From 563eacca1b99b9489391d4d61295bc7d611b987c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Stucke?= <joerg.stucke@fkie.fraunhofer.de>
Date: Mon, 1 Dec 2025 16:53:37 +0100
Subject: [PATCH] feat: allow endpoints with trailing slashes

---
 .../web_interface/rest/test_rest_file_object.py          | 9 +++------
 .../integration/web_interface/rest/test_rest_firmware.py | 7 -------
 .../web_interface/rest/test_rest_statistics.py           | 9 +++------
 .../unit/web_interface/rest/test_rest_file_object.py     | 9 +++------
 src/web_interface/app.py                                 | 1 +
 5 files changed, 10 insertions(+), 25 deletions(-)

diff --git a/src/test/integration/web_interface/rest/test_rest_file_object.py b/src/test/integration/web_interface/rest/test_rest_file_object.py
index 53fc4992a..19b220083 100644
--- a/src/test/integration/web_interface/rest/test_rest_file_object.py
+++ b/src/test/integration/web_interface/rest/test_rest_file_object.py
@@ -15,8 +15,9 @@ def test_rest_download_valid(self, backend_db):
         assert b'hid' in rv.data
         assert b'size' in rv.data
 
-    def test_rest_request_multiple_file_objects(self):
-        rv = self.test_client.get('/rest/file_object', follow_redirects=True)
+    @pytest.mark.parametrize('url', ['/rest/file_object', '/rest/file_object/'])
+    def test_rest_request_multiple_file_objects(self, url):
+        rv = self.test_client.get(url, follow_redirects=True)
 
         assert b'uids' in rv.data
         assert b'status:" 1' not in rv.data
@@ -25,7 +26,3 @@ def test_rest_download_invalid_uid(self):
         rv = self.test_client.get('/rest/file_object/invalid%20uid', follow_redirects=True)
 
         assert b'No file object with UID invalid uid' in rv.data
-
-    def test_rest_download_invalid_data(self):
-        rv = self.test_client.get('/rest/file_object/', follow_redirects=True)
-        assert b'404 Not Found' in rv.data
diff --git a/src/test/integration/web_interface/rest/test_rest_firmware.py b/src/test/integration/web_interface/rest/test_rest_firmware.py
index 47d0ae497..afacde849 100644
--- a/src/test/integration/web_interface/rest/test_rest_firmware.py
+++ b/src/test/integration/web_interface/rest/test_rest_firmware.py
@@ -111,13 +111,6 @@ def test_rest_download_invalid_uid(self, backend_db):
 
         assert b'No firmware with UID invalid uid' in rv.data
 
-    def test_rest_download_invalid_data(self, backend_db):
-        test_firmware = create_test_firmware(device_class='test class', device_name='test device', vendor='test vendor')
-        backend_db.add_object(test_firmware)
-
-        rv = self.test_client.get('/rest/firmware/', follow_redirects=True)
-        assert b'404 Not Found' in rv.data
-
     @pytest.mark.skip(reason='Intercom not running, thus not a single plugin known')
     def test_rest_update_analysis_success(self, backend_db):
         test_firmware = create_test_firmware(device_class='test class', device_name='test device', vendor='test vendor')
diff --git a/src/test/integration/web_interface/rest/test_rest_statistics.py b/src/test/integration/web_interface/rest/test_rest_statistics.py
index 08a18502b..05883456a 100644
--- a/src/test/integration/web_interface/rest/test_rest_statistics.py
+++ b/src/test/integration/web_interface/rest/test_rest_statistics.py
@@ -22,8 +22,9 @@ def setup_method(self):
             'known_vulnerabilities', {'known_vulnerabilities': [['BackDoor_String', 1]]}
         )
 
-    def test_rest_request_all_statistics(self):
-        st = self.test_client.get('/rest/statistics', follow_redirects=True)
+    @pytest.mark.parametrize('url', ['/rest/statistics', '/rest/statistics/'])
+    def test_rest_request_all_statistics(self, url):
+        st = self.test_client.get(url, follow_redirects=True)
         st_dict = json.loads(st.data)
 
         assert b'file_type' in st.data
@@ -49,7 +50,3 @@ def test_rest_request_non_existent_statistic(self):
         st = self.test_client.get('/rest/statistics/non_existent_stat', follow_redirects=True)
 
         assert b'A statistic with the ID non_existent_stat does not exist' in st.data
-
-    def test_rest_request_invalid_data(self):
-        st = self.test_client.get('/rest/statistics/', follow_redirects=True)
-        assert b'404 Not Found' in st.data
diff --git a/src/test/unit/web_interface/rest/test_rest_file_object.py b/src/test/unit/web_interface/rest/test_rest_file_object.py
index 0312a804e..55c6856e8 100644
--- a/src/test/unit/web_interface/rest/test_rest_file_object.py
+++ b/src/test/unit/web_interface/rest/test_rest_file_object.py
@@ -13,12 +13,9 @@ def rest_get_file_object_uids(**_):
 
 @pytest.mark.WebInterfaceUnitTestConfig(database_mock_class=DbMock)
 class TestRestFileObject:
-    def test_empty_uid(self, test_client):
-        result = test_client.get('/rest/file_object/').data
-        assert b'404 Not Found' in result
-
-    def test_get_all_objects(self, test_client):
-        result = test_client.get('/rest/file_object').json
+    @pytest.mark.parametrize('url', ['/rest/file_object', '/rest/file_object/'])
+    def test_get_all_objects(self, test_client, url):
+        result = test_client.get(url).json
         assert 'error_message' not in result
 
     def test_paging(self, test_client):
diff --git a/src/web_interface/app.py b/src/web_interface/app.py
index f429e3eda..4d4db946c 100644
--- a/src/web_interface/app.py
+++ b/src/web_interface/app.py
@@ -11,6 +11,7 @@ def create_app():
     app.config.from_object(__name__)
     app.config['SECRET_KEY'] = os.urandom(24)
     _add_config_to_app(app)
+    app.url_map.strict_slashes = False  # allow trailing slashes in endpoint URLs
     return app