from paste.urlmap import * from paste.fixture import * import six def make_app(response_text): def app(environ, start_response): headers = [('Content-type', 'text/html')] start_response('200 OK', headers) body = response_text % environ if six.PY3: body = body.encode('ascii') return [body] return app def test_map(): mapper = URLMap({}) app = TestApp(mapper) text = '%s script_name="%%(SCRIPT_NAME)s" path_info="%%(PATH_INFO)s"' mapper[''] = make_app(text % 'root') mapper['/foo'] = make_app(text % 'foo-only') mapper['/foo/bar'] = make_app(text % 'foo:bar') mapper['/f'] = make_app(text % 'f-only') res = app.get('/') res.mustcontain('root') res.mustcontain('script_name=""') res.mustcontain('path_info="/"') res = app.get('/blah') res.mustcontain('root') res.mustcontain('script_name=""') res.mustcontain('path_info="/blah"') res = app.get('/foo/and/more') res.mustcontain('script_name="/foo"') res.mustcontain('path_info="/and/more"') res.mustcontain('foo-only') res = app.get('/foo/bar/baz') res.mustcontain('foo:bar') res.mustcontain('script_name="/foo/bar"') res.mustcontain('path_info="/baz"') res = app.get('/fffzzz') res.mustcontain('root') res.mustcontain('path_info="/fffzzz"') res = app.get('/f/z/y') res.mustcontain('script_name="/f"') res.mustcontain('path_info="/z/y"') res.mustcontain('f-only') def test_404(): mapper = URLMap({}) app = TestApp(mapper, extra_environ={'HTTP_ACCEPT': 'text/html'}) res = app.get("/-->%0D<script>alert('xss')</script>", status=404) assert b'--><script' not in res.body res = app.get("/--%01><script>", status=404) assert b'--\x01><script>' not in res.body