oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rev2034, Fix leaking users.json via webui

Browse source
This commit is contained in:
shortcutme 2017-04-09 16:54:28 +02:00
parent 279e2ae865
commit f3edd8013d
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
3 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/Test/TestWeb.py
View file

@ -38,10 +38,11 @@ class TestWeb:
assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)
assert "Not Found" in wget("%s/content.db" % site_url)
assert "Not Found" in wget("%s/./key-rsa.pem" % site_url)
assert "Not Found" in wget("%s/././././././././././//////sites.json" % site_url)
assert "Forbidden" in wget("%s/content.db" % site_url)
assert "Forbidden" in wget("%s/./users.json" % site_url)
assert "Forbidden" in wget("%s/./key-rsa.pem" % site_url)
assert "Forbidden" in wget("%s/././././././././././//////sites.json" % site_url)
def testLinkSecurity(self, browser, site_url):
browser.get("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url)