File: test_static_hosting.py

package info (click to toggle)
quart 0.20.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,892 kB
  • sloc: python: 8,644; makefile: 42; sh: 17; sql: 6
file content (33 lines) | stat: -rw-r--r-- 1,063 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
from __future__ import annotations

from pathlib import Path

from quart.app import Quart


async def test_host_matching() -> None:
    app = Quart(__name__, static_folder="./assets", static_url_path="/static")

    test_client = app.test_client()

    response = await test_client.get("/static/config.cfg")
    assert response.status_code == 200
    data = await response.get_data(as_text=False)
    expected_data = (Path(__file__).parent / "assets/config.cfg").read_bytes()
    assert data == expected_data

    response = await test_client.get("/static/foo")
    assert response.status_code == 404

    # Should not be able to escape !
    response = await test_client.get("/static/../foo")
    assert response.status_code == 404

    response = await test_client.get("/static/../assets/config.cfg")
    assert response.status_code == 404

    # Non-escaping path with ..
    response = await test_client.get("/static/foo/../config.cfg")
    assert response.status_code == 200
    data = await response.get_data(as_text=False)
    assert data == expected_data