Git-Mirrors/mat2-web
1
0
Fork 0
mirror of https://0xacab.org/jvoisin/mat2-web.git synced 2025-02-23 16:49:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
mat2-web/test/test_api.py

528 lines
21 KiB
Python
Raw Normal View History

added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
import json
import os
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
import shutil
added endpoint to clean file and return it directly for automated clients
2020-08-21 09:09:19 +02:00
import tempfile
import unittest
Resolve "Delete Files After Adding To Zip"
2019-09-24 10:59:00 -07:00
import zipfile
added endpoint to clean file and return it directly for automated clients
2020-08-21 09:09:19 +02:00
import io
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
file removal background job
2020-03-27 10:59:16 -07:00
from unittest.mock import patch
added endpoint to clean file and return it directly for automated clients
2020-08-21 09:09:19 +02:00
upgrade to oas 3
2020-07-14 15:28:08 +02:00
from openapi_spec_validator import validate_spec
added endpoint to clean file and return it directly for automated clients
2020-08-21 09:09:19 +02:00
from six import BytesIO
file removal background job
2020-03-27 10:59:16 -07:00
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
import main
class Mat2APITestCase(unittest.TestCase):
def setUp(self):
os.environ.setdefault('MAT2_ALLOW_ORIGIN_WHITELIST', 'origin1.gnu origin2.gnu')
self.upload_folder = tempfile.mkdtemp()
Refactoring
2020-04-23 10:39:35 -07:00
app = main.create_app(
test_config={
'TESTING': True,
'UPLOAD_FOLDER': self.upload_folder
}
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
)
Refactoring
2020-04-23 10:39:35 -07:00
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.app = app.test_client()
def tearDown(self):
shutil.rmtree(self.upload_folder)
if os.environ.get('MAT2_ALLOW_ORIGIN_WHITELIST'):
del os.environ['MAT2_ALLOW_ORIGIN_WHITELIST']
def test_api_upload_valid(self):
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
request = self.app.post(
'/api/upload',
data='{"file_name": "test_name.jpg", '
'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
headers={'content-type': 'application/json'}
)
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertEqual(request.headers['Content-Type'], 'application/json')
self.assertEqual(request.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
fixed tests for 201 http after upload
2020-07-13 08:52:59 +02:00
self.assertEqual(request.status_code, 201)
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
Refactoring
2020-04-23 10:39:35 -07:00
data = request.get_json()
added new property which indicates the remaining download time in secs
2020-05-15 14:38:13 +02:00
self.assertEqual(data['inactive_after_sec'], 15 * 60)
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
self.assertEqual(data['output_filename'], 'test_name.cleaned.jpg')
self.assertEqual(data['mime'], 'image/jpeg')
self.assertEqual(len(data['secret']), 64)
self.assertEqual(len(data['key']), 64)
self.assertNotEqual(data['key'], data['secret'])
self.assertTrue('http://localhost/api/download/' in data['download_link'])
self.assertTrue('test_name.cleaned.jpg' in data['download_link'])
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
def test_api_upload_missing_params(self):
request = self.app.post('/api/upload',
data='{"file_name": "test_name.jpg"}',
headers={'content-type': 'application/json'}
)
self.assertEqual(request.headers['Content-Type'], 'application/json')
self.assertEqual(request.status_code, 400)
Refactoring
2020-04-23 10:39:35 -07:00
error = request.get_json()['message']
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertEqual(error['file'], 'Post parameter is not specified: file')
request = self.app.post('/api/upload',
data='{"file_name": "test_name.jpg", "file": "invalid base46 string"}',
headers={'content-type': 'application/json'}
)
self.assertEqual(request.headers['Content-Type'], 'application/json')
self.assertEqual(request.status_code, 400)
Refactoring
2020-04-23 10:39:35 -07:00
error = request.get_json()['message']
Resolve "Fuzzing Errors /api/upload"
2020-05-08 09:10:18 -07:00
self.assertEqual(error, 'Failed decoding file')
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
def test_api_not_supported(self):
request = self.app.post('/api/upload',
data='{"file_name": "test_name.pdf", '
