Web UI: More file path sanitation, better network bridge warnings, each endpoint return one message (#932)

- Sanitize file paths with Path: for flat file structures, always extract Path().name, and for nested file structures either look for absolute paths, or someone trying to use ".." to traverse the dir strucutre. - Reduce redundancy in network bridge detection method, and return somewhat more informative messages - Make all endpoints return exactly one message - Move some warning messages to logging - Use tempfile for iso generation temp file handling
2026-04-21 02:17:25 +00:00 · 2022-10-23 19:05:29 -07:00
parent f3553c5480
commit 5172d167e7
6 changed files with 323 additions and 233 deletions
@@ -20,7 +20,6 @@ def test_create_file(http_client, list_files, delete_file):
            "file_name": file_prefix,
            "type": "hds",
            "size": 1,
-            "drive_name": "DEC RZ22",
        },
    )

@@ -36,6 +35,36 @@ def test_create_file(http_client, list_files, delete_file):
    delete_file(file_name)


+# route("/files/create", methods=["POST"])
+def test_create_file_with_properties(http_client, list_files, delete_file):
+    file_prefix = str(uuid.uuid4())
+    file_name = f"{file_prefix}.hds"
+
+    response = http_client.post(
+        "/files/create",
+        data={
+            "file_name": file_prefix,
+            "type": "hds",
+            "size": 1,
+            "drive_name": "DEC RZ22",
+        },
+    )
+
+    response_data = response.json()
+
+    assert response.status_code == 201
+    assert response_data["status"] == STATUS_SUCCESS
+    assert response_data["data"]["image"] == file_name
+    assert (
+        response_data["messages"][0]["message"]
+        == f"Image file with properties created: {file_name}"
+    )
+    assert file_name in list_files()
+
+    # Cleanup
+    delete_file(file_name)
+
+
 # route("/files/rename", methods=["POST"])
 def test_rename_file(http_client, create_test_image, list_files, delete_file):
    original_file = create_test_image(auto_delete=False)
@@ -258,6 +287,7 @@ def test_download_url_to_iso(

    http_path = f"/images/{test_file_name}"
    url = httpserver.url_for(http_path)
+    ISO_TYPE = "ISO-9660 Level 1"

    with open("tests/assets/test_image.hds", mode="rb") as file:
        test_file_data = file.read()
@@ -271,7 +301,7 @@ def test_download_url_to_iso(
        "/files/download_to_iso",
        data={
            "scsi_id": SCSI_ID,
-            "type": "-hfs",
+            "type": ISO_TYPE,
            "url": url,
        },
    )
@@ -283,10 +313,11 @@ def test_download_url_to_iso(
    assert iso_file_name in list_files()
    assert iso_file_name in list_attached_images()

-    m = response_data["messages"]
-    assert m[0]["message"] == 'Created CD-ROM ISO image with arguments "-hfs"'
-    assert m[1]["message"] == f"Saved image as: {env['images_dir']}/{iso_file_name}"
-    assert m[2]["message"] == f"Attached to SCSI ID {SCSI_ID}"
+    assert (
+        response_data["messages"][0]["message"]
+        == f"CD-ROM image {iso_file_name} with type {ISO_TYPE} was created "
+        f"and attached to SCSI ID {SCSI_ID}"
+    )

    # Cleanup
    detach_devices()