oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Test getFile inner_path security

Browse source
This commit is contained in:
shortcutme 2019-07-10 03:14:30 +02:00
parent f4f0e2afa8
commit 8185f4dfda
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/Test/TestFileRequest.py
View file

@ -48,6 +48,12 @@ class TestFileRequest:
response = connection.request("getFile", {"site": site.address, "inner_path": "content.json", "location": 0, "file_size": 1234}) response = connection.request("getFile", {"site": site.address, "inner_path": "content.json", "location": 0, "file_size": 1234})
assert "File size does not match" in response["error"] assert "File size does not match" in response["error"]
# Invalid path
for path in ["../users.json", "./../users.json", "data/../content.json", ".../users.json"]:
for sep in ["/", "\\"]:
response = connection.request("getFile", {"site": site.address, "inner_path": path.replace("/", sep), "location": 0})
assert response["error"] == 'File read exception'
connection.close() connection.close()
client.stop() client.stop()