remove part 1

2025-10-30 20:06:45 +01:00
parent 627f8b0cc4
commit 4649cf562d
11 changed files with 128 additions and 1765 deletions
--- a/tests/security/test_input_validation.py
+++ b/tests/security/test_input_validation.py
@@ -322,74 +322,3 @@ class TestAPIParameterValidation:
            # Should not grant admin from parameter
            data = response.json()
            assert not data.get("data", {}).get("is_admin", False)
-
-
-@pytest.mark.security
-class TestFileUploadSecurity:
-    """Security tests for file upload handling."""
-
-    @pytest.fixture
-    async def client(self):
-        """Create async HTTP client for testing."""
-        from httpx import ASGITransport
-
-        async with AsyncClient(
-            transport=ASGITransport(app=app), base_url="http://test"
-        ) as ac:
-            yield ac
-
-    @pytest.mark.asyncio
-    async def test_malicious_file_extension(self, client):
-        """Test handling of dangerous file extensions."""
-        dangerous_extensions = [
-            ".exe",
-            ".sh",
-            ".bat",
-            ".cmd",
-            ".php",
-            ".jsp",
-        ]
-
-        for ext in dangerous_extensions:
-            files = {"file": (f"test{ext}", b"malicious content")}
-            response = await client.post("/api/upload", files=files)
-
-            # Should reject dangerous files
-            assert response.status_code in [400, 403, 415]
-
-    @pytest.mark.asyncio
-    async def test_file_size_limit(self, client):
-        """Test enforcement of file size limits."""
-        # Try to upload very large file
-        large_content = b"A" * (100 * 1024 * 1024)  # 100MB
-
-        files = {"file": ("large.txt", large_content)}
-        response = await client.post("/api/upload", files=files)
-
-        # Should reject oversized files
-        assert response.status_code in [413, 422]
-
-    @pytest.mark.asyncio
-    async def test_double_extension_bypass(self, client):
-        """Test protection against double extension bypass."""
-        files = {"file": ("image.jpg.php", b"<?php phpinfo(); ?>")}
-        response = await client.post("/api/upload", files=files)
-
-        # Should detect and reject
-        assert response.status_code in [400, 403, 415]
-
-    @pytest.mark.asyncio
-    async def test_mime_type_validation(self, client):
-        """Test MIME type validation."""
-        # PHP file with image MIME type
-        files = {
-            "file": (
-                "image.jpg",
-                b"<?php phpinfo(); ?>",
-                "image/jpeg",
-            )
-        }
-        response = await client.post("/api/upload", files=files)
-
-        # Should validate actual content, not just MIME type
-        assert response.status_code in [400, 403, 415]