news

tests/pentests/path_traversal/user_infos.py

@@ -0,0 +1,35 @@
+import requests
+import unittest
+
+class TestUserInfosEndpoint(unittest.TestCase):
+    def setUp(self):
+        self.base_url = 'http://127.0.0.1:9600'
+
+    def test_user_infos_endpoint(self):
+        print("Testing user_infos endpoint...")
+
+        # Test valid path
+        print("Testing valid path...")
+        valid_path = '0dbb0245-7b6b-4834-835d-4d9d460b336c.png'
+        response = requests.get(f'{self.base_url}/user_infos/{valid_path}')
+        self.assertEqual(response.status_code, 200)
+        print(f"Status code: {response.status_code} (expected: 200)\n")
+
+        # Test path starting with a double slash
+        print("Testing path starting with a double slash...")
+        invalid_path = '//Windows/win.ini'
+        response = requests.get(f'{self.base_url}/user_infos/{invalid_path}')
+        print(f"Response content: {response.content}\n")
+        self.assertEqual(response.status_code, 400)
+        print(f"Status code: {response.status_code} (expected: 400)\n")
+
+        # Test path containing suspicious patterns
+        print("Testing path containing suspicious patterns...")
+        suspicious_path = '../../etc/passwd'
+        response = requests.get(f'{self.base_url}/user_infos/{suspicious_path}')
+        print(f"Response content: {response.content}\n")
+        self.assertEqual(response.status_code, 400)
+        print(f"Status code: {response.status_code} (expected: 400)\n")
+
+if __name__ == '__main__':
+    unittest.main()