From 1e974b185d2caff288d73356220e1096910f9b96 Mon Sep 17 00:00:00 2001
From: Elena ``of Valhalla'' Grandi <valhalla@trueelena.org>
Date: Sat, 27 Jan 2024 11:26:24 +0100
Subject: DS and Graph paths are not limited to existing files

---
 rrd/tests/test_graphs.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'rrd/tests/test_graphs.py')

diff --git a/rrd/tests/test_graphs.py b/rrd/tests/test_graphs.py
index f2a4948..7a4dd13 100644
--- a/rrd/tests/test_graphs.py
+++ b/rrd/tests/test_graphs.py
@@ -37,3 +37,12 @@ class TestGraphs(TestCase):
         ds.update(ts, 10)
         stat = os.stat(os.path.join(settings.RRD_GRAPH_PATH, "test/test.png"))
         self.assertGreaterEqual(stat.st_mtime, now.timestamp())
+
+    def test_invalid_path(self):
+        graph = models.Graph.objects.create(
+            title="Test Graph",
+            path="../../../etc/evil.png",
+        )
+
+        self.assertTrue(graph.graph_path.endswith("_.._.._.._etc_evil.png"))
+        self.assertIn(settings.RRD_GRAPH_PATH.as_posix(), graph.graph_path)
-- 
cgit v1.2.3