Exemplo n.º 1
0
    def test_path_escape_symlink(self):
        sensitive_path = os.path.join(self.folder, "sensitive")
        os.mkdir(sensitive_path)
        allowed_path = os.path.join(self.folder, "allowed")
        os.mkdir(allowed_path)

        # Create a sensitive file and symlink it in the allowed folder
        with open(os.path.join(sensitive_path, "target"), "w") as f:
            f.write("sensitive")
        os.symlink(
            os.path.join(sensitive_path, "target"), os.path.join(allowed_path, "target"),
        )

        with self.assertRaisesRegex(ValueError, "outside of the specified folder"):
            read_file(allowed_path, "target")
Exemplo n.º 2
0
 def test_file_size_limit(self):
     filename = "big_file"
     with open(os.path.join(self.folder, filename), "w") as f:
         for _ in range(0, 2048):
             f.write("big")
     contents = read_file(self.folder, filename)
     self.assertEqual(len(contents), 1024)
Exemplo n.º 3
0
 def test_file_ok(self):
     filename = "ok_file"
     with open(os.path.join(self.folder, filename), "w") as f:
         f.write("ok_contents")
     contents = read_file(self.folder, filename)
     self.assertEqual(contents, "ok_contents")
Exemplo n.º 4
0
 def test_file_not_found(self):
     with self.assertRaisesRegex(IOError, "No such file or directory"):
         read_file(self.folder, "file/not/found")
Exemplo n.º 5
0
 def test_path_escape(self):
     with self.assertRaisesRegex(ValueError, "outside of the specified folder"):
         read_file(self.folder, "a/../../outside/file")