Mirrors/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-11-03 18:53:17 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
622c1b11f5f84f73529e0c5567d34f11f9685c79
mealie/tests/integration_tests/admin_tests/test_admin_backup.py
Hayden 11478134a1 security: restrict backup file upload (#1522)
2022-08-02 12:53:58 -08:00

26 lines
697 B
Python
Raw Blame History

from fastapi.testclient import TestClient
from mealie.core.config import get_app_dirs
from tests import data
from tests.utils.fixture_schemas import TestUser
def test_recipe_asset_exploit(api_client: TestClient, admin_user: TestUser):
dirs = get_app_dirs()
file_payload = {
"archive": ("../test.txt", data.images_test_image_1.read_bytes()),
}
response = api_client.post(
"/api/admin/backups/upload",
files=file_payload,
headers=admin_user.token,
)
assert response.status_code == 400
# Ensure File was not created
assert not (dirs.BACKUP_DIR / "test.txt").exists()
assert not (dirs.BACKUP_DIR.parent / "test.txt").exists()
Reference in New Issue View Git Blame Copy Permalink