diff options
author | Victor Shyba <victor1984@riseup.net> | 2017-05-01 06:21:01 -0300 |
---|---|---|
committer | Victor Shyba <victor1984@riseup.net> | 2017-05-01 06:29:00 -0300 |
commit | 0c22a7047553afdc1ed8a33bea17ccbe842e5e6e (patch) | |
tree | 74c98bc002bfce146771b8f9c522cbf9151dfa5a /testing/tests/blobs/test_fs_backend.py | |
parent | 313cc19603d787cf40ffe6e5a1feeed2b6226a39 (diff) |
[feature] blobs path validation
Check if user and blob_id are valid strings, then check if the resulting
path is a subdirectory of blobs configured path.
- Related: #8800
Diffstat (limited to 'testing/tests/blobs/test_fs_backend.py')
-rw-r--r-- | testing/tests/blobs/test_fs_backend.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/testing/tests/blobs/test_fs_backend.py b/testing/tests/blobs/test_fs_backend.py index 39ee0028..0d7e9789 100644 --- a/testing/tests/blobs/test_fs_backend.py +++ b/testing/tests/blobs/test_fs_backend.py @@ -97,3 +97,11 @@ class FilesystemBackendTestCase(unittest.TestCase): walk_mock.return_value = [(_, _, ['blob_0']), (_, _, ['blob_1'])] result = json.loads(backend.list_blobs('user', DummyRequest(['']))) self.assertEquals(result, ['blob_0', 'blob_1']) + + @pytest.mark.usefixtures("method_tmpdir") + def test_path_validation_for_subdirectories(self): + blobs_path = self.tempdir + backend = _blobs.FilesystemBlobsBackend(blobs_path) + self.assertFalse(backend._valid_subdir('/')) + self.assertFalse(backend._valid_subdir(blobs_path + '../../../../../')) + self.assertTrue(backend._valid_subdir(os.path.join(blobs_path, 'x'))) |