lollms-webui/tests/pentests/path_traversal/user_infos.py

36 lines
1.4 KiB
Python
Raw Normal View History

2024-03-15 22:09:22 +00:00
import requests
import unittest
class TestUserInfosEndpoint(unittest.TestCase):
def setUp(self):
self.base_url = 'http://127.0.0.1:9600'
def test_user_infos_endpoint(self):
print("Testing user_infos endpoint...")
# Test valid path
print("Testing valid path...")
valid_path = '0dbb0245-7b6b-4834-835d-4d9d460b336c.png'
response = requests.get(f'{self.base_url}/user_infos/{valid_path}')
self.assertEqual(response.status_code, 200)
print(f"Status code: {response.status_code} (expected: 200)\n")
# Test path starting with a double slash
print("Testing path starting with a double slash...")
invalid_path = '//Windows/win.ini'
response = requests.get(f'{self.base_url}/user_infos/{invalid_path}')
print(f"Response content: {response.content}\n")
self.assertEqual(response.status_code, 400)
print(f"Status code: {response.status_code} (expected: 400)\n")
# Test path containing suspicious patterns
print("Testing path containing suspicious patterns...")
suspicious_path = '../../etc/passwd'
response = requests.get(f'{self.base_url}/user_infos/{suspicious_path}')
print(f"Response content: {response.content}\n")
self.assertEqual(response.status_code, 400)
print(f"Status code: {response.status_code} (expected: 400)\n")
if __name__ == '__main__':
unittest.main()