summaryrefslogtreecommitdiff
path: root/tests/file_uploads/uploadhandler.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/file_uploads/uploadhandler.py')
-rw-r--r--tests/file_uploads/uploadhandler.py31
1 files changed, 31 insertions, 0 deletions
diff --git a/tests/file_uploads/uploadhandler.py b/tests/file_uploads/uploadhandler.py
index 7c6199fd16..65d70c648c 100644
--- a/tests/file_uploads/uploadhandler.py
+++ b/tests/file_uploads/uploadhandler.py
@@ -1,6 +1,8 @@
"""
Upload handlers to test the upload API.
"""
+import os
+from tempfile import NamedTemporaryFile
from django.core.files.uploadhandler import FileUploadHandler, StopUpload
@@ -35,3 +37,32 @@ class ErroringUploadHandler(FileUploadHandler):
"""A handler that raises an exception."""
def receive_data_chunk(self, raw_data, start):
raise CustomUploadError("Oops!")
+
+
+class TraversalUploadHandler(FileUploadHandler):
+ """A handler with potential directory-traversal vulnerability."""
+ def __init__(self, request=None):
+ from .views import UPLOAD_TO
+
+ super().__init__(request)
+ self.upload_dir = UPLOAD_TO
+
+ def file_complete(self, file_size):
+ self.file.seek(0)
+ self.file.size = file_size
+ with open(os.path.join(self.upload_dir, self.file_name), 'wb') as fp:
+ fp.write(self.file.read())
+ return self.file
+
+ def new_file(
+ self, field_name, file_name, content_type, content_length, charset=None,
+ content_type_extra=None,
+ ):
+ super().new_file(
+ file_name, file_name, content_length, content_length, charset,
+ content_type_extra,
+ )
+ self.file = NamedTemporaryFile(suffix='.upload', dir=self.upload_dir)
+
+ def receive_data_chunk(self, raw_data, start):
+ self.file.write(raw_data)
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 02:18:46 +0000