diff options
Diffstat (limited to 'rrd/tests')
| -rw-r--r-- | rrd/tests/test_datasources.py | 8 | ||||
| -rw-r--r-- | rrd/tests/test_graphs.py | 9 |
2 files changed, 17 insertions, 0 deletions
diff --git a/rrd/tests/test_datasources.py b/rrd/tests/test_datasources.py index 4057b14..030d0ae 100644 --- a/rrd/tests/test_datasources.py +++ b/rrd/tests/test_datasources.py @@ -50,3 +50,11 @@ class TestDataSource(TestCase): last = ds.lastupdate self.assertEqual(last[1], 10) self.assertEqual(last[0].year, now.year) + + def test_invalid_path(self): + ds = models.DataSource.objects.create( + topic="evil", + path="../../../evil.rrd" + ) + self.assertTrue(ds.rrd_path.endswith("_.._.._.._evil.rrd")) + self.assertIn(settings.RRD_DB_PATH.as_posix(), ds.rrd_path) diff --git a/rrd/tests/test_graphs.py b/rrd/tests/test_graphs.py index f2a4948..7a4dd13 100644 --- a/rrd/tests/test_graphs.py +++ b/rrd/tests/test_graphs.py @@ -37,3 +37,12 @@ class TestGraphs(TestCase): ds.update(ts, 10) stat = os.stat(os.path.join(settings.RRD_GRAPH_PATH, "test/test.png")) self.assertGreaterEqual(stat.st_mtime, now.timestamp()) + + def test_invalid_path(self): + graph = models.Graph.objects.create( + title="Test Graph", + path="../../../etc/evil.png", + ) + + self.assertTrue(graph.graph_path.endswith("_.._.._.._etc_evil.png")) + self.assertIn(settings.RRD_GRAPH_PATH.as_posix(), graph.graph_path) |