7
7
"""Tests for method and classes in wikkid.app."""
11
from wikkid.app import WikkidApp
12
from wikkid.filestore.volatile import FileStore
13
from wikkid.tests import TestCase
16
class TestApp(TestCase):
18
def test_traverse_above_static_not_possible_with_relative_path(self):
20
Traversal above the static folder, by forging a malicious request with
21
a relative path for example, is not possible.
24
"REQUEST_METHOD": "GET",
25
"PATH_INFO": "/static/../page.html",
28
def start_response(status, headers):
29
self.assertEqual("404 Not Found", status)
31
filestore = FileStore()
32
app = WikkidApp(filestore)
33
app(environ, start_response)
35
def test_traverse_above_static_not_possible_with_absolute_path(self):
37
Traversal above the static folder, by forging a malicious request
38
including an absolute path for example, is not possible.
40
this_file = os.path.abspath(__file__)
42
"REQUEST_METHOD": "GET",
43
"PATH_INFO": "/static/" + this_file,
46
def start_response(status, headers):
47
self.assertEqual("404 Not Found", status)
49
filestore = FileStore()
50
app = WikkidApp(filestore)
51
app(environ, start_response)