blob: 248c36fbb607229a7a3d1822dcf2ffc19bc62499 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
use crate::harness::{TestServer, test_config};
#[tokio::test]
async fn path_traversal_rejected() {
let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
let traversal_attempts = [
"../etc/passwd",
"..%2F..%2Fetc%2Fpasswd",
"valid-site/../other",
];
for attempt in &traversal_attempts {
let resp = TestServer::client()
.post(server.url(attempt))
.header("Authorization", "Bearer test-token")
.send()
.await;
if let Ok(resp) = resp {
let status = resp.status().as_u16();
assert!(
status == 400 || status == 404,
"path traversal '{attempt}' should be rejected, got {status}"
);
}
}
}
#[tokio::test]
async fn very_long_site_name_rejected() {
let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
let long_name = "a".repeat(1000);
let resp = TestServer::client()
.post(server.url(&long_name))
.header("Authorization", "Bearer test-token")
.send()
.await;
if let Ok(resp) = resp {
let status = resp.status().as_u16();
assert!(
status == 400 || status == 404 || status == 414,
"long site name should be rejected gracefully, got {status}"
);
}
}
#[tokio::test]
async fn service_healthy_after_errors() {
let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;
// Make requests to non-existent sites (causes 404s in the app)
for _ in 0..5 {
let _ = TestServer::client()
.post(server.url("/nonexistent"))
.send()
.await;
}
// Server should still be healthy
let resp = TestServer::client()
.get(server.url("/health"))
.send()
.await
.unwrap();
assert_eq!(resp.status().as_u16(), 200);
}
|
