cphipps/changedetection.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security check - improve test

Browse Source
This commit is contained in:
dgtlmoon
2024-11-07 19:41:48 +01:00
parent 6aceeb01ab
commit 751239250f
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
changedetectionio/tests/test_security.py
View File

@@ -64,7 +64,7 @@ def test_bad_access(client, live_server, measure_memory_usage):
def test_file_slashslash_access(client, live_server, measure_memory_usage): def test_file_slashslash_access(client, live_server, measure_memory_usage):
#live_server_setup(live_server) #live_server_setup(live_server)
test_file_path = "/tmp/test-file.txt" test_file_path = os.path.abspath(__file__)
# file:// is permitted by default, but it will be caught by ALLOW_FILE_URI # file:// is permitted by default, but it will be caught by ALLOW_FILE_URI
client.post( client.post(
@@ -82,8 +82,7 @@ def test_file_slashslash_access(client, live_server, measure_memory_usage):
follow_redirects=True follow_redirects=True
) )
# Should see something (this file added by run_basic_tests.sh) assert b"test_file_slashslash_access" in res.data
assert b"Hello world" in res.data
else: else:
# Default should be here # Default should be here
assert b'file:// type access is denied for security reasons.' in res.data assert b'file:// type access is denied for security reasons.' in res.data
@@ -109,8 +108,7 @@ def test_file_slash_access(client, live_server, measure_memory_usage):
follow_redirects=True follow_redirects=True
) )
# Should see something (this file added by run_basic_tests.sh) assert b"test_file_slash_access" in res.data
assert b"Hello world" in res.data
else: else:
# Default should be here # Default should be here
assert b'file:// type access is denied for security reasons.' in res.data assert b'file:// type access is denied for security reasons.' in res.data