'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
headers={'content-type': 'application/json'}
)
self.assertEqual(request.headers['Content-Type'], 'application/json')
self.assertEqual(request.status_code, 415)
Refactoring
2020-04-23 10:39:35 -07:00
error = request.get_json()['message']
catch newly thrown ValueErrors on get_file_parser
2021-03-23 21:20:54 +01:00
self.assertEqual(error, 'The filetype is not supported')
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
def test_api_supported_extensions(self):
rv = self.app.get('/api/extension')
self.assertEqual(rv.status_code, 200)
self.assertEqual(rv.headers['Content-Type'], 'application/json')
self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
extensions = json.loads(rv.data.decode('utf-8'))
self.assertIn('.pot', extensions)
Removed .asc assertion in supported extensions list
2021-01-29 02:40:42 -08:00
self.assertIn('.jpg', extensions)
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertIn('.png', extensions)
self.assertIn('.zip', extensions)
def test_api_cors_not_set(self):
del os.environ['MAT2_ALLOW_ORIGIN_WHITELIST']
app = main.create_app()
app.config.update(
TESTING=True
)
app = app.test_client()
rv = app.get('/api/extension')
self.assertEqual(rv.headers['Access-Control-Allow-Origin'], '*')
def test_api_cors(self):
rv = self.app.get('/api/extension')
self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
rv = self.app.get('/api/extension', headers={'Origin': 'origin2.gnu'})
self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin2.gnu')
rv = self.app.get('/api/extension', headers={'Origin': 'origin1.gnu'})
self.assertEqual(rv.headers['Access-Control-Allow-Origin'], 'origin1.gnu')
file removal background job
2020-03-27 10:59:16 -07:00
def test_api_cleaning_failed(self):
request = self.app.post('/api/upload',
data='{"file_name": "test_name.zip", '
'"file": "UEsDBBQACAAIAPicPE8AAAAAAAAAAAAAAAAXACAAZmFpbGluZy5ub3Qt'
'd29ya2luZy1leHRVVA0AB+Saj13kmo9d5JqPXXV4CwABBOkDAAAE6QMAAAMAUEsHCAAA'
'AAACAAAAAAAAAFBLAwQUAAgACAD6nDxPAAAAAAAAAAAAAAAACQAgAHRlc3QuanNvblVUD'
'QAH6JqPXeiaj13omo9ddXgLAAEE6QMAAATpAwAAAwBQSwcIAAAAAAIAAAAAAAAAUEsBAhQD'
'FAAIAAgA+Jw8TwAAAAACAAAAAAAAABcAIAAAAAAAAAAAAKSBAAAAAGZhaWxpbmcubm90LXd'
'vcmtpbmctZXh0VVQNAAfkmo9d5JqPXeSaj111eAsAAQTpAwAABOkDAABQSwECFAMUAAgACAD6'
'nDxPAAAAAAIAAAAAAAAACQAgAAAAAAAAAAAApIFnAAAAdGVzdC5qc29uVVQNAAfomo9d6JqPXe'
'iaj111eAsAAQTpAwAABOkDAABQSwUGAAAAAAIAAgC8AAAAwAAAAAAA"}',
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
error = request.get_json()['message']
handle not supported files in zips
2020-09-13 16:56:02 +02:00
self.assertEqual(request.status_code, 400)
file removal background job
2020-03-27 10:59:16 -07:00
self.assertEqual(error, 'Unable to clean application/zip')
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
def test_api_download(self):
request = self.app.post('/api/upload',
data='{"file_name": "test_name.jpg", '
'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
headers={'content-type': 'application/json'}
)
use main flasgger lib and workaround a know and unsolved problem
2021-11-01 16:06:05 +01:00
print(request.get_json())
fixed tests for 201 http after upload
2020-07-13 08:52:59 +02:00
self.assertEqual(request.status_code, 201)
Refactoring
2020-04-23 10:39:35 -07:00
data = request.get_json()
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
request = self.app.get('http://localhost/api/download/161/'
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
'81a541f9ebc0233d419d25ed39908b16f82be26a783f32d56c381559e84e6161/test name.cleaned.jpg')
self.assertEqual(request.status_code, 400)
Refactoring
2020-04-23 10:39:35 -07:00
error = request.get_json()['message']
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertEqual(error, 'Insecure filename')
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
request = self.app.get(data['download_link'].replace('test_name', 'wrong_test'))
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertEqual(request.status_code, 404)
Refactoring
2020-04-23 10:39:35 -07:00
error = request.get_json()['message']
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertEqual(error, 'File not found')
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
uri_parts = data['download_link'].split("/")
self.assertEqual(len(uri_parts[5]), len(uri_parts[6]))
self.assertEqual(64, len(uri_parts[5]))
key_uri_parts = uri_parts
