DS and Graph paths are not limited to existing files

author: Elena ``of Valhalla'' Grandi <valhalla@trueelena.org> 2024-01-27 11:26:24 +0100
committer: Elena ``of Valhalla'' Grandi <valhalla@trueelena.org> 2024-01-27 11:26:24 +0100
commit: 1e974b185d2caff288d73356220e1096910f9b96 (patch)
tree: 9a43f6a7b0280af7306efcc1477ac1647b86c912 /rrd/tests/test_graphs.py
parent: b330c1df04135bd79ad18bf81aba02f97995324a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/rrd/tests/test_graphs.py b/rrd/tests/test_graphs.py
index f2a4948..7a4dd13 100644
--- a/rrd/tests/test_graphs.py
+++ b/rrd/tests/test_graphs.py
@@ -37,3 +37,12 @@ class TestGraphs(TestCase):
         ds.update(ts, 10)
         stat = os.stat(os.path.join(settings.RRD_GRAPH_PATH, "test/test.png"))
         self.assertGreaterEqual(stat.st_mtime, now.timestamp())
+
+    def test_invalid_path(self):
+        graph = models.Graph.objects.create(
+            title="Test Graph",
+            path="../../../etc/evil.png",
+        )
+
+        self.assertTrue(graph.graph_path.endswith("_.._.._.._etc_evil.png"))
+        self.assertIn(settings.RRD_GRAPH_PATH.as_posix(), graph.graph_path)
author	Elena ``of Valhalla'' Grandi <valhalla@trueelena.org>	2024-01-27 11:26:24 +0100
committer	Elena ``of Valhalla'' Grandi <valhalla@trueelena.org>	2024-01-27 11:26:24 +0100
commit	1e974b185d2caff288d73356220e1096910f9b96 (patch)
tree	9a43f6a7b0280af7306efcc1477ac1647b86c912 /rrd/tests/test_graphs.py
parent	b330c1df04135bd79ad18bf81aba02f97995324a (diff)