diff options
| author |  Chris Lovering <[email protected]> | 2023-10-10 15:25:35 +0100 |
|---|---|---|
| committer | Chris Lovering <[email protected]> | 2024-10-03 21:24:46 +0100 |
| commit | d9b8ab36df6b788b4e925d1dd49acd89a0e9bf7c (patch) | |
| tree | 09c723094e070133959d0b276c321d70d16c48c2 | |
| parent | Also split on hyphens in build python script (diff) | |
Add additional tests to ensure invalid binary paths are not ran
| -rw-r--r-- | tests/test_integration.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/test_integration.py b/tests/test_integration.py index 4ea9b65..ce01bb8 100644 --- a/tests/test_integration.py +++ b/tests/test_integration.py @@ -81,6 +81,25 @@ class IntegrationTests(unittest.TestCase): self.assertEqual(status, 200) self.assertEqual(json.loads(response)["stdout"], expected) + def invalid_binary_paths(self): + """Test that passing invalid binary paths result in no code execution.""" + with run_gunicorn(): + cases = [ + ("/bin/bash", "test files outside of /lang cannot be ran"), + ( + "/lang/../bin/bash", + "test path traversal still stops files outside /lang from running", + ), + ("/foo/bar", "test non-existant files are not ran"), + ] + for path, msg in cases: + with self.subTest(msg=msg, path=path): + body = {"args": ["-c", "echo", "hi"], "binary_path": path} + response, status = snekbox_request(body) + self.assertEqual(status, 400) + expected = {"title": "binary_path file is invalid"} + self.assertEqual(json.loads(response)["stdout"], expected) + def test_eval(self): """Test normal eval requests without files.""" with run_gunicorn(): |