1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
import os
import posixpath
import pytest
from werkzeug.security import check_password_hash
from werkzeug.security import generate_password_hash
from werkzeug.security import safe_join
def test_password_hashing():
hash0 = generate_password_hash("default")
assert check_password_hash(hash0, "default")
assert hash0.startswith("pbkdf2:sha256:260000$")
hash1 = generate_password_hash("default", "sha1")
hash2 = generate_password_hash("default", method="sha1")
assert hash1 != hash2
assert check_password_hash(hash1, "default")
assert check_password_hash(hash2, "default")
assert hash1.startswith("sha1$")
assert hash2.startswith("sha1$")
with pytest.raises(ValueError):
generate_password_hash("default", "sha1", salt_length=0)
fakehash = generate_password_hash("default", method="plain")
assert fakehash == "plain$$default"
assert check_password_hash(fakehash, "default")
def test_safe_join():
assert safe_join("foo", "bar/baz") == posixpath.join("foo", "bar/baz")
assert safe_join("foo", "../bar/baz") is None
if os.name == "nt":
assert safe_join("foo", "foo\\bar") is None
def test_safe_join_os_sep():
import werkzeug.security as sec
prev_value = sec._os_alt_seps
sec._os_alt_seps = "*"
assert safe_join("foo", "bar/baz*") is None
sec._os_alt_steps = prev_value
def test_safe_join_empty_trusted():
assert safe_join("", "c:test.txt") == "./c:test.txt"
|
