diff options
| author | Michael Merickel <michael@merickel.org> | 2023-08-24 23:49:50 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2023-08-24 23:49:50 -0600 |
| commit | b4e78bd14f7bbfce76399510a78b5346f9bd73e1 (patch) | |
| tree | c6a3597b7d05ec644ba7093198e7d6a64e8b1c05 /tests/test_integration.py | |
| parent | 0919da5326ef65fb6569bc045ee0c0f033185f1c (diff) | |
| parent | 6726314834d0de9e29c45dcb3d6f3ce9118a956d (diff) | |
| download | pyramid-b4e78bd14f7bbfce76399510a78b5346f9bd73e1.tar.gz pyramid-b4e78bd14f7bbfce76399510a78b5346f9bd73e1.tar.bz2 pyramid-b4e78bd14f7bbfce76399510a78b5346f9bd73e1.zip | |
Merge branch 'tseaver-jp_exploit_fix'
Diffstat (limited to 'tests/test_integration.py')
| -rw-r--r-- | tests/test_integration.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/test_integration.py b/tests/test_integration.py index 0b55872d2..63a7088e9 100644 --- a/tests/test_integration.py +++ b/tests/test_integration.py @@ -225,6 +225,26 @@ class TestStaticAppUsingAssetSpec(StaticAppBase, unittest.TestCase): package = 'tests.pkgs.static_assetspec' +class TestStaticAppUsingAbsPathNulByte(IntegrationBase, unittest.TestCase): + package = 'tests.pkgs.static_abspath_nulbyte' + + def test_nulbyte_chroot(self): + super_w_null = '..\x00/' + self.testapp.get(f'/{super_w_null}', status=404) + + +class TestStaticAppUsingAssetSpecNulByte(IntegrationBase, unittest.TestCase): + package = 'tests.pkgs.static_assetspec_nulbyte' + + def test_nulbyte_chroot(self): + super_w_null = '..\x00/' + self.testapp.get(f'/{super_w_null}', status=404) + + def test_nulbyte_chroot_assetspec_override(self): + super_w_null = '..\x00/' + self.testapp.get(f'/sub/{super_w_null}', status=404) + + class TestStaticAppWithEncodings(IntegrationBase, unittest.TestCase): package = 'tests.pkgs.static_encodings' |