diff options
| -rw-r--r-- | tests/api/test_eval.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/tests/api/test_eval.py b/tests/api/test_eval.py index 259cf0d..65cd9a4 100644 --- a/tests/api/test_eval.py +++ b/tests/api/test_eval.py @@ -46,7 +46,9 @@ class TestEvalResource(SnekAPITestCase): "file.txt", "./file.jpg", "path/to/file", + "folder/../hm", "folder/./to/./somewhere", + "traversal/but/../not/beyond/../root", ] for path in test_paths: with self.subTest(path=path): @@ -60,8 +62,9 @@ class TestEvalResource(SnekAPITestCase): """Traversal beyond root, should be denied with 400 error.""" test_paths = [ "../secrets", + "../../dir", "dir/../../secrets", - "folder/./hm", + "dir/var/../../../file", ] for path in test_paths: with self.subTest(path=path): |