| 34 | @pytest.mark.webtest |
| 35 | class TestWeb: |
| 36 | def testFileSecurity(self, site_url): |
| 37 | assert "Not Found" in getUrl("%s/media/sites.json" % site_url) |
| 38 | assert "Forbidden" in getUrl("%s/media/./sites.json" % site_url) |
| 39 | assert "Forbidden" in getUrl("%s/media/../config.py" % site_url) |
| 40 | assert "Forbidden" in getUrl("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url) |
| 41 | assert "Forbidden" in getUrl("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url) |
| 42 | assert "Forbidden" in getUrl("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url) |
| 43 | |
| 44 | assert "Not Found" in getUrl("%s/raw/sites.json" % site_url) |
| 45 | assert "Forbidden" in getUrl("%s/raw/./sites.json" % site_url) |
| 46 | assert "Forbidden" in getUrl("%s/raw/../config.py" % site_url) |
| 47 | assert "Forbidden" in getUrl("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url) |
| 48 | assert "Forbidden" in getUrl("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url) |
| 49 | assert "Forbidden" in getUrl("%s/raw/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url) |
| 50 | |
| 51 | assert "Forbidden" in getUrl("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url) |
| 52 | assert "Forbidden" in getUrl("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url) |
| 53 | assert "Forbidden" in getUrl("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url) |
| 54 | |
| 55 | assert "Forbidden" in getUrl("%s/content.db" % site_url) |
| 56 | assert "Forbidden" in getUrl("%s/./users.json" % site_url) |
| 57 | assert "Forbidden" in getUrl("%s/./key-rsa.pem" % site_url) |
| 58 | assert "Forbidden" in getUrl("%s/././././././././././//////sites.json" % site_url) |
| 59 | |
| 60 | def testLinkSecurity(self, browser, site_url): |
| 61 | browser.get("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url) |