key_uri_parts[5] = '70623619c'
request = self.app.get("/".join(key_uri_parts))
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertEqual(request.status_code, 400)
Refactoring
2020-04-23 10:39:35 -07:00
error = request.get_json()['message']
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
self.assertEqual(error, 'The file hash does not match')
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
key_uri_parts = uri_parts
key_uri_parts[6] = '70623619c'
request = self.app.get("/".join(key_uri_parts))
self.assertEqual(request.status_code, 400)
error = request.get_json()['message']
self.assertEqual(error, 'The file hash does not match')
handle HEAD requests correctly
2019-10-02 08:25:55 -07:00
request = self.app.head(data['download_link'])
self.assertEqual(request.status_code, 200)
self.assertEqual(request.headers['Content-Length'], '633')
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
request = self.app.get(data['download_link'])
self.assertEqual(request.status_code, 200)
Content disposition header
2019-10-03 04:29:42 -07:00
self.assertIn('attachment; filename=test_name.cleaned.jpg', request.headers['Content-Disposition'])
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
request = self.app.get(data['download_link'])
self.assertEqual(request.status_code, 404)
def test_api_bulk_download(self):
request = self.app.post('/api/upload',
data='{"file_name": "test_name.jpg", '
'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
upload_one = request.get_json()
use main flasgger lib and workaround a know and unsolved problem
2021-11-01 16:06:05 +01:00
self.assertEqual(request.status_code, 201)
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
request = self.app.post('/api/upload',
data='{"file_name": "test_name_two.jpg", '
'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42'
'mO0vqpQDwAENAGxOnU0jQAAAABJRU5ErkJggg=="}',
headers={'content-type': 'application/json'}
)
fixed tests for 201 http after upload
2020-07-13 08:52:59 +02:00
self.assertEqual(request.status_code, 201)
Refactoring
2020-04-23 10:39:35 -07:00
upload_two = request.get_json()
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
post_body = {
u'download_list': [
{
u'file_name': upload_one['output_filename'],
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
u'key': upload_one['key'],
u'secret': upload_one['secret']
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
},
{
u'file_name': upload_two['output_filename'],
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
u'key': upload_two['key'],
u'secret': upload_two['secret']
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
}
]
}
request = self.app.post('/api/download/bulk',
data=json.dumps(post_body),
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
response = request.get_json()
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
self.assertEqual(request.status_code, 201)
self.assertIn(
"http://localhost/api/download/",
response['download_link']
)
self.assertIn(
".cleaned.zip",
response['download_link']
)
self.assertIn('files.', response['output_filename'])
self.assertIn('cleaned.zip', response['output_filename'])
replcaed equals
2020-07-13 11:02:08 +02:00
self.assertEqual(15 * 60, response['inactive_after_sec'])
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
self.assertIn(response['mime'], 'application/zip')
self.assertEqual(response['meta_after'], {})
handle HEAD requests correctly
2019-10-02 08:25:55 -07:00
request = self.app.head(response['download_link'])
self.assertEqual(request.status_code, 200)
make test no dependent from mat2 cleaning performance ;)
2020-05-14 19:39:41 +02:00
self.assertTrue(request.headers['Content-Length'])
handle HEAD requests correctly
2019-10-02 08:25:55 -07:00
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
request = self.app.get(response['download_link'])
Content disposition header
2019-10-03 04:29:42 -07:00
self.assertIn('attachment; filename=files.', request.headers['Content-Disposition'])
Resolve "Delete Files After Adding To Zip"
2019-09-24 10:59:00 -07:00
zip_response = zipfile.ZipFile(BytesIO(request.data))
replcaed equals
2020-07-13 11:02:08 +02:00
self.assertEqual(2, len(zip_response.namelist()))
Resolve "Delete Files After Adding To Zip"
2019-09-24 10:59:00 -07:00
for name in zip_response.namelist():
self.assertIn('.cleaned.jpg', name)
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
