diff options
Diffstat (limited to 'rrd/tests/test_graphs.py')
| -rw-r--r-- | rrd/tests/test_graphs.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/rrd/tests/test_graphs.py b/rrd/tests/test_graphs.py index f2a4948..7a4dd13 100644 --- a/rrd/tests/test_graphs.py +++ b/rrd/tests/test_graphs.py @@ -37,3 +37,12 @@ class TestGraphs(TestCase): ds.update(ts, 10) stat = os.stat(os.path.join(settings.RRD_GRAPH_PATH, "test/test.png")) self.assertGreaterEqual(stat.st_mtime, now.timestamp()) + + def test_invalid_path(self): + graph = models.Graph.objects.create( + title="Test Graph", + path="../../../etc/evil.png", + ) + + self.assertTrue(graph.graph_path.endswith("_.._.._.._etc_evil.png")) + self.assertIn(settings.RRD_GRAPH_PATH.as_posix(), graph.graph_path) |