def test_check_privileges_without_c_force_root(os_module, accept_content):
os_module.environ = {}
os_module.getuid.return_value = 0
os_module.getgid.return_value = 0
os_module.geteuid.return_value = 0
os_module.getegid.return_value = 0
expected_message = re.escape(
ROOT_DISALLOWED.format(uid=0, euid=0, gid=0, egid=0))
with pytest.raises(SecurityError, match=expected_message):
check_privileges(accept_content)
def test_check_privileges_without_c_force_root_and_with_suspicious_group(
grp_module, os_module, accept_content, group_name):
os_module.environ = {}
os_module.getuid.return_value = 60
os_module.getgid.return_value = 60
os_module.geteuid.return_value = 60
os_module.getegid.return_value = 60
grp_module.getgrgid.return_value = [group_name]
grp_module.getgrgid.return_value = [group_name]
expected_message = re.escape(
ROOT_DISALLOWED.format(uid=60, euid=60, gid=60, egid=60))
with pytest.raises(SecurityError, match=expected_message):
check_privileges(accept_content)
def test_check_privileges_without_c_force_root_and_no_group_entry(
grp_module, os_module, accept_content, recwarn):
os_module.environ = {}
os_module.getuid.return_value = 60
os_module.getgid.return_value = 60
os_module.geteuid.return_value = 60
os_module.getegid.return_value = 60
grp_module.getgrgid.side_effect = KeyError
expected_message = re.escape(
ROOT_DISALLOWED.format(uid=60, euid=60, gid=60, egid=60))
with pytest.raises(SecurityError, match=expected_message):
check_privileges(accept_content)
assert recwarn[0].message.args[0] == ASSUMING_ROOT
