Spaces:
Sleeping
Sleeping
| import pytest | |
| from app.documents.validation import ( | |
| ALLOWED_MIME_TYPES, | |
| is_allowed_mime, | |
| sanitize_filename, | |
| ) | |
| class TestIsAllowedMime: | |
| def test_allows_canonical_types(self, mime: str): | |
| assert is_allowed_mime(mime) is True | |
| def test_strips_parameters(self): | |
| assert is_allowed_mime("application/pdf; charset=utf-8") is True | |
| def test_case_insensitive(self): | |
| assert is_allowed_mime("Application/PDF") is True | |
| def test_rejects_unknown(self): | |
| assert is_allowed_mime("application/x-executable") is False | |
| def test_rejects_empty(self): | |
| assert is_allowed_mime("") is False | |
| assert is_allowed_mime(None) is False | |
| class TestSanitizeFilename: | |
| def test_strips_path_traversal(self): | |
| # We deliberately keep only the final path component (more secure than | |
| # joining with underscores) — no parent path leaks through. | |
| assert sanitize_filename("../../etc/passwd") == "passwd" | |
| def test_strips_windows_path(self): | |
| assert sanitize_filename(r"C:\Users\admin\report.pdf") == "report.pdf" | |
| def test_keeps_safe_chars(self): | |
| assert sanitize_filename("my-doc_v2.final.pdf") == "my-doc_v2.final.pdf" | |
| def test_collapses_unsafe_chars(self): | |
| assert sanitize_filename("hello world!?.pdf") == "hello_world_.pdf" | |
| def test_collapses_dots(self): | |
| assert sanitize_filename("evil...exe") == "evil.exe" | |
| def test_returns_fallback_for_empty(self): | |
| assert sanitize_filename("") == "upload" | |
| assert sanitize_filename(None) == "upload" | |
| def test_returns_fallback_for_all_unsafe(self): | |
| assert sanitize_filename("///") == "upload" | |