1from paste.urlmap import * 2from paste.fixture import * 3import six 4 5def make_app(response_text): 6 def app(environ, start_response): 7 headers = [('Content-type', 'text/html')] 8 start_response('200 OK', headers) 9 body = response_text % environ 10 if six.PY3: 11 body = body.encode('ascii') 12 return [body] 13 return app 14 15def test_map(): 16 mapper = URLMap({}) 17 app = TestApp(mapper) 18 text = '%s script_name="%%(SCRIPT_NAME)s" path_info="%%(PATH_INFO)s"' 19 mapper[''] = make_app(text % 'root') 20 mapper['/foo'] = make_app(text % 'foo-only') 21 mapper['/foo/bar'] = make_app(text % 'foo:bar') 22 mapper['/f'] = make_app(text % 'f-only') 23 res = app.get('/') 24 res.mustcontain('root') 25 res.mustcontain('script_name=""') 26 res.mustcontain('path_info="/"') 27 res = app.get('/blah') 28 res.mustcontain('root') 29 res.mustcontain('script_name=""') 30 res.mustcontain('path_info="/blah"') 31 res = app.get('/foo/and/more') 32 res.mustcontain('script_name="/foo"') 33 res.mustcontain('path_info="/and/more"') 34 res.mustcontain('foo-only') 35 res = app.get('/foo/bar/baz') 36 res.mustcontain('foo:bar') 37 res.mustcontain('script_name="/foo/bar"') 38 res.mustcontain('path_info="/baz"') 39 res = app.get('/fffzzz') 40 res.mustcontain('root') 41 res.mustcontain('path_info="/fffzzz"') 42 res = app.get('/f/z/y') 43 res.mustcontain('script_name="/f"') 44 res.mustcontain('path_info="/z/y"') 45 res.mustcontain('f-only') 46 47def test_404(): 48 mapper = URLMap({}) 49 app = TestApp(mapper, extra_environ={'HTTP_ACCEPT': 'text/html'}) 50 res = app.get("/-->%0D<script>alert('xss')</script>", status=404) 51 assert b'--><script' not in res.body 52 res = app.get("/--%01><script>", status=404) 53 assert b'--\x01><script>' not in res.body 54