Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent upload of non-package files #43

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions src/quetz_client/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,16 @@ class Package:
latest_change: str



def _assert_file_is_package(file: Path):
"""Raises an error if the file in question does not look like a conda package"""
valid_suffixes =[".tar.bz2", ".conda"]
file_has_valid_suffix = any(file.name.endswith(suffix) for suffix in valid_suffixes)
if not file_has_valid_suffix:
raise ValueError(f"File {file} does not look like a conda package. It should end in one of {valid_suffixes}.")

return False

@dataclass
class QuetzClient:
session: requests.Session
Expand Down Expand Up @@ -172,6 +182,9 @@ def yield_packages(

def post_file_to_channel(self, channel: str, file: Path, force: bool = False):
file_path = Path(file)

_assert_file_is_package(file_path)

url = f"{self.url}/api/channels/{channel}/upload/{file_path.name}"
body_bytes = file_path.read_bytes()

Expand Down
15 changes: 14 additions & 1 deletion tests/test_mock.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
from quetz_client.client import QuetzClient

from .conftest import temporary_package_file

from pathlib import Path

@pytest.mark.parametrize(
"role",
Expand Down Expand Up @@ -170,3 +170,16 @@ def test_mock_post_file_to_channel(
# thus we need to access all the requests
assert len(requests_mock.request_history) <= 2
assert any(r.method == "POST" for r in requests_mock.request_history)


def test_mock_post_file_to_channel_invalid_file(
mock_client: QuetzClient,
):
"""Test that the client refuses to upload an invalid file that is not a conda package

This test requires to mock server because no actual request are ever made.
The client should exit before talking to the server.
"""
file = Path("./wrong_suffix.txt")
with pytest.raises(ValueError):
mock_client.post_file_to_channel(channel="doesnotmatter", file=file)