1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
mod fixtures;
use fixtures::{server, Error, TestServer};
use reqwest::StatusCode;
use rstest::rstest;
use select::document::Document;
use select::predicate::Text;
#[rstest]
fn archives_are_disabled(server: TestServer) -> Result<(), Error> {
// Ensure the links to the archives are not present
let body = reqwest::blocking::get(server.url())?.error_for_status()?;
let parsed = Document::from_read(body)?;
assert!(parsed
.find(Text)
.all(|x| x.text() != "Download .tar.gz" && x.text() != "Download .tar"));
// Try to download anyway, ensure it's forbidden
assert_eq!(
reqwest::blocking::get(server.url().join("?download=tar_gz")?)?.status(),
StatusCode::FORBIDDEN
);
assert_eq!(
reqwest::blocking::get(server.url().join("?download=tar")?)?.status(),
StatusCode::FORBIDDEN
);
assert_eq!(
reqwest::blocking::get(server.url().join("?download=zip")?)?.status(),
StatusCode::FORBIDDEN
);
Ok(())
}
#[rstest]
fn test_tar_archives(#[with(&["-g"])] server: TestServer) -> Result<(), Error> {
// Ensure the links to the tar archive exists and tar not exists
let body = reqwest::blocking::get(server.url())?.error_for_status()?;
let parsed = Document::from_read(body)?;
assert!(parsed.find(Text).any(|x| x.text() == "Download .tar.gz"));
assert!(parsed.find(Text).all(|x| x.text() != "Download .tar"));
// Try to download, only tar_gz should works
assert_eq!(
reqwest::blocking::get(server.url().join("?download=tar_gz")?)?.status(),
StatusCode::OK
);
assert_eq!(
reqwest::blocking::get(server.url().join("?download=tar")?)?.status(),
StatusCode::FORBIDDEN
);
assert_eq!(
reqwest::blocking::get(server.url().join("?download=zip")?)?.status(),
StatusCode::FORBIDDEN
);
Ok(())
}
#[rstest]
#[case(server(&["--disable-indexing", "--enable-tar-gz", "--enable-tar", "--enable-zip"]))]
fn archives_are_disabled_when_indexing_disabled(#[case] server: TestServer) -> Result<(), Error> {
// Ensure the links to the archives are not present
let body = reqwest::blocking::get(server.url())?;
let parsed = Document::from_read(body)?;
assert!(parsed
.find(Text)
.all(|x| x.text() != "Download .tar.gz" && x.text() != "Download .tar"));
// Try to download anyway, ensure it's forbidden
// We assert for not found to make sure we aren't leaking information about directories that do exist.
assert_eq!(
reqwest::blocking::get(server.url().join("?download=tar_gz")?)?.status(),
StatusCode::NOT_FOUND
);
assert_eq!(
reqwest::blocking::get(server.url().join("?download=tar")?)?.status(),
StatusCode::NOT_FOUND
);
assert_eq!(
reqwest::blocking::get(server.url().join("?download=zip")?)?.status(),
StatusCode::NOT_FOUND
);
Ok(())
}
|
