##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

TEST: Move test_escape_root to TestFileContentsManager...
Scott Sanderson -
Show More
Show file before | Show file after | Hide comments
@@ -35,6 +35,16 b' def _make_dir(contents_manager, api_path):'
35
35
36 class TestFileContentsManager(TestCase):
36 class TestFileContentsManager(TestCase):
37
37
38 @contextmanager
39 def assertRaisesHTTPError(self, status, msg=None):
40 msg = msg or "Should have raised HTTPError(%i)" % status
41 try:
42 yield
43 except HTTPError as e:
44 self.assertEqual(e.status_code, status)
45 else:
46 self.fail(msg)
47
38 def symlink(self, contents_manager, src, dst):
48 def symlink(self, contents_manager, src, dst):
39 """Make a symlink to src from dst
49 """Make a symlink to src from dst
40
50
@@ -153,6 +163,30 b' class TestFileContentsManager(TestCase):'
153 else:
163 else:
154 self.fail("Should have raised HTTPError(403)")
164 self.fail("Should have raised HTTPError(403)")
155
165
166 def test_escape_root(self):
167 with TemporaryDirectory() as td:
168 cm = FileContentsManager(root_dir=td)
169 # make foo, bar next to root
170 with open(os.path.join(cm.root_dir, '..', 'foo'), 'w') as f:
171 f.write('foo')
172 with open(os.path.join(cm.root_dir, '..', 'bar'), 'w') as f:
173 f.write('bar')
174
175 with self.assertRaisesHTTPError(404):
176 cm.get('..')
177 with self.assertRaisesHTTPError(404):
178 cm.get('foo/../../../bar')
179 with self.assertRaisesHTTPError(404):
180 cm.delete('../foo')
181 with self.assertRaisesHTTPError(404):
182 cm.rename('../foo', '../bar')
183 with self.assertRaisesHTTPError(404):
184 cm.save(model={
185 'type': 'file',
186 'content': u'',
187 'format': 'text',
188 }, path='../foo')
189
156
190
157 class TestContentsManager(TestCase):
191 class TestContentsManager(TestCase):
158
192
@@ -166,16 +200,6 b' class TestContentsManager(TestCase):'
166 def tearDown(self):
200 def tearDown(self):
167 self._temp_dir.cleanup()
201 self._temp_dir.cleanup()
168
202
169 @contextmanager
170 def assertRaisesHTTPError(self, status, msg=None):
171 msg = msg or "Should have raised HTTPError(%i)" % status
172 try:
173 yield
174 except HTTPError as e:
175 self.assertEqual(e.status_code, status)
176 else:
177 self.fail(msg)
178
179 def make_dir(self, api_path):
203 def make_dir(self, api_path):
180 """make a subdirectory at api_path
204 """make a subdirectory at api_path
181
205
@@ -472,29 +496,3 b' class TestContentsManager(TestCase):'
472 cm.mark_trusted_cells(nb, path)
496 cm.mark_trusted_cells(nb, path)
473 cm.check_and_sign(nb, path)
497 cm.check_and_sign(nb, path)
474 assert cm.notary.check_signature(nb)
498 assert cm.notary.check_signature(nb)
475
476 def test_escape_root(self):
477 cm = self.contents_manager
478 # make foo, bar next to root
479 with open(os.path.join(cm.root_dir, '..', 'foo'), 'w') as f:
480 f.write('foo')
481 with open(os.path.join(cm.root_dir, '..', 'bar'), 'w') as f:
482 f.write('bar')
483
484 with self.assertRaisesHTTPError(404):
485 cm.get('..')
486 with self.assertRaisesHTTPError(404):
487 cm.get('foo/../../../bar')
488 with self.assertRaisesHTTPError(404):
489 cm.delete('../foo')
490 with self.assertRaisesHTTPError(404):
491 cm.rename('../foo', '../bar')
492 with self.assertRaisesHTTPError(404):
493 cm.save(model={
494 'type': 'file',
495 'content': u'',
496 'format': 'text',
497 }, path='../foo')
498
499
500
General Comments 0
You need to be logged in to leave comments. Login now