Mercurial > hg > orthanc-tests
comparison Tests/Tests.py @ 591:3cb7c6162c77
new test for XSS
author | Alain Mazy <am@osimis.io> |
---|---|
date | Tue, 12 Dec 2023 10:14:37 +0100 |
parents | 47b87c87213b |
children | b6c1f0c9ca15 |
comparison
equal
deleted
inserted
replaced
590:c28bd957cb93 | 591:3cb7c6162c77 |
---|---|
10021 tags = DoGet(_REMOTE, '/instances/%s/tags?simplify' % i) | 10021 tags = DoGet(_REMOTE, '/instances/%s/tags?simplify' % i) |
10022 self.assertFalse('PatientName' in tags) | 10022 self.assertFalse('PatientName' in tags) |
10023 self.assertEqual('M3D', tags['Modality']) | 10023 self.assertEqual('M3D', tags['Modality']) |
10024 self.assertEqual('model/obj', tags['MIMETypeOfEncapsulatedDocument']) | 10024 self.assertEqual('model/obj', tags['MIMETypeOfEncapsulatedDocument']) |
10025 self.assertEqual('1.2.840.10008.5.1.4.1.1.104.4', tags['SOPClassUID']) | 10025 self.assertEqual('1.2.840.10008.5.1.4.1.1.104.4', tags['SOPClassUID']) |
10026 | |
10027 | |
10028 def test_error_codes_content_type(self): | |
10029 | |
10030 # from 1.12.2, check that a ContentType header is included in errors with an error description (ex: 404) | |
10031 (headers, body) = DoGetRaw(_REMOTE, '/rnm94%3Cscript%3Ealert(1)%3C/script%3Ejdtkc/explorer.html') | |
10032 self.assertEqual('404', headers['status']) | |
10033 | |
10034 if IsOrthancVersionAbove(_REMOTE, 1, 12, 2): | |
10035 self.assertEqual('application/json', headers['content-type']) | |
10036 | |
10037 (headers, body) = DoPutRaw(_REMOTE, '/system', 'hello') | |
10038 self.assertEqual('405', headers['status']) | |
10039 # when there is no body, there is no content-type | |
10040 self.assertNotIn('content-type', headers) | |
10041 | |
10042 # responses with bodies contain x-content-type-options | |
10043 if IsOrthancVersionAbove(_REMOTE, 1, 12, 2): | |
10044 (headers, body) = DoGetRaw(_REMOTE, '/system') | |
10045 self.assertIn('nosniff', headers['x-content-type-options']) |