def setUp(self): AvatarTestCase.setUp(self) self.avatar = CodehostingAvatar(self.aliceUserDict, None) self.reactor = MockReactor() def lookup_template(command): if command == 'foo': return 'bar baz %(user_id)s' raise ForbiddenCommand("Not allowed to execute %r." % command) self.session = RestrictedExecOnlySession(self.avatar, self.reactor, lookup_template)
def setUp(self): AvatarTestCase.setUp(self) self.avatar = CodehostingAvatar(self.aliceUserDict, None) self.reactor = MockReactor() def lookup_template(command): if command == 'foo': return 'bar baz %(user_id)s' raise ForbiddenCommand("Not allowed to execute %r." % command) self.session = RestrictedExecOnlySession( self.avatar, self.reactor, lookup_template)
def test_getAvatarAdapter(self): # getAvatarAdapter is a convenience classmethod so that # RestrictedExecOnlySession can be easily registered as an adapter for # Conch avatars. from twisted.internet import reactor def lookup_template(command): if command == 'foo': return 'bar baz' raise ForbiddenCommand(command) adapter = RestrictedExecOnlySession.getAvatarAdapter(lookup_template) session = adapter(self.avatar) self.assertTrue( isinstance(session, RestrictedExecOnlySession), "ISession(avatar) doesn't adapt to RestrictedExecOnlySession. " "Got %r instead." % (session, )) self.assertIs(self.avatar, session.avatar) self.assertIs(reactor, session.reactor) self.assertEqual('bar baz', session.lookup_command_template('foo')) self.assertRaises(ForbiddenCommand, session.lookup_command_template, 'notfoo')
def test_getAvatarAdapter(self): # getAvatarAdapter is a convenience classmethod so that # RestrictedExecOnlySession can be easily registered as an adapter for # Conch avatars. from twisted.internet import reactor def lookup_template(command): if command == 'foo': return 'bar baz' raise ForbiddenCommand(command) adapter = RestrictedExecOnlySession.getAvatarAdapter( lookup_template) session = adapter(self.avatar) self.failUnless( isinstance(session, RestrictedExecOnlySession), "ISession(avatar) doesn't adapt to RestrictedExecOnlySession. " "Got %r instead." % (session,)) self.assertIs(self.avatar, session.avatar) self.assertIs(reactor, session.reactor) self.assertEqual('bar baz', session.lookup_command_template('foo')) self.assertRaises(ForbiddenCommand, session.lookup_command_template, 'notfoo')
class TestRestrictedExecOnlySession(AvatarTestCase): """Tests for RestrictedExecOnlySession. bzr+ssh requests to the code hosting SSH server ask the server to execute a particular command: 'bzr serve --inet /'. The SSH server rejects all other commands. When it receives the expected command, the SSH server doesn't actually execute the exact given command. Instead, it executes another pre-defined command. """ def setUp(self): AvatarTestCase.setUp(self) self.avatar = CodehostingAvatar(self.aliceUserDict, None) self.reactor = MockReactor() def lookup_template(command): if command == 'foo': return 'bar baz %(user_id)s' raise ForbiddenCommand("Not allowed to execute %r." % command) self.session = RestrictedExecOnlySession(self.avatar, self.reactor, lookup_template) def test_makeRestrictedExecOnlySession(self): # A RestrictedExecOnlySession is constructed with an avatar, a reactor # and an expected command. self.assertTrue( isinstance(self.session, RestrictedExecOnlySession), "%r not an instance of RestrictedExecOnlySession" % (self.session, )) self.assertEqual(self.avatar, self.session.avatar) self.assertEqual(self.reactor, self.session.reactor) self.assertEqual('bar baz %(user_id)s', self.session.lookup_command_template('foo')) self.assertRaises(ForbiddenCommand, self.session.lookup_command_template, 'notfoo') def test_execCommandRejectsUnauthorizedCommands(self): # execCommand rejects all commands except for the command specified in # the constructor and closes the connection. # Note that Conch doesn't have a well-defined way of rejecting # commands. Disconnecting in execCommand will do. We don't raise # an exception to avoid logging an OOPS. protocol = MockProcessTransport('cat') self.assertEqual(None, self.session.execCommand(protocol, 'cat')) self.assertEqual([('writeExtended', connection.EXTENDED_DATA_STDERR, "Not allowed to execute 'cat'.