Hugging Face's logo

Spaces:
Eklavya16
/
Shortlist
Sleeping

App Files Community
Shortlist
File size: 2,276 Bytes
53e1531
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
"""
Shortlist — Security Module Tests

Tests for security middleware and utility functions.
"""

import pytest

from app.security import sanitize_string, validate_github_url


class TestSanitizeString:
    """Tests for input sanitization."""

    def test_collapses_whitespace(self):
        result = sanitize_string("hello    world\n\tthere")
        assert result == "hello world there"

    def test_removes_null_bytes(self):
        result = sanitize_string("hello\x00world")
        assert "\x00" not in result
        assert result == "helloworld"

    def test_strips_leading_trailing_whitespace(self):
        result = sanitize_string("  hello world  ")
        assert result == "hello world"

    def test_handles_empty_string(self):
        result = sanitize_string("")
        assert result == ""

    def test_preserves_normal_text(self):
        text = "Looking for a Senior Python Engineer with 5+ years"
        result = sanitize_string(text)
        assert result == text


class TestValidateGithubUrl:
    """Tests for GitHub URL validation and SSRF prevention."""

    def test_valid_https_github_url(self):
        result = validate_github_url("https://github.com/user/repo")
        assert result == "https://github.com/user/repo"

    def test_valid_deep_path(self):
        result = validate_github_url("https://github.com/org/repo")
        assert result == "https://github.com/org/repo"

    def test_rejects_http_url(self):
        with pytest.raises(ValueError):
            validate_github_url("http://github.com/user/repo")

    def test_rejects_non_github_host(self):
        with pytest.raises(ValueError):
            validate_github_url("https://gitlab.com/user/repo")

    def test_rejects_github_lookalike(self):
        with pytest.raises(ValueError):
            validate_github_url("https://github.com.evil.com/user/repo")

    def test_rejects_path_traversal(self):
        with pytest.raises(ValueError):
            validate_github_url("https://github.com/../etc/passwd")

    def test_rejects_empty_string(self):
        with pytest.raises(ValueError):
            validate_github_url("")

    def test_rejects_javascript_protocol(self):
        with pytest.raises(ValueError):
            validate_github_url("javascript:alert(1)")