock): response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'test/../../../../../../manage.py') self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], reverse('wirecloud_catalogue.media', kwargs= {"vendor": 'Wirecloud', "name": 'Test', "version": '1.0', "file_path": 'manage.py'})) self.assertTrue(response['Location'].endswith('manage.py'))
def test_path_outside_widget_folder(self): request, get_object_or_404_mock, build_downloadfile_response_mock = self.build_mocks() response_mock = MagicMock() response_mock.status_code = 302 headers = {'Location': 'manage.py'} def set_header(key, value): headers[key] = value def get_header(key): return headers[key] response_mock.__setitem__.side_effect = set_header response_mock.__getitem__.side_effect = get_header build_downloadfile_response_mock.return_value = response_mock with patch.multiple('wirecloud.catalogue.views', get_object_or_404=get_object_or_404_mock, build_downloadfile_response=build_downloadfile_response_mock): response = serve_catalogue_media(request, 'Wirecloud', 'Test', '1.0', 'test/../../../../../../manage.py') self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], reverse('wirecloud_catalogue.media', kwargs={"vendor": 'Wirecloud', "name": 'Test', "version": '1.0', "file_path": 'manage.py'})) self.assertTrue(response['Location'].endswith('manage.py'))