Home Explore Help
Sign In
RISCI_ATOM
/
ZeroNet
mirror of https://github.com/HelloZeroNet/ZeroNet.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 830f98573e
Branches Tags
ZeroNet
/
src
/
Test
/
TestWeb.py

TestWeb.py 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. import urllib
    2. 

  2. 

  3. import pytest
    4. 

  4. 

  5. try:
    6. 

  6.     from selenium.webdriver.support.ui import WebDriverWait
    7. 

  7.     from selenium.webdriver.support.expected_conditions import staleness_of
    8. 

  8.     from selenium.common.exceptions import NoSuchElementException
    9. 

  9. except:
    10. 

  10.     pass
    11. 

  11. 

  12. 

  13. class WaitForPageLoad(object):
    14. 

  14.     def __init__(self, browser):
    15. 

  15.         self.browser = browser
    16. 

  16. 

  17.     def __enter__(self):
    18. 

  18.         self.old_page = self.browser.find_element_by_tag_name('html')
    19. 

  19. 

  20.     def __exit__(self, *args):
    21. 

  21.         WebDriverWait(self.browser, 5).until(staleness_of(self.old_page))
    22. 

  22. 

  23. 

  24. def wget(url):
    25. 

  25.     content = urllib.urlopen(url).read()
    26. 

  26.     assert "server error" not in content.lower(), "Got a server error! " + repr(url)
    27. 

  27.     return content
    28. 

  28. 

  29. @pytest.mark.usefixtures("resetSettings")
    30. 

  30. @pytest.mark.webtest
    31. 

  31. class TestWeb:
    32. 

  32.     def testFileSecurity(self, site_url):
    33. 

  33.         assert "Not Found" in wget("%s/media/./sites.json" % site_url)
    34. 

  34.         assert "Forbidden" in wget("%s/media/../config.py" % site_url)
    35. 

  35.         assert "Forbidden" in wget("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
    36. 

  36.         assert "Forbidden" in wget("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
    37. 

  37.         assert "Forbidden" in wget("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)
    38. 

  38.         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
    39. 

  39.         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
    40. 

  40.         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)
    41. 

  41. 

  42.         assert "Forbidden" in wget("%s/content.db" % site_url)
    43. 

  43.         assert "Forbidden" in wget("%s/./users.json" % site_url)
    44. 

  44.         assert "Forbidden" in wget("%s/./key-rsa.pem" % site_url)
    45. 

  45.         assert "Forbidden" in wget("%s/././././././././././//////sites.json" % site_url)
    46. 

  46. 

  47.     def testLinkSecurity(self, browser, site_url):
    48. 

  48.         browser.get("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url)
    49. 

  49.         assert browser.title == "ZeroHello - ZeroNet"
    50. 

  50.         assert browser.current_url == "%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url
    51. 

  51. 

  52.         # Switch to inner frame
    53. 

  53.         browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
    54. 

  54.         assert "wrapper_nonce" in browser.current_url
    55. 

  55.         browser.switch_to.default_content()
    56. 

  56. 

  57.         # Clicking on links without target
    58. 

  58.         browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
    59. 

  59.         with WaitForPageLoad(browser):
    60. 

  60.             browser.find_element_by_id("link_to_current").click()
    61. 

  61.         assert "wrapper_nonce" not in browser.current_url  # The browser object back to default content
    62. 

  62.         assert "Forbidden" not in browser.page_source
    63. 

  63.         # Check if we have frame inside frame
    64. 

  64.         browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
    65. 

  65.         with pytest.raises(NoSuchElementException):
    66. 

  66.             assert not browser.find_element_by_id("inner-iframe")
    67. 

  67.         browser.switch_to.default_content()
    68. 

  68. 

  69.         # Clicking on link with target=_top
    70. 

  70.         browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
    71. 

  71.         with WaitForPageLoad(browser):
    72. 

  72.             browser.find_element_by_id("link_to_top").click()
    73. 

  73.         assert "wrapper_nonce" not in browser.current_url  # The browser object back to default content
    74. 

  74.         assert "Forbidden" not in browser.page_source
    75. 

  75.         browser.switch_to.default_content()
    76. 

  76. 

  77.         # Try to escape from inner_frame
    78. 

  78.         browser.switch_to.frame(browser.find_element_by_id("inner-iframe"))
    79. 

  79.         assert "wrapper_nonce" in browser.current_url  # Make sure we are inside of the inner-iframe
    80. 

  80.         with WaitForPageLoad(browser):
    81. 

  81.             browser.execute_script("window.top.location = window.location")
    82. 

  82.         assert "wrapper_nonce" in browser.current_url  # We try to use nonce-ed html without iframe
    83. 

  83.         assert "Forbidden" in browser.page_source  # Only allow to use nonce once-time
    84. 

  84.         browser.switch_to.default_content()
    85.