def test_extract_function(self):
for entry in os.scandir(self.testdir):
with self.subTest(entry.name), tempfile.TemporaryDirectory() as tmpdir:
archive.extract(entry.path, tmpdir)
self.assertTrue(os.path.isfile(os.path.join(tmpdir, '1')))
self.assertTrue(os.path.isfile(os.path.join(tmpdir, '2')))
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', '1')))
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', '2')))
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', 'bar', '1')))
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', 'bar', '2')))
def test_extract_file_permissions(self):
"""Archive.extract() preserves file permissions."""
extract(self.archive_path, self.tmpdir)
filepath = os.path.join(self.tmpdir, 'executable')
# The file has executable permission.
self.assertTrue(os.stat(filepath).st_mode & stat.S_IXOTH)
filepath = os.path.join(self.tmpdir, 'no_permissions')
# The file is readable even though it doesn't have permission data in
# the archive.
self.assertTrue(os.stat(filepath).st_mode & stat.S_IROTH)
def test_extract_file_permissions(self):
"""Archive.extract() preserves file permissions."""
extract(self.archive_path, self.tmpdir)
filepath = os.path.join(self.tmpdir, 'executable')
# The file has executable permission.
self.assertTrue(os.stat(filepath).st_mode & stat.S_IXOTH)
filepath = os.path.join(self.tmpdir, 'no_permissions')
# The file is readable even though it doesn't have permission data in
# the archive.
self.assertTrue(os.stat(filepath).st_mode & stat.S_IROTH)
def extract(self, filename):
"""
Extracts the given file to a temporarily and returns
the path of the directory with the extracted content.
"""
prefix = "django_%s_template_" % self.app_or_project
tempdir = tempfile.mkdtemp(prefix=prefix, suffix="_extract")
self.paths_to_remove.append(tempdir)
if self.verbosity >= 2:
self.stdout.write("Extracting %s\n" % filename)
try:
archive.extract(filename, tempdir)
return tempdir
except (archive.ArchiveException, IOError) as e:
raise CommandError("couldn't extract file %s to %s: %s" % (filename, tempdir, e))
def test_extract_file_permissions(self):
"""archive.extract() preserves file permissions."""
mask = stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO
umask = os.umask(0)
os.umask(umask) # Restore the original umask.
for entry in os.scandir(self.testdir):
if entry.name.startswith('leadpath_'):
continue
with self.subTest(entry.name), tempfile.TemporaryDirectory() as tmpdir:
archive.extract(entry.path, tmpdir)
# An executable file in the archive has executable permissions.
filepath = os.path.join(tmpdir, 'executable')
self.assertEqual(os.stat(filepath).st_mode & mask, 0o775)
# A file is readable even if permission data is missing.
filepath = os.path.join(tmpdir, 'no_permissions')
self.assertEqual(os.stat(filepath).st_mode & mask, 0o664 & ~umask)
def extract(self, filename):
"""
Extract the given file to a temporary directory and return
the path of the directory with the extracted content.
