From 2b74cc2ae8016d5e3d79a8d3eae665ceb4a65fd2 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Mon, 21 Aug 2023 18:06:29 -0400
Subject: [PATCH] add integration tests

---
 tests/pkgs/static_abspath_nulbyte/__init__.py   | 10 ++++++++++
 tests/pkgs/static_assetspec_nulbyte/__init__.py |  2 ++
 tests/test_integration.py                       |  7 +++++++
 3 files changed, 19 insertions(+)
 create mode 100644 tests/pkgs/static_abspath_nulbyte/__init__.py
 create mode 100644 tests/pkgs/static_assetspec_nulbyte/__init__.py

diff --git a/tests/pkgs/static_abspath_nulbyte/__init__.py b/tests/pkgs/static_abspath_nulbyte/__init__.py
new file mode 100644
index 0000000000..a946fcdf98
--- /dev/null
+++ b/tests/pkgs/static_abspath_nulbyte/__init__.py
@@ -0,0 +1,10 @@
+import os
+
+
+def includeme(config):
+    here = here = os.path.dirname(__file__)
+    static
+    static = os.path.normpath(
+        os.path.join(here, '..', '..', 'fixtures', 'statc')
+    )
+    config.add_static_view('/', static)
diff --git a/tests/pkgs/static_assetspec_nulbyte/__init__.py b/tests/pkgs/static_assetspec_nulbyte/__init__.py
new file mode 100644
index 0000000000..49cebab3e0
--- /dev/null
+++ b/tests/pkgs/static_assetspec_nulbyte/__init__.py
@@ -0,0 +1,2 @@
+def includeme(config):
+    config.add_static_view('/', 'tests:fixtures/static')
diff --git a/tests/test_integration.py b/tests/test_integration.py
index f671b7c0b9..a7d9e9b6c3 100644
--- a/tests/test_integration.py
+++ b/tests/test_integration.py
@@ -220,10 +220,17 @@ def test_sendfoobar(self):
 class TestStaticAppUsingAbsPath(StaticAppBase, unittest.TestCase):
     package = 'tests.pkgs.static_abspath'
 
+    def test_nulbyte_chroot(self):
+        super_w_null = '/static/..\x00/'
+        res = self.testapp.get(f'/{super_w_null}', status=404)
+
 
 class TestStaticAppUsingAssetSpec(StaticAppBase, unittest.TestCase):
     package = 'tests.pkgs.static_assetspec'
 
+    def test_nulbyte_chroot(self):
+        super_w_null = 'static/..\x00/'
+        res = self.testapp.get(f'/{super_w_null}', status=404)
 
 class TestStaticAppWithEncodings(IntegrationBase, unittest.TestCase):
     package = 'tests.pkgs.static_encodings'