MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add a test for uppercase malicious extensions.

This commit is contained in:
Sam Rose 2023-11-21 10:42:44 +00:00
parent b4cb97963c
commit 79dcc468b8
No known key found for this signature in database
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
packages/server/src/api/routes/tests/attachment.spec.ts
View File

@ -35,6 +35,17 @@ describe("/api/applications/:appId/sync", () => {
})
})
it("should reject an upload with a malicious uppercase file extension", async () => {
await config.withEnv({ SELF_HOSTED: undefined }, async () => {
let resp = (await config.api.attachment.process(
"OHNO.EXE",
Buffer.from([0]),
{ expectStatus: 400 }
)) as unknown as APIError
expect(resp.message).toContain("invalid extension")
})
})
it("should reject an upload with no file", async () => {
let resp = (await config.api.attachment.process(
undefined as any,