def test_path_escape_symlink(self):
sensitive_path = os.path.join(self.folder, "sensitive")
os.mkdir(sensitive_path)
allowed_path = os.path.join(self.folder, "allowed")
os.mkdir(allowed_path)
# Create a sensitive file and symlink it in the allowed folder
with open(os.path.join(sensitive_path, "target"), "w") as f:
f.write("sensitive")
os.symlink(
os.path.join(sensitive_path, "target"), os.path.join(allowed_path, "target"),
)
with self.assertRaisesRegex(ValueError, "outside of the specified folder"):
read_file(allowed_path, "target")
def test_file_size_limit(self):
filename = "big_file"
with open(os.path.join(self.folder, filename), "w") as f:
for _ in range(0, 2048):
f.write("big")
contents = read_file(self.folder, filename)
self.assertEqual(len(contents), 1024)
def test_file_ok(self):
filename = "ok_file"
with open(os.path.join(self.folder, filename), "w") as f:
f.write("ok_contents")
contents = read_file(self.folder, filename)
self.assertEqual(contents, "ok_contents")
def test_file_not_found(self):
with self.assertRaisesRegex(IOError, "No such file or directory"):
read_file(self.folder, "file/not/found")
def test_path_escape(self):
with self.assertRaisesRegex(ValueError, "outside of the specified folder"):
read_file(self.folder, "a/../../outside/file")