t/test.py: add unit test for insecure path access

The test currently fails, because the request path is improperly checked / sanitised.
2012-04-26 21:16:03 +02:00 · 2012-04-26 21:16:03 +02:00 · c52ea929bb
parent a973612bd8
commit c52ea929bb
1 changed files with 38 additions and 0 deletions
--- a/t/test.py
+++ b/t/test.py
@ -286,5 +286,43 @@ class TestTftpyState(unittest.TestCase):
        finalstate = serverstate.state.handle(ack, raddress, rport)
        self.assertTrue( finalstate is None )

+    def testServerInsecurePath(self):
+        raddress = '127.0.0.2'
+        rport = 10000
+        timeout = 5
+        root = os.path.dirname(os.path.abspath(__file__))
+        serverstate = tftpy.TftpContextServer(raddress,
+                                              rport,
+                                              timeout,
+                                              root)
+        rrq = tftpy.TftpPacketRRQ()
+        rrq.filename = '../setup.py'
+        rrq.mode = 'octet'
+        rrq.options = {}
+
+        # Start the download.
+        self.assertRaisesRegexp(tftpy.TftpException, "bad file path",
+                serverstate.start, rrq.encode().buffer)
+
+    def testServerSecurePath(self):
+        raddress = '127.0.0.2'
+        rport = 10000
+        timeout = 5
+        root = os.path.dirname(os.path.abspath(__file__))
+        serverstate = tftpy.TftpContextServer(raddress,
+                                              rport,
+                                              timeout,
+                                              root)
+        rrq = tftpy.TftpPacketRRQ()
+        rrq.filename = '100KBFILE'
+        rrq.mode = 'octet'
+        rrq.options = {}
+
+        # Start the download.
+        serverstate.start(rrq.encode().buffer)
+        # Should be in expectack state.
+        self.assertTrue(isinstance(serverstate.state,
+                                    tftpy.TftpStateExpectACK))
+
 if __name__ == '__main__':
    unittest.main()