root/test_urlpath_windows.txt

Revision 297:0df29400e6b8, 2.7 kB (checked in by Stefan Schwarzer <sschwarzer@sschwarzer.net>, 1 year ago) 
Made all imports relative (apart from those in the
`wsbrowser`/`wsbrowser.py` scripts, where they're necessary).

The former approach of using only absolute imports was kind of
cleaner, especially with respect to future Python versions. - However,
the absolute imports were also _very_ confusing (even for me) and
required a funny workaround for development if a Websourcebrowser
package was already installed somewhere in `sys.path`.
Line 
1 Testing the ``urlpath`` module under Posix
2 ==========================================
3
4 The ``urlpath`` module contains functions for converting between an
5 URL and the corresponding file system path. To avoid, for example,
6 unintended access to directories and files, we have to pay special
7 attention to tricks used by crackers.
8
9 So, let's begin:
10
11     >>> import urlpath
12
13 Testing the ``is_safe_path`` function
14 -------------------------------------
15
16 The function ``is_safe_path`` takes two parameters, the document
17 root directory ``root`` and a file system path ``path`` and returns
18 a boolean value indicating whether the path is contained in the
19 named document root directory.
20
21 Some simple examples, assuming this test runs on Windows:
22
23     >>> urlpath.is_safe_path("C:\\the\\root", "c:\\the\\root\\some_file")
24     True
25
26     >>> urlpath.is_safe_path("c:\\the\\root", "c:\\somewhere\\else\\some_file")
27     False
28
29 Some more complex examples:
30
31     >>> urlpath.is_safe_path("c:\\", "C:\\")
32     True
33     >>> urlpath.is_safe_path("c:\\", "C:\\test")
34     True
35     >>> urlpath.is_safe_path("c:\\test", "C:\\Test\\xyz")
36     True
37     >>> urlpath.is_safe_path("c:\\test", "C:\\Test\\..\\xyz")
38     False
39     >>> urlpath.is_safe_path("c:\\test", "d:\\test\\xyz")
40     False
41
42 Testing the ``to_url`` function
43 -------------------------------
44
45 The function ``to_url`` converts a file system path ``path``, rooted
46 at the document root ``root`` to an absolute URL:
47
48     >>> urlpath.to_url("c:\\the\\root", "C:\\the\\root\\some_file")
49     '/some_file'
50     >>> urlpath.to_url("c:\\", "c:\\some_dir\\some_file")
51     '/some_dir/some_file'
52
53 The function also escapes special characters:
54
55     >>> urlpath.to_url("c:\\the\\ro.ot", "C:\\the\\ro.ot\\some file")
56     '/some%20file'
57
58 If the path isn't actually below the document root, a ``NotUnderRoot``
59 exception is raised:
60
61     >>> urlpath.to_url("c:\\the\\root", "d:\\the\\root\\some_file")
62     ... #doctest: +ELLIPSIS
63     Traceback (most recent call last):
64         ...
65     NotUnderRoot: path "..." isn't under root directory "..."
66
67 Testing the ``to_file_system`` function
68 ---------------------------------------
69
70 The function ``to_file_system`` converts an absolute URL ``url`` to
71 a file system path, using the document root directory ``root``:
72
73     >>> urlpath.to_file_system("C:\\the\\root\\", "/some%20dir/")
74     'c:\\the\\root\\some dir'
75     >>> urlpath.to_file_system("c:\\", "/some%20dir/")
76     'c:\\some dir'
77
78 URLs trying to access forbidden files are refused with a
79 ``NotUnderRoot`` exception:
80
81     >>> urlpath.to_file_system("c:\\the\\root", "/../some_dir/")
82     ... #doctest: +ELLIPSIS
83     Traceback (most recent call last):
84         ...
85     NotUnderRoot: path "..." isn't under root directory "..."
86
Note: See TracBrowser for help on using the browser.