added tests for dos attack and fixed a minor error in fun facts

2024-12-18 20:17:50 +00:00 · 2024-11-12 22:28:49 +01:00 · 2024-11-12 22:28:49 +01:00 · 4ab1ab4161
commit 4ab1ab4161
parent 5c319a60a0
8 changed files with 87 additions and 7 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 9942d177a1b4c8c424d6dcb89cdb1a6ff6fa99d4
+Subproject commit 6b0675d5fedbb11c6c7dce393601104176745c99
--- a/tests/pentests/multipart_dos/multiparts_dos.py
+++ b/tests/pentests/multipart_dos/multiparts_dos.py
@ -0,0 +1,21 @@
 import requests
 num = 5000000
 url = "http://localhost:9600/upload_app"
 headers = {
    "Content-Type": "multipart/form-data; boundary=---------------------------284178091740602105783377960069"
 }
 # The exact raw payload as specified
 data = (
    "-----------------------------284178091740602105783377960069\r\n"
    "Content-Disposition: form-data; name=\"uploadFile\"; filename=\"test.txt\"\r\n"
    "Content-Type: text/plain\r\n\r\n"
    "Hello I am test\r\n"
    "-----------------------------284178091740602105783377960069--" + '4' * num + "\r\n"
 )
 response = requests.post(url, headers=headers, data=data.encode('utf-8'), verify=False)
 print(response.status_code)
 print(response.text)
--- a/tests/pentests/multipart_dos/test_no_dos.py
+++ b/tests/pentests/multipart_dos/test_no_dos.py
@ -0,0 +1,58 @@
 import requests
 from requests_toolbelt import MultipartEncoder
 import io
 import zipfile
 def test_valid_file_upload():
    base_url = "http://localhost:9600/upload_app"
    client_id = "3qxKnpFF8aJU8KsZAAAH"  # Replace with a valid client id
    url = f"{base_url}?client_id={client_id}"  # Add client_id as a query parameter
    # Create a test zip file in memory
    zip_buffer = io.BytesIO()
    with zipfile.ZipFile(zip_buffer, 'w', zipfile.ZIP_DEFLATED) as zipf:
        zipf.writestr('index.html', '<html><body>Test</body></html>')
        zipf.writestr('description.yaml', 'name: TestApp\n')
        zipf.writestr('icon.png', b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\x01\x00\x00\x00\x01\x08\x06\x00\x00\x00\x1f\x15\xc4\x89\x00\x00\x00\nIDATx\x9cc\x00\x01\x00\x00\x05\x00\x01\r\n-\xb4\x00\x00\x00\x00IEND\xaeB`\x82')
    zip_buffer.seek(0)
    try:
        # Prepare the multipart/form-data request
        m = MultipartEncoder(
            fields={'file': ('test_upload.zip', zip_buffer, 'application/zip')}
        )
        headers = {
            'Content-Type': m.content_type
        }
        # Send the POST request
        response = requests.post(url, data=m, headers=headers)
        # Check the response
        print(f"Status Code: {response.status_code}")
        print(f"Response Content: {response.text}")
        # If it's a 422 error, try to parse and print the JSON error message
        if response.status_code == 422:
            try:
                error_detail = response.json()
                print("Error details:")
                print(error_detail)
            except:
                print("Could not parse error details as JSON")
        # Assert the expected behavior
        assert response.status_code == 200, f"Expected status code 200, but got {response.status_code}"
        assert "App 'TestApp' uploaded successfully" in response.text, "File upload confirmation message not found in response"
        print("Test passed successfully!")
    except requests.RequestException as e:
        print(f"Request failed: {e}")
    except AssertionError as e:
        print(f"Test failed: {e}")
 if __name__ == "__main__":
    test_valid_file_upload()
--- a/tests/pentests/multipart_dos/test_upload.txt
+++ b/tests/pentests/multipart_dos/test_upload.txt
@ -0,0 +1 @@
 This is a test file for uploading.
--- a/web/dist/assets/index-DjsrdSea.css
+++ b/web/dist/assets/index-DjsrdSea.css
--- a/web/dist/assets/index-DszaGEWB.js
+++ b/web/dist/assets/index-DszaGEWB.js
--- a/web/dist/index.html
+++ b/web/dist/index.html
@ -6,8 +6,8 @@
    <script src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-svg.js"></script>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>LoLLMS WebUI</title>
-    <script type="module" crossorigin src="/assets/index-8JJiThtX.js"></script>
+    <script type="module" crossorigin src="/assets/index-DszaGEWB.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-2uT-uEUG.css">
+    <link rel="stylesheet" crossorigin href="/assets/index-DjsrdSea.css">
  </head>
  <body>
    <div id="app"></div>
--- a/web/src/views/DiscussionsView.vue
+++ b/web/src/views/DiscussionsView.vue
@ -1292,7 +1292,7 @@ export default {
                "The system's multimodel capabilities allow it to analyze medical images, architectural blueprints, and technical diagrams.",
                "LoLLMs includes a unique feature called 'personality system' that allows it to adapt its communication style and expertise.",
                "Did you know? LoLLMs can process and generate music notation using ABC notation or LilyPond formats.",
-                "LoLLMs supports over 40 different AI models, making it one of the most versatile open-source AI platforms.",
+                "LoLLMs supports over 2000 different AI models, making it one of the most versatile open-source AI platforms.",
                "The system can generate realistic 3D scenes descriptions that can be rendered using tools like Blender.",
                "LoLLMs features a unique 'model fusion' capability, combining strengths of different AI models for better results.",
                "The platform includes specialized modules for scientific computing, allowing it to solve complex mathematical problems.",
		`@ -1 +1 @@`
			`Subproject commit 9942d177a1b4c8c424d6dcb89cdb1a6ff6fa99d4`				`Subproject commit 6b0675d5fedbb11c6c7dce393601104176745c99`