self.assertEqual(request.status_code, 200)
request = self.app.get(response['download_link'])
self.assertEqual(request.status_code, 404)
Resolve "Delete Files After Adding To Zip"
2019-09-24 10:59:00 -07:00
request = self.app.get(upload_one['download_link'])
self.assertEqual(request.status_code, 404)
request = self.app.get(upload_two['download_link'])
self.assertEqual(request.status_code, 404)
catch no bulk post body
2020-07-14 22:49:24 +02:00
def test_api_bulk_empty_body(self):
request = self.app.post(
'/api/download/bulk',
)
self.assertEqual(400, request.status_code)
error_message = request.get_json()['message']
self.assertEqual("Post Body Required", error_message)
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
def test_api_bulk_download_validation(self):
post_body = {
u'download_list': [
{
u'file_name': 'invalid_file_name',
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
u'key': 'invalid_key',
u'secret': 'invalid_secret'
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
}
]
}
request = self.app.post('/api/download/bulk',
data=json.dumps(post_body),
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
response = request.get_json()
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
self.assertEqual(response['message']['download_list'][0], 'min length is 2')
self.assertEqual(request.status_code, 400)
make filename and key required fields
2019-09-24 19:29:51 +02:00
post_body = {
u'download_list': [{}, {}]
}
request = self.app.post('/api/download/bulk',
data=json.dumps(post_body),
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
response = request.get_json()
make filename and key required fields
2019-09-24 19:29:51 +02:00
self.assertEqual(response['message']['download_list'][0]['0'][0]['file_name'][0], 'required field')
self.assertEqual(response['message']['download_list'][0]['0'][0]['key'][0], 'required field')
self.assertEqual(request.status_code, 400)
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
post_body = {
u'download_list': [
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
},
{
u'file_name': 'test.jpg',
u'key': 'key'
}
]
}
request = self.app.post('/api/download/bulk',
data=json.dumps(post_body),
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
response = request.get_json()
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
self.assertEqual(response['message']['download_list'][0], 'max length is 10')
self.assertEqual(request.status_code, 400)
post_body = {
u'download_list': [
{
u'file_name': 'invalid_file_name1',
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
u'key': 'invalid_key1',
u'secret': 'invalid_secret1'
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
},
{
u'file_name': 'invalid_file_name2',
Resolve "Use a HMAC instead of a hash"
2020-04-26 09:50:14 -07:00
u'key': 'invalid_key2',
u'secret': 'invalid_secret2'
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
}
]
}
request = self.app.post('/api/download/bulk',
data=json.dumps(post_body),
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
response = request.get_json()
Api/bulk download for frontend
2019-09-21 05:58:05 -07:00
self.assertEqual('File not found', response['message'])
Refactoring
2020-04-23 10:39:35 -07:00
@patch('matweb.file_removal_scheduler.random.randint')
file removal background job
2020-03-27 10:59:16 -07:00
def test_api_upload_leftover(self, randint_mock):
os.environ['MAT2_MAX_FILE_AGE_FOR_REMOVAL'] = '0'
self.upload_folder = tempfile.mkdtemp()
Refactoring
2020-04-23 10:39:35 -07:00
app = main.create_app(
test_config={
'TESTING': True,
'UPLOAD_FOLDER': self.upload_folder
}
file removal background job
2020-03-27 10:59:16 -07:00
)
app = app.test_client()
randint_mock.return_value = 1
self.upload_download_test_jpg_and_assert_response_code(app, 200)
randint_mock.return_value = 0
self.upload_download_test_jpg_and_assert_response_code(app, 404)
added new property which indicates the remaining download time in secs
2020-05-15 14:38:13 +02:00
os.environ['MAT2_MAX_FILE_AGE_FOR_REMOVAL'] = str(15 * 60)
file removal background job
2020-03-27 10:59:16 -07:00
def upload_download_test_jpg_and_assert_response_code(self, app, code):
request = app.post('/api/upload',
data='{"file_name": "test_name.jpg", '
'"file": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAf'
'FcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg=="}',
headers={'content-type': 'application/json'}
