diff --git a/changedetectionio/run_basic_tests.sh b/changedetectionio/run_basic_tests.sh index 16374106..38bcd603 100755 --- a/changedetectionio/run_basic_tests.sh +++ b/changedetectionio/run_basic_tests.sh @@ -38,4 +38,5 @@ pytest tests/test_rss.py pytest tests/test_unique_lines.py # Check file:// will pickup a file when enabled +echo "Hello world" > /tmp/test-file.txt ALLOW_FILE_URI=yes pytest tests/test_security.py diff --git a/changedetectionio/tests/test_security.py b/changedetectionio/tests/test_security.py index 4210cf41..af55efb2 100644 --- a/changedetectionio/tests/test_security.py +++ b/changedetectionio/tests/test_security.py @@ -64,7 +64,7 @@ def test_bad_access(client, live_server, measure_memory_usage): def test_file_access(client, live_server, measure_memory_usage): #live_server_setup(live_server) - test_file_path = os.path.join(os.getcwd(), "..", "README.md") + test_file_path = "/tmp/test-file.txt" # file:// is permitted by default, but it will be caught by ALLOW_FILE_URI client.post( @@ -82,8 +82,8 @@ def test_file_access(client, live_server, measure_memory_usage): follow_redirects=True ) - # Should see something from the README.md - assert b"release-shield" in res.data + # Should see something (this file added by run_basic_tests.sh) + assert b"Hello world" in res.data else: # Default should be here assert b'file:// type access is denied for security reasons.' in res.data