2024-03-15 23:09:22 +01:00
|
|
|
import unittest
|
|
|
|
|
2024-12-19 13:48:57 +01:00
|
|
|
import requests
|
|
|
|
|
|
|
|
|
2024-03-15 23:09:22 +01:00
|
|
|
class TestUserInfosEndpoint(unittest.TestCase):
|
|
|
|
def setUp(self):
|
2024-12-19 13:48:57 +01:00
|
|
|
self.base_url = "http://127.0.0.1:9600"
|
2024-03-15 23:09:22 +01:00
|
|
|
|
|
|
|
def test_user_infos_endpoint(self):
|
|
|
|
print("Testing user_infos endpoint...")
|
|
|
|
|
|
|
|
# Test valid path
|
|
|
|
print("Testing valid path...")
|
2024-12-19 13:48:57 +01:00
|
|
|
valid_path = "0dbb0245-7b6b-4834-835d-4d9d460b336c.png"
|
|
|
|
response = requests.get(f"{self.base_url}/user_infos/{valid_path}")
|
2024-03-15 23:09:22 +01:00
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
print(f"Status code: {response.status_code} (expected: 200)\n")
|
|
|
|
|
|
|
|
# Test path starting with a double slash
|
|
|
|
print("Testing path starting with a double slash...")
|
2024-12-19 13:48:57 +01:00
|
|
|
invalid_path = "//Windows/win.ini"
|
|
|
|
response = requests.get(f"{self.base_url}/user_infos/{invalid_path}")
|
2024-03-15 23:09:22 +01:00
|
|
|
print(f"Response content: {response.content}\n")
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
print(f"Status code: {response.status_code} (expected: 400)\n")
|
|
|
|
|
|
|
|
# Test path containing suspicious patterns
|
|
|
|
print("Testing path containing suspicious patterns...")
|
2024-12-19 13:48:57 +01:00
|
|
|
suspicious_path = "../../etc/passwd"
|
|
|
|
response = requests.get(f"{self.base_url}/user_infos/{suspicious_path}")
|
2024-03-15 23:09:22 +01:00
|
|
|
print(f"Response content: {response.content}\n")
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
print(f"Status code: {response.status_code} (expected: 400)\n")
|
|
|
|
|
2024-12-19 13:48:57 +01:00
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2024-03-15 23:09:22 +01:00
|
|
|
unittest.main()
|