def validate_tempfile_authentication_header_value(header_value):
if not re.match('^tmp\w{6}:\w{64}', header_value):
raise ValueError(
'tempfile auth: invalid x-ftw.upgrade-tempfile-auth header value.')
filename, authhash = header_value.split(':')
directory = get_tempfile_authentication_directory(os.getcwd())
filepath = directory.joinpath(filename)
if not filepath.isfile():
raise ValueError('tempfile auth: tempfile does not exist.')
# Verify that "others" do not have any permissions on this file.
if filepath.stat().st_mode & stat.S_IRWXO:
raise ValueError('tempfile auth: tempfile is accesible by "others".')
if filepath.getsize() != 64:
raise ValueError('tempfile auth: tempfile size is invalid.')
with open(filepath, 'r') as authfile:
if authfile.read() != authhash:
raise ValueError('tempfile auth: authentication failed.')
def validate_tempfile_authentication_header_value(header_value):
if not re.match('^tmp\w{6}:\w{64}', header_value):
raise ValueError(
'tempfile auth: invalid x-ftw.upgrade-tempfile-auth header value.')
filename, authhash = header_value.split(':')
directory = get_tempfile_authentication_directory(os.getcwd())
filepath = directory.joinpath(filename)
if not filepath.isfile():
raise ValueError('tempfile auth: tempfile does not exist.')
# Verify that "others" do not have any permissions on this file.
if filepath.stat().st_mode & stat.S_IRWXO:
raise ValueError('tempfile auth: tempfile is accesible by "others".')
if filepath.getsize() != 64:
raise ValueError('tempfile auth: tempfile size is invalid.')
with open(filepath, 'r') as authfile:
if authfile.read() != authhash:
raise ValueError('tempfile auth: authentication failed.')
def validate_tempfile_authentication_header_value(header_value):
if not re.match('^tmp\w{6}:\w{64}', header_value):
raise ValueError(
'tempfile auth: invalid x-ftw.upgrade-tempfile-auth header value.')
filename, authhash = header_value.split(':')
directory = get_tempfile_authentication_directory(os.getcwd())
filepath = directory.joinpath(filename)
if not filepath.isfile():
raise ValueError('tempfile auth: tempfile does not exist.')
if stat.S_IMODE(filepath.stat().st_mode) != 0600:
raise ValueError('tempfile auth: tempfile has invalid mode.')
if filepath.stat().st_uid != os.getuid():
raise ValueError('tempfile auth: tempfile has invalid owner.')
if filepath.getsize() != 64:
raise ValueError('tempfile auth: tempfile size is invalid.')
with open(filepath, 'r') as authfile:
if authfile.read() != authhash:
raise ValueError('tempfile auth: authentication failed.')
def validate_tempfile_authentication_header_value(header_value):
if not re.match('^tmp\w{6}:\w{64}', header_value):
raise ValueError(
'tempfile auth: invalid x-ftw.upgrade-tempfile-auth header value.')
filename, authhash = header_value.split(':')
directory = get_tempfile_authentication_directory(os.getcwd())
filepath = directory.joinpath(filename)
if not filepath.isfile():
raise ValueError('tempfile auth: tempfile does not exist.')
if stat.S_IMODE(filepath.stat().st_mode) != 0600:
raise ValueError('tempfile auth: tempfile has invalid mode.')
if filepath.stat().st_uid != os.getuid():
raise ValueError('tempfile auth: tempfile has invalid owner.')
if filepath.getsize() != 64:
raise ValueError('tempfile auth: tempfile size is invalid.')
with open(filepath, 'r') as authfile:
if authfile.read() != authhash:
raise ValueError('tempfile auth: authentication failed.')
def _get_temp_directory(self):
relative_to = self.relative_to or sys.argv[0]
return get_tempfile_authentication_directory(relative_to)
def _get_temp_directory(self):
relative_to = self.relative_to or sys.argv[0]
return get_tempfile_authentication_directory(relative_to)
def test_detects_unwanted_others_permissions(self):
tmpdir = get_tempfile_authentication_directory(self.buildoutdir)
tmpdir.chmod(tmpdir.stat().st_mode | stat.S_IROTH)
with self.assertRaises(ValueError):
get_tempfile_authentication_directory(self.buildoutdir)
def test_supports_setguid_flag(self):
tmpdir = get_tempfile_authentication_directory(self.buildoutdir)
tmpdir.chmod(tmpdir.stat().st_mode | stat.S_ISGID)
get_tempfile_authentication_directory(self.buildoutdir)
def test_directory_is_created(self):
tmpdir = get_tempfile_authentication_directory(self.buildoutdir)
self.assertTrue(tmpdir.isdir())
def test_detects_unwanted_others_permissions(self):
tmpdir = get_tempfile_authentication_directory(self.buildoutdir)
tmpdir.chmod(tmpdir.stat().st_mode | stat.S_IROTH)
with self.assertRaises(ValueError):
get_tempfile_authentication_directory(self.buildoutdir)
def test_supports_setguid_flag(self):
tmpdir = get_tempfile_authentication_directory(self.buildoutdir)
tmpdir.chmod(tmpdir.stat().st_mode | stat.S_ISGID)
get_tempfile_authentication_directory(self.buildoutdir)
def test_directory_is_created(self):
tmpdir = get_tempfile_authentication_directory(self.buildoutdir)
self.assertTrue(tmpdir.isdir())