Resolve "Fuzzing Errors /api/upload"

author: jfriedli 2020-05-08 09:10:18 -0700
committer: jfriedli 2020-05-08 09:10:18 -0700
commit: 853ace7d83424f85d903f6ffe2352bf41f86b7ce (patch)
tree: 91f33ae06272bbeda564b0aabe1baa4aaf8e2d87 /test
parent: 9157dee69f69eeba521ff0a5f5cc651d3629ae6c (diff)
2 files changed, 32 insertions, 1 deletions
diff --git a/test/test.py b/test/test.py
index 2d09662..7431881 100644
--- a/test/test.py
+++ b/test/test.py
@@ -179,6 +179,18 @@ class Mat2WebTestCase(TestCase):
        self.assertIn(b'.mp2', rv.data)
        self.assertEqual(rv.status_code, 200)
+    def test_get_upload_naughty_input(self):
+        rv = self.client.post(
+            '/',
+            data=dict(
+                file=(io.BytesIO(b"a"), '﷽'),
+            ),
+            follow_redirects=True
+        )
+        self.assertEqual(rv.status_code, 200)
+        self.assertIn(b'Invalid Filename', rv.data)
 if __name__ == '__main__':
    unittest.main()
diff --git a/test/test_api.py b/test/test_api.py
index 4925d9e..af736af 100644
--- a/test/test_api.py
+++ b/test/test_api.py
@@ -70,7 +70,7 @@ class Mat2APITestCase(unittest.TestCase):
        self.assertEqual(request.status_code, 400)
        error = request.get_json()['message']
-        self.assertEqual(error, 'Failed decoding file: Incorrect padding')
+        self.assertEqual(error, 'Failed decoding file')
    def test_api_not_supported(self):
        request = self.app.post('/api/upload',
@@ -400,6 +400,25 @@ class Mat2APITestCase(unittest.TestCase):
        request = app.get(download_link)
        self.assertEqual(code, request.status_code)
+    def test_upload_naughty_input(self):
+        request = self.app.post('/api/upload',
+                           data='{"file_name": "\\\\", '
+                                '"file": "\\\\"}',
+                           headers={'content-type': 'application/json'}
+                           )
+        error_message = request.get_json()['message']
+        self.assertEqual(400, request.status_code)
+        self.assertEqual("Invalid Filename", error_message)
+        request = self.app.post('/api/upload',
+                                data='{"file_name": "﷽", '
+                                     '"file": "﷽"}',
+                                headers={'content-type': 'application/json'}
+                                )
+        error_message = request.get_json()['message']
+        self.assertEqual(400, request.status_code)
+        self.assertEqual("Failed decoding file", error_message)
 if __name__ == '__main__':
    unittest.main()
author	jfriedli	2020-05-08 09:10:18 -0700
committer	jfriedli	2020-05-08 09:10:18 -0700
commit	853ace7d83424f85d903f6ffe2352bf41f86b7ce (patch)
tree	91f33ae06272bbeda564b0aabe1baa4aaf8e2d87 /test
parent	9157dee69f69eeba521ff0a5f5cc651d3629ae6c (diff)

diff --git a/test/test.py b/test/test.py index 2d09662..7431881 100644 --- a/test/test.py +++ b/test/test.py
@@ -179,6 +179,18 @@ class Mat2WebTestCase(TestCase):
179	self.assertIn(b'.mp2', rv.data)	179	self.assertIn(b'.mp2', rv.data)
180	self.assertEqual(rv.status_code, 200)	180	self.assertEqual(rv.status_code, 200)
181		181
		182	def test_get_upload_naughty_input(self):
		183	rv = self.client.post(
		184	'/',
		185	data=dict(
		186	file=(io.BytesIO(b"a"), '﷽'),
		187	),
		188	follow_redirects=True
		189	)
		190	self.assertEqual(rv.status_code, 200)
		191	self.assertIn(b'Invalid Filename', rv.data)
		192
		193
182		194
183	if __name__ == '__main__':	195	if __name__ == '__main__':
184	unittest.main()	196	unittest.main()


diff --git a/test/test_api.py b/test/test_api.py index 4925d9e..af736af 100644 --- a/test/test_api.py +++ b/test/test_api.py
@@ -70,7 +70,7 @@ class Mat2APITestCase(unittest.TestCase):
70		70
71	self.assertEqual(request.status_code, 400)	71	self.assertEqual(request.status_code, 400)
72	error = request.get_json()['message']	72	error = request.get_json()['message']
73	self.assertEqual(error, 'Failed decoding file: Incorrect padding')	73	self.assertEqual(error, 'Failed decoding file')
74		74
75	def test_api_not_supported(self):	75	def test_api_not_supported(self):
76	request = self.app.post('/api/upload',	76	request = self.app.post('/api/upload',
@@ -400,6 +400,25 @@ class Mat2APITestCase(unittest.TestCase):
400	request = app.get(download_link)	400	request = app.get(download_link)
401	self.assertEqual(code, request.status_code)	401	self.assertEqual(code, request.status_code)
402		402
		403	def test_upload_naughty_input(self):
		404	request = self.app.post('/api/upload',
		405	data='{"file_name": "\\\\", '
		406	'"file": "\\\\"}',
		407	headers={'content-type': 'application/json'}
		408	)
		409	error_message = request.get_json()['message']
		410	self.assertEqual(400, request.status_code)
		411	self.assertEqual("Invalid Filename", error_message)
		412
		413	request = self.app.post('/api/upload',
		414	data='{"file_name": "﷽", '
		415	'"file": "﷽"}',
		416	headers={'content-type': 'application/json'}
		417	)
		418	error_message = request.get_json()['message']
		419	self.assertEqual(400, request.status_code)
		420	self.assertEqual("Failed decoding file", error_message)
		421
403		422
404	if __name__ == '__main__':	423	if __name__ == '__main__':
405	unittest.main()	424	unittest.main()