)
Refactoring
2020-04-23 10:39:35 -07:00
download_link = request.get_json()['download_link']
file removal background job
2020-03-27 10:59:16 -07:00
request = app.get(download_link)
self.assertEqual(code, request.status_code)
validate bulk body is parsable
2021-08-23 20:56:49 +02:00
def test_download_naughty_input(self):
request = self.app.get(
'/api/download/%F2%8C%BF%BD%F1%AE%98%A3%E4%B7%B8%F2%9B%94%BE%F2%A7%8B%83%F1%B1%80%9F%F3%AA%89%A6/1p/str'
)
error_message = request.get_json()['message']
self.assertEqual(404, request.status_code)
self.assertEqual("File not found", error_message)
def test_download_bulk_naughty_input(self):
request = self.app.post(
'/api/download/bulk',
data='\"\'\'\'&type %SYSTEMROOT%\\\\win.ini\"',
headers={'content-type': 'application/json'}
)
error_message = request.get_json()['message']
self.assertEqual(400, request.status_code)
self.assertEqual("Invalid Post Body", error_message)
Resolve "Fuzzing Errors /api/upload"
2020-05-08 09:10:18 -07:00
def test_upload_naughty_input(self):
request = self.app.post('/api/upload',
data='{"file_name": "\\\\", '
'"file": "\\\\"}',
headers={'content-type': 'application/json'}
)
error_message = request.get_json()['message']
self.assertEqual(400, request.status_code)
self.assertEqual("Invalid Filename", error_message)
request = self.app.post('/api/upload',
data='{"file_name": "", '
'"file": ""}',
headers={'content-type': 'application/json'}
)
error_message = request.get_json()['message']
self.assertEqual(400, request.status_code)
self.assertEqual("Failed decoding file", error_message)
added missing error handler
2021-08-23 20:42:42 +02:00
request = self.app.post('/api/upload',
data="\"\'\'\'&&cat$z $z/etc$z/passwdu0000\"",
headers={'content-type': 'application/json'}
)
error_message = request.get_json()['message']
self.assertEqual(400, request.status_code)
self.assertEqual("Failed parsing body", error_message)
upgrade to oas 3
2020-07-14 15:28:08 +02:00
def test_valid_opena_api_spec(self):
spec = self.app.get('apispec_1.json').get_json()
use main flasgger lib and workaround a know and unsolved problem
2021-11-01 16:06:05 +01:00
# Test workaround due to https://github.com/flasgger/flasgger/issues/374
del spec['definitions']
upgrade to oas 3
2020-07-14 15:28:08 +02:00
validate_spec(spec)
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
added endpoint to clean file and return it directly for automated clients
2020-08-21 09:09:19 +02:00
def test_remove_metadata(self):
r = self.app.post(
'/api/remove_metadata',
data=dict(
file=(io.BytesIO(b""), 'test.txt'),
),
follow_redirects=False
)
self.assertEqual(r.status_code, 200)
self.assertEqual(r.headers['Content-Disposition'], 'attachment; filename=test.cleaned.txt')
self.assertEqual(r.headers['Content-Type'], 'text/plain; charset=utf-8')
self.assertEqual(r.data, b'')
def test_remove_metdata_validation(self):
r = self.app.post(
'/api/remove_metadata',
data=dict(
fileNotExisting=(io.BytesIO(b""), 'test.random'),
),
follow_redirects=False
)
changed missing file part error message
2021-12-17 20:21:11 +01:00
self.assertEqual(
r.get_json()['message'],
'File part missing: Multipart filename and non-chunked-transfer-encoding required'
)
added endpoint to clean file and return it directly for automated clients
2020-08-21 09:09:19 +02:00
self.assertEqual(r.status_code, 400)
r = self.app.post(
'/api/remove_metadata',
data=dict(
file=(io.BytesIO(b""), ''),
),
follow_redirects=False
)
self.assertEqual(r.get_json()['message'], 'No selected `file`')
self.assertEqual(r.status_code, 400)
r = self.app.post(
'/api/remove_metadata',
data=dict(
file=(io.BytesIO(b""), '../../'),
),
follow_redirects=False
)
self.assertEqual(r.get_json()['message'], 'Invalid Filename')
self.assertEqual(r.status_code, 400)
r = self.app.post(
'/api/remove_metadata',
data=dict(
file=(io.BytesIO(b""), 'test.random'),
),
follow_redirects=False
)
catch newly thrown ValueErrors on get_file_parser
2021-03-23 21:20:54 +01:00
self.assertEqual(r.get_json()['message'], 'The filetype is not supported')
added endpoint to clean file and return it directly for automated clients
2020-08-21 09:09:19 +02:00
self.assertEqual(r.status_code, 415)
added a docker dev environment Signed-off-by: Jan Friedli <jan.friedli@immerda.ch>
2019-07-09 14:56:21 -07:00
if __name__ == '__main__':
unittest.main()
Reference in New Issue Copy Permalink