File tree Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Original file line number Diff line number Diff line change @@ -516,6 +516,17 @@ def test_static_not_found(self):
516516
517517 assert 'Static file not found: <b>notfound.css</b>' in resp .text
518518
519+ def test_path_traversal_not_found (self ):
520+ resp = self .testapp .get ('/static/../../../../osfile.txt' , status = 404 )
521+ assert resp .status_int == 404
522+
523+ assert 'Static file not found: <b>../../../../osfile.txt</b>' in resp .text
524+
525+ resp = self .testapp .get ('/static%2F..%2F..%2F..%2F..%2Fosfile.txt' , status = 404 )
526+ assert resp .status_int == 404
527+
528+ assert 'Static file not found: <b>..%2F..%2F..%2F..%2Fosfile.txt</b>' in resp .text
529+
519530 def test_cdx_server_filters (self ):
520531 resp = self .testapp .get ('/pywb/cdx?url=http://www.iana.org/_css/2013.1/screen.css&filter=mime:warc/revisit&filter=filename:dupes.warc.gz' )
521532 assert resp .content_type == 'text/x-cdxj'
You can’t perform that action at this time.
0 commit comments