diff options
| author | Chris McDonough <chrism@plope.com> | 2011-09-08 00:09:08 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2011-09-08 00:09:08 -0400 |
| commit | 66fe31ffbc821bb6d57eb441d3f19797f370e85b (patch) | |
| tree | 9d232ad18ceba54674aeeda05c2389cfabd0bb19 | |
| parent | a3cd6b3ff1a02c5fad56cecb5178ca2ec77c3bfa (diff) | |
| download | pyramid-66fe31ffbc821bb6d57eb441d3f19797f370e85b.tar.gz pyramid-66fe31ffbc821bb6d57eb441d3f19797f370e85b.tar.bz2 pyramid-66fe31ffbc821bb6d57eb441d3f19797f370e85b.zip | |
add another oob test
| -rw-r--r-- | pyramid/tests/test_integration.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/pyramid/tests/test_integration.py b/pyramid/tests/test_integration.py index 3e2a6e452..cd259b630 100644 --- a/pyramid/tests/test_integration.py +++ b/pyramid/tests/test_integration.py @@ -131,13 +131,18 @@ class TestStaticAppBase(IntegrationBase): def test_notfound(self): self.testapp.get('/static/wontbefound.html', status=404) - def test_oob_doubledot(self): + def test_oob_dotdotslash(self): self.testapp.get('/static/../../test_integration.py', status=404) + def test_oob_dotdotslash_encoded(self): + self.testapp.get('/static/%2E%2E%2F/test_integration.py', status=404) + # XXX pdb this + def test_oob_slash(self): self.testapp.get('/%2F/test_integration.py', status=404) # XXX pdb this + class TestStaticAppUsingAbsPath(TestStaticAppBase, unittest.TestCase): package = 'pyramid.tests.pkgs.static_abspath' |