def test_root_traversal_blocked(self):
root = FSRoot(self.safe)
self.assertEqual('safe_unsafe', root.text('../unsafe/readme.txt'))
# verify that failure will happen with a native join
target = sep.join([pardir, 'unsafe', 'readme.txt'])
with open(join(str(root.root), target)) as fd:
self.assertEqual('unsafe', fd.read())
def test_symlink_indirection_stopped(self):
raw_dir = join(self.unsafe, 'outside')
mkdir(raw_dir)
# repeating the resolve test
symlink = Path(join(self.safe, 'link'))
symlink.symlink_to(self.unsafe)
self.assertTrue(symlink.resolve().samefile(self.unsafe))
root = FSRoot(self.safe)
with self.assertRaises(FileNotFoundError):
root.text('link/readme.txt')
def test_root_resolve_symlink_blocked(self):
raw_dir = join(self.unsafe, 'outside')
mkdir(raw_dir)
symlink = Path(join(self.safe, 'link'))
# to simplify inferrence filtering, create an actual valid link
# inside the unsafe directory that links to a valid location
symlink.symlink_to(self.unsafe)
# ensure that the link is created correctly such that this test
# case will execute as expected
self.assertTrue(symlink.resolve().samefile(self.unsafe))
root = FSRoot(self.safe)
with self.assertRaises(FileNotFoundError):
root.resolve('link')
def test_root_resolve_normal(self):
root = FSRoot(self.safe)
self.assertEqual(
Path(join(self.safe, 'target')),
root.resolve('target'),
)
self.assertEqual(
Path(join(self.safe, 'target')),
root.resolve('/target'),
)
self.assertEqual(
Path(join(self.safe, 'target')),
root.resolve('../target'),
)
def test_symlink_filtered(self):
raw_dir = join(self.unsafe, 'outside')
mkdir(raw_dir)
with open(join(raw_dir, 'secure.txt'), 'w') as fd:
fd.write('secrets')
symlink = Path(join(self.safe, 'link'))
symlink.symlink_to(sep.join(['..', 'unsafe', 'outside']),
target_is_directory=True)
# ensure that the link is created correctly such that this test
# case will execute as expected
self.assertTrue(symlink.resolve().samefile(raw_dir))
root = FSRoot(self.safe)
with self.assertRaises(FileNotFoundError):
root.text('/link/secure.txt')
def test_listdir_parts(self):
root = FSRoot(self.base.name)
self.assertEqual([
('safe', ),
('unsafe', ),
], root.listdir_parts(''))
self.assertEqual([
(
'safe',
'readme.txt',
),
(
'safe',
'unsafe',
),
], root.listdir_parts('safe'))
def test_root_subdir_access(self):
root = FSRoot(self.base.name)
target = ['safe', 'readme.txt']
# joined path
self.assertEqual(b'safe', root.read(sep.join(target)))
self.assertEqual('safe', root.text(sep.join(target)))
# raw list access
self.assertEqual(b'safe', root.read(target))
self.assertEqual('safe', root.text(target))
with self.assertRaises(TypeError):
root.read(object)
def test_non_files_blocked(self):
root = FSRoot(self.safe)
with self.assertRaises(FileNotFoundError):
root.text('/unsafe')
with self.assertRaises(FileNotFoundError):
root.read('/unsafe')
def test_root_relative_access(self):
root = FSRoot(self.safe)
target = 'readme.txt'
self.assertEqual(b'safe', root.read(target))
self.assertEqual('safe', root.text(target))
def test_root_absolute_access(self):
root = FSRoot(self.safe)
# using forward slashes to verify support for unnormalized input
# target which could be from some HTTP request.
self.assertEqual(b'safe', root.read('/readme.txt'))
self.assertEqual('safe', root.text('/readme.txt'))
def setUp(self):
self.root = FSRoot(
pkg_resources.resource_filename('repodono.cellml.testing', 'data'))