DEMO-AGENT/tests/test_file_summary_storage.py

from django.core.files.uploadedfile import SimpleUploadedFile
import pytest

from review_agent.file_summary.storage import save_uploaded_attachment
from review_agent.models import Conversation, FileAttachment


pytestmark = pytest.mark.django_db


def test_save_uploaded_attachment_versions_same_name(settings, tmp_path, django_user_model):
    settings.MEDIA_ROOT = tmp_path
    user = django_user_model.objects.create_user(username="owner", password="pass")
    conversation = Conversation.objects.create(user=user, title="会话")

    first = save_uploaded_attachment(
        conversation=conversation,
        user=user,
        uploaded_file=SimpleUploadedFile("资料.docx", b"first"),
    )
    second = save_uploaded_attachment(
        conversation=conversation,
        user=user,
        uploaded_file=SimpleUploadedFile("资料.docx", b"second"),
    )

    first.refresh_from_db()
    assert first.version_no == 1
    assert first.is_active is False
    assert second.version_no == 2
    assert second.is_active is True
    assert FileAttachment.objects.filter(conversation=conversation).count() == 2
    assert (tmp_path / second.storage_path).read_bytes() == b"second"


def test_save_uploaded_attachment_rejects_path_traversal(settings, tmp_path, django_user_model):
    settings.MEDIA_ROOT = tmp_path
    user = django_user_model.objects.create_user(username="owner", password="pass")
    conversation = Conversation.objects.create(user=user, title="会话")

    attachment = save_uploaded_attachment(
        conversation=conversation,
        user=user,
        uploaded_file=SimpleUploadedFile("../资料.docx", b"content"),
    )

    assert ".." not in attachment.storage_path
    assert (tmp_path / attachment.storage_path).exists()