"""
prefix = 'django_%s_template_' % self.app_or_project
tempdir = tempfile.mkdtemp(prefix=prefix, suffix='_extract')
self.paths_to_remove.append(tempdir)
if self.verbosity >= 2:
self.stdout.write('Extracting %s' % filename)
try:
archive.extract(filename, tempdir)
return tempdir
except (archive.ArchiveException, OSError) as e:
raise CommandError("couldn't extract file %s to %s: %s" %
(filename, tempdir, e))
def test_extract_function_traversal(self):
archives_dir = os.path.join(os.path.dirname(__file__),
'traversal_archives')
tests = [
('traversal.tar', '..'),
('traversal_absolute.tar', '/tmp/evil.py'),
]
if sys.platform == 'win32':
tests += [
('traversal_disk_win.tar', 'd:evil.py'),
('traversal_disk_win.zip', 'd:evil.py'),
]
msg = "Archive contains invalid path: '%s'"
for entry, invalid_path in tests:
with self.subTest(entry), tempfile.TemporaryDirectory() as tmpdir:
with self.assertRaisesMessage(SuspiciousOperation,
msg % invalid_path):
archive.extract(os.path.join(archives_dir, entry), tmpdir)
def test_extract_function(self):
for entry in os.scandir(self.testdir):
with self.subTest(
entry.name), tempfile.TemporaryDirectory() as tmpdir:
if ((entry.name.endswith('.bz2') and not HAS_BZ2)
or (entry.name.endswith(
('.lzma', '.xz')) and not HAS_LZMA)):
continue
archive.extract(entry.path, tmpdir)
self.assertTrue(os.path.isfile(os.path.join(tmpdir, '1')))
self.assertTrue(os.path.isfile(os.path.join(tmpdir, '2')))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, 'foo', '1')))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, 'foo', '2')))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, 'foo', 'bar', '1')))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, 'foo', 'bar', '2')))
def test_extract_function(self):
with os.scandir(self.testdir) as entries:
for entry in entries:
with self.subTest(
entry.name), tempfile.TemporaryDirectory() as tmpdir:
if (entry.name.endswith(".bz2")
and not HAS_BZ2) or (entry.name.endswith(
(".lzma", ".xz")) and not HAS_LZMA):
continue
archive.extract(entry.path, tmpdir)
self.assertTrue(os.path.isfile(os.path.join(tmpdir, "1")))
self.assertTrue(os.path.isfile(os.path.join(tmpdir, "2")))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, "foo", "1")))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, "foo", "2")))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, "foo", "bar",
"1")))
self.assertTrue(
os.path.isfile(os.path.join(tmpdir, "foo", "bar",
"2")))
def test_extract_file_permissions(self):
"""archive.extract() preserves file permissions."""
mask = stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO
umask = os.umask(0)
os.umask(umask) # Restore the original umask.
with os.scandir(self.testdir) as entries:
for entry in entries:
if (entry.name.startswith("leadpath_")
or (entry.name.endswith(".bz2") and not HAS_BZ2)
or (entry.name.endswith(
(".lzma", ".xz")) and not HAS_LZMA)):
continue
with self.subTest(
entry.name), tempfile.TemporaryDirectory() as tmpdir:
archive.extract(entry.path, tmpdir)
# An executable file in the archive has executable
# permissions.
filepath = os.path.join(tmpdir, "executable")
self.assertEqual(os.stat(filepath).st_mode & mask, 0o775)
# A file is readable even if permission data is missing.
filepath = os.path.join(tmpdir, "no_permissions")
self.assertEqual(
os.stat(filepath).st_mode & mask, 0o666 & ~umask)
def test_extract_function(self):
extract(self.archive_path, self.tmpdir)
self.check_files(self.tmpdir)
def test_extract_file_permissions(self):
"""Archive.extract() preserves file permissions."""
extract(self.archive_path, self.tmpdir)
filepath = os.path.join(self.tmpdir, 'executable')
# The file has executable permission.
self.assertTrue(os.stat(filepath).st_mode & stat.S_IXOTH)
def test_extract_function_no_to_path(self):
os.chdir(self.tmpdir)
extract(self.archive_path)
self.check_files(self.tmpdir)
def test_extract_function(self):
extract(self.archive_path, self.tmpdir)
self.check_files(self.tmpdir)
def test_extract_function_with_leadpath(self):
extract(self.archive_lead_path, self.tmpdir)
self.check_files(self.tmpdir)
def test_extract_file_permissions(self):
"""Archive.extract() preserves file permissions."""
extract(self.archive_path, self.tmpdir)
filepath = os.path.join(self.tmpdir, 'executable')
# The file has executable permission.
self.assertTrue(os.stat(filepath).st_mode & stat.S_IXOTH)
def test_extract_function_no_to_path(self):
os.chdir(self.tmpdir)
extract(self.archive_path)
self.check_files(self.tmpdir)
def test_extract_function_with_leadpath(self):
extract(self.archive_lead_path, self.tmpdir)
self.check_files(self.tmpdir)
import cgi
