From f630e6c25e6578e2390df2cc38cc6869796f89f8 Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Mon, 10 Jul 2017 02:42:41 +0200
Subject: [PATCH] Test raw access security

---
 src/Test/TestWeb.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/Test/TestWeb.py b/src/Test/TestWeb.py
index 8cbce1cf..a6ad726c 100644
--- a/src/Test/TestWeb.py
+++ b/src/Test/TestWeb.py
@@ -30,11 +30,20 @@ def wget(url):
 @pytest.mark.webtest
 class TestWeb:
     def testFileSecurity(self, site_url):
+        assert "Not Found" in wget("%s/media/sites.json" % site_url)
         assert "Not Found" in wget("%s/media/./sites.json" % site_url)
         assert "Forbidden" in wget("%s/media/../config.py" % site_url)
         assert "Forbidden" in wget("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
         assert "Forbidden" in wget("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
         assert "Forbidden" in wget("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)
+
+        assert "Not Found" in wget("%s/raw/sites.json" % site_url)
+        assert "Forbidden" in wget("%s/raw/./sites.json" % site_url)
+        assert "Forbidden" in wget("%s/raw/../config.py" % site_url)
+        assert "Forbidden" in wget("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
+        assert "Forbidden" in wget("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
+        assert "Forbidden" in wget("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)
+
         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)