ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity
Files
e8a99d5bdd883949b04fefc493e976fbfa4df5c6
flaskpaste/tests/test_mime_detection.py
Username 8f9868f0d9 flaskpaste: initial commit with security hardening 
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup

Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)

Includes /health endpoint, container support, and 70 tests.
2025-12-16 04:42:18 +01:00

96 lines
3.7 KiB
Python
Raw Blame History

"""Tests for MIME type detection."""
import json
class TestMimeDetection:
"""Tests for automatic MIME type detection."""
def test_detect_png(self, client, png_bytes):
"""Detect PNG from magic bytes."""
response = client.post("/", data=png_bytes)
data = json.loads(response.data)
assert data["mime_type"] == "image/png"
def test_detect_jpeg(self, client, jpeg_bytes):
"""Detect JPEG from magic bytes."""
response = client.post("/", data=jpeg_bytes)
data = json.loads(response.data)
assert data["mime_type"] == "image/jpeg"
def test_detect_zip(self, client, zip_bytes):
"""Detect ZIP from magic bytes."""
response = client.post("/", data=zip_bytes)
data = json.loads(response.data)
assert data["mime_type"] == "application/zip"
def test_detect_pdf(self, client, pdf_bytes):
"""Detect PDF from magic bytes."""
response = client.post("/", data=pdf_bytes)
data = json.loads(response.data)
assert data["mime_type"] == "application/pdf"
def test_detect_gif87a(self, client):
"""Detect GIF87a from magic bytes."""
response = client.post("/", data=b"GIF87a" + b"\x00" * 10)
data = json.loads(response.data)
assert data["mime_type"] == "image/gif"
def test_detect_gif89a(self, client):
"""Detect GIF89a from magic bytes."""
response = client.post("/", data=b"GIF89a" + b"\x00" * 10)
data = json.loads(response.data)
assert data["mime_type"] == "image/gif"
def test_detect_gzip(self, client):
"""Detect GZIP from magic bytes."""
response = client.post("/", data=b"\x1f\x8b\x08" + b"\x00" * 10)
data = json.loads(response.data)
assert data["mime_type"] == "application/gzip"
def test_detect_utf8_text(self, client):
"""UTF-8 text defaults to text/plain."""
response = client.post("/", data="Hello, world! 你好")
data = json.loads(response.data)
assert data["mime_type"] == "text/plain"
def test_detect_binary_fallback(self, client):
"""Non-UTF8 binary without magic falls back to octet-stream."""
response = client.post("/", data=b"\x80\x81\x82\x83\x84")
data = json.loads(response.data)
assert data["mime_type"] == "application/octet-stream"
def test_explicit_content_type_honored(self, client):
"""Explicit Content-Type is honored for non-generic types."""
response = client.post(
"/",
data="<html><body>test</body></html>",
content_type="text/html",
)
data = json.loads(response.data)
assert data["mime_type"] == "text/html"
def test_generic_content_type_overridden(self, client, png_bytes):
"""Generic Content-Type is overridden by magic detection."""
response = client.post(
"/",
data=png_bytes,
content_type="application/octet-stream",
)
data = json.loads(response.data)
assert data["mime_type"] == "image/png"
def test_webp_detection(self, client):
"""Detect WebP from RIFF...WEBP magic."""
webp_header = b"RIFF\x00\x00\x00\x00WEBP"
response = client.post("/", data=webp_header + b"\x00" * 20)
data = json.loads(response.data)
assert data["mime_type"] == "image/webp"
def test_riff_non_webp_not_detected(self, client):
"""RIFF without WEBP marker is not detected as WebP."""
riff_other = b"RIFF\x00\x00\x00\x00WAVE"
response = client.post("/", data=riff_other + b"\x00" * 20)
data = json.loads(response.data)
assert data["mime_type"] != "image/webp"
View Git Blame Copy Permalink