lollms-webui/tests/pentests/path_traversal/user_infos.py

import unittest

import requests


class TestUserInfosEndpoint(unittest.TestCase):
    def setUp(self):
        self.base_url = "http://127.0.0.1:9600"

    def test_user_infos_endpoint(self):
        print("Testing user_infos endpoint...")

        # Test valid path
        print("Testing valid path...")
        valid_path = "0dbb0245-7b6b-4834-835d-4d9d460b336c.png"
        response = requests.get(f"{self.base_url}/user_infos/{valid_path}")
        self.assertEqual(response.status_code, 200)
        print(f"Status code: {response.status_code} (expected: 200)\n")

        # Test path starting with a double slash
        print("Testing path starting with a double slash...")
        invalid_path = "//Windows/win.ini"
        response = requests.get(f"{self.base_url}/user_infos/{invalid_path}")
        print(f"Response content: {response.content}\n")
        self.assertEqual(response.status_code, 400)
        print(f"Status code: {response.status_code} (expected: 400)\n")

        # Test path containing suspicious patterns
        print("Testing path containing suspicious patterns...")
        suspicious_path = "../../etc/passwd"
        response = requests.get(f"{self.base_url}/user_infos/{suspicious_path}")
        print(f"Response content: {response.content}\n")
        self.assertEqual(response.status_code, 400)
        print(f"Status code: {response.status_code} (expected: 400)\n")


if __name__ == "__main__":
    unittest.main()
news 2024-03-15 22:09:22 +00:00			`import unittest`

upgraded linting 2024-12-19 12:48:57 +00:00			`import requests`


news 2024-03-15 22:09:22 +00:00			`class TestUserInfosEndpoint(unittest.TestCase):`
			`def setUp(self):`
upgraded linting 2024-12-19 12:48:57 +00:00			`self.base_url = "http://127.0.0.1:9600"`
news 2024-03-15 22:09:22 +00:00
			`def test_user_infos_endpoint(self):`
			`print("Testing user_infos endpoint...")`

			`# Test valid path`
			`print("Testing valid path...")`
upgraded linting 2024-12-19 12:48:57 +00:00			`valid_path = "0dbb0245-7b6b-4834-835d-4d9d460b336c.png"`
			`response = requests.get(f"{self.base_url}/user_infos/{valid_path}")`
news 2024-03-15 22:09:22 +00:00			`self.assertEqual(response.status_code, 200)`
			`print(f"Status code: {response.status_code} (expected: 200)\n")`

			`# Test path starting with a double slash`
			`print("Testing path starting with a double slash...")`
upgraded linting 2024-12-19 12:48:57 +00:00			`invalid_path = "//Windows/win.ini"`
			`response = requests.get(f"{self.base_url}/user_infos/{invalid_path}")`
news 2024-03-15 22:09:22 +00:00			`print(f"Response content: {response.content}\n")`
			`self.assertEqual(response.status_code, 400)`
			`print(f"Status code: {response.status_code} (expected: 400)\n")`

			`# Test path containing suspicious patterns`
			`print("Testing path containing suspicious patterns...")`
upgraded linting 2024-12-19 12:48:57 +00:00			`suspicious_path = "../../etc/passwd"`
			`response = requests.get(f"{self.base_url}/user_infos/{suspicious_path}")`
news 2024-03-15 22:09:22 +00:00			`print(f"Response content: {response.content}\n")`
			`self.assertEqual(response.status_code, 400)`
			`print(f"Status code: {response.status_code} (expected: 400)\n")`

upgraded linting 2024-12-19 12:48:57 +00:00
			`if __name__ == "__main__":`
news 2024-03-15 22:09:22 +00:00			`unittest.main()`