\r\n"), ('loseConnection', )], protocol.log) def test_getCommandToRunReturnsTemplateCommand(self): # When passed the allowed command, getCommandToRun always returns the # executable and arguments corresponding to the provided executed # command template. executable, arguments = self.session.getCommandToRun('foo') self.assertEqual('bar', executable) self.assertEqual(['bar', 'baz', str(self.avatar.user_id)], list(arguments)) def test_getAvatarAdapter(self): # getAvatarAdapter is a convenience classmethod so that # RestrictedExecOnlySession can be easily registered as an adapter for # Conch avatars. from twisted.internet import reactor def lookup_template(command): if command == 'foo': return 'bar baz' raise ForbiddenCommand(command) adapter = RestrictedExecOnlySession.getAvatarAdapter(lookup_template) session = adapter(self.avatar) self.assertTrue( isinstance(session, RestrictedExecOnlySession), "ISession(avatar) doesn't adapt to RestrictedExecOnlySession. " "Got %r instead." % (session, )) self.assertIs(self.avatar, session.avatar) self.assertIs(reactor, session.reactor) self.assertEqual('bar baz', session.lookup_command_template('foo')) self.assertRaises(ForbiddenCommand, session.lookup_command_template, 'notfoo')
class TestRestrictedExecOnlySession(AvatarTestCase): """Tests for RestrictedExecOnlySession. bzr+ssh requests to the code hosting SSH server ask the server to execute a particular command: 'bzr serve --inet /'. The SSH server rejects all other commands. When it receives the expected command, the SSH server doesn't actually execute the exact given command. Instead, it executes another pre-defined command. """ def setUp(self): AvatarTestCase.setUp(self) self.avatar = CodehostingAvatar(self.aliceUserDict, None) self.reactor = MockReactor() def lookup_template(command): if command == 'foo': return 'bar baz %(user_id)s' raise ForbiddenCommand("Not allowed to execute %r." % command) self.session = RestrictedExecOnlySession( self.avatar, self.reactor, lookup_template) def test_makeRestrictedExecOnlySession(self): # A RestrictedExecOnlySession is constructed with an avatar, a reactor # and an expected command. self.failUnless( isinstance(self.session, RestrictedExecOnlySession), "%r not an instance of RestrictedExecOnlySession" % (self.session,)) self.assertEqual(self.avatar, self.session.avatar) self.assertEqual(self.reactor, self.session.reactor) self.assertEqual('bar baz %(user_id)s', self.session.lookup_command_template('foo')) self.assertRaises(ForbiddenCommand, self.session.lookup_command_template, 'notfoo') def test_execCommandRejectsUnauthorizedCommands(self): # execCommand rejects all commands except for the command specified in # the constructor and closes the connection. # Note that Conch doesn't have a well-defined way of rejecting # commands. Disconnecting in execCommand will do. We don't raise # an exception to avoid logging an OOPS. protocol = MockProcessTransport('cat') self.assertEqual( None, self.session.execCommand(protocol, 'cat')) self.assertEqual( [('writeExtended', connection.EXTENDED_DATA_STDERR, "Not allowed to execute 'cat'.\r\n"), ('loseConnection',)], protocol.log) def test_getCommandToRunReturnsTemplateCommand(self): # When passed the allowed command, getCommandToRun always returns the # executable and arguments corresponding to the provided executed # command template. executable, arguments = self.session.getCommandToRun('foo') self.assertEqual('bar', executable) self.assertEqual( ['bar', 'baz', str(self.avatar.user_id)], list(arguments)) def test_getAvatarAdapter(self): # getAvatarAdapter is a convenience classmethod so that # RestrictedExecOnlySession can be easily registered as an adapter for # Conch avatars. from twisted.internet import reactor def lookup_template(command): if command == 'foo': return 'bar baz' raise ForbiddenCommand(command) adapter = RestrictedExecOnlySession.getAvatarAdapter( lookup_template) session = adapter(self.avatar) self.failUnless( isinstance(session, RestrictedExecOnlySession), "ISession(avatar) doesn't adapt to RestrictedExecOnlySession. " "Got %r instead." % (session,)) self.assertIs(self.avatar, session.avatar) self.assertIs(reactor, session.reactor) self.assertEqual('bar baz', session.lookup_command_template('foo')) self.assertRaises(ForbiddenCommand, session.lookup_command_template, 'notfoo')