• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1from paste.urlmap import *
2from paste.fixture import *
3import six
4
5def make_app(response_text):
6    def app(environ, start_response):
7        headers = [('Content-type', 'text/html')]
8        start_response('200 OK', headers)
9        body = response_text % environ
10        if six.PY3:
11            body = body.encode('ascii')
12        return [body]
13    return app
14
15def test_map():
16    mapper = URLMap({})
17    app = TestApp(mapper)
18    text = '%s script_name="%%(SCRIPT_NAME)s" path_info="%%(PATH_INFO)s"'
19    mapper[''] = make_app(text % 'root')
20    mapper['/foo'] = make_app(text % 'foo-only')
21    mapper['/foo/bar'] = make_app(text % 'foo:bar')
22    mapper['/f'] = make_app(text % 'f-only')
23    res = app.get('/')
24    res.mustcontain('root')
25    res.mustcontain('script_name=""')
26    res.mustcontain('path_info="/"')
27    res = app.get('/blah')
28    res.mustcontain('root')
29    res.mustcontain('script_name=""')
30    res.mustcontain('path_info="/blah"')
31    res = app.get('/foo/and/more')
32    res.mustcontain('script_name="/foo"')
33    res.mustcontain('path_info="/and/more"')
34    res.mustcontain('foo-only')
35    res = app.get('/foo/bar/baz')
36    res.mustcontain('foo:bar')
37    res.mustcontain('script_name="/foo/bar"')
38    res.mustcontain('path_info="/baz"')
39    res = app.get('/fffzzz')
40    res.mustcontain('root')
41    res.mustcontain('path_info="/fffzzz"')
42    res = app.get('/f/z/y')
43    res.mustcontain('script_name="/f"')
44    res.mustcontain('path_info="/z/y"')
45    res.mustcontain('f-only')
46
47def test_404():
48    mapper = URLMap({})
49    app = TestApp(mapper, extra_environ={'HTTP_ACCEPT': 'text/html'})
50    res = app.get("/-->%0D<script>alert('xss')</script>", status=404)
51    assert b'--><script' not in res.body
52    res = app.get("/--%01><script>", status=404)
53    assert b'--\x01><script>' not in res.body
54