def test_with_guid(self, initgroups, setuid, setgid, parse_gid, parse_uid):
parse_uid.return_value = 5001
parse_gid.return_value = 50001
maybe_drop_privileges(uid="user", gid="group")
parse_uid.assert_called_with("user")
parse_gid.assert_called_with("group")
setgid.assert_called_with(50001)
initgroups.assert_called_with(5001, 50001)
setuid.assert_called_with(5001)
def test_setegid(self, _setegid, _getegid, parse_gid):
parse_gid.return_value = 50001
_getegid.return_value = 50001
setegid("group")
parse_gid.assert_called_with("group")
self.assertFalse(_setegid.called)
_getegid.return_value = 1
setegid("group")
_setegid.assert_called_with(50001)
def test_with_guid(self, initgroups, setuid, setgid, parse_gid,
parse_uid):
parse_uid.return_value = 5001
parse_gid.return_value = 50001
maybe_drop_privileges(uid="user", gid="group")
parse_uid.assert_called_with("user")
parse_gid.assert_called_with("group")
setgid.assert_called_with(50001)
initgroups.assert_called_with(5001, 50001)
setuid.assert_called_with(5001)
def test_setegid(self, _setegid, _getegid, parse_gid):
parse_gid.return_value = 50001
_getegid.return_value = 50001
setegid('group')
parse_gid.assert_called_with('group')
self.assertFalse(_setegid.called)
_getegid.return_value = 1
setegid('group')
_setegid.assert_called_with(50001)
def test_with_guid(self, initgroups, setuid, setgid, parse_gid, parse_uid):
def raise_on_second_call(*args, **kwargs):
setuid.side_effect = OSError()
setuid.side_effect.errno = errno.EPERM
setuid.side_effect = raise_on_second_call
parse_uid.return_value = 5001
parse_gid.return_value = 50001
maybe_drop_privileges(uid='user', gid='group')
parse_uid.assert_called_with('user')
parse_gid.assert_called_with('group')
setgid.assert_called_with(50001)
initgroups.assert_called_with(5001, 50001)
setuid.assert_has_calls([call(5001), call(0)])
setuid.side_effect = None
with pytest.raises(SecurityError):
maybe_drop_privileges(uid='user', gid='group')
setuid.side_effect = OSError()
setuid.side_effect.errno = errno.EINVAL
with pytest.raises(OSError):
maybe_drop_privileges(uid='user', gid='group')
def test_with_guid(self, initgroups, setuid, setgid, parse_gid, parse_uid):
def raise_on_second_call(*args, **kwargs):
setuid.side_effect = OSError()
setuid.side_effect.errno = errno.EPERM
setuid.side_effect = raise_on_second_call
parse_uid.return_value = 5001
parse_gid.return_value = 50001
maybe_drop_privileges(uid="user", gid="group")
parse_uid.assert_called_with("user")
parse_gid.assert_called_with("group")
setgid.assert_called_with(50001)
initgroups.assert_called_with(5001, 50001)
setuid.assert_has_calls([call(5001), call(0)])
setuid.side_effect = None
with self.assertRaises(RuntimeError):
maybe_drop_privileges(uid="user", gid="group")
setuid.side_effect = OSError()
setuid.side_effect.errno = errno.EINVAL
with self.assertRaises(OSError):
maybe_drop_privileges(uid="user", gid="group")
def test_with_guid(self, initgroups, setuid, setgid,
parse_gid, parse_uid):
def raise_on_second_call(*args, **kwargs):
setuid.side_effect = OSError()
setuid.side_effect.errno = errno.EPERM
setuid.side_effect = raise_on_second_call
parse_uid.return_value = 5001
parse_gid.return_value = 50001
maybe_drop_privileges(uid='user', gid='group')
parse_uid.assert_called_with('user')
parse_gid.assert_called_with('group')
setgid.assert_called_with(50001)
initgroups.assert_called_with(5001, 50001)
setuid.assert_has_calls([call(5001), call(0)])
setuid.side_effect = None
with pytest.raises(SecurityError):
maybe_drop_privileges(uid='user', gid='group')
setuid.side_effect = OSError()
setuid.side_effect.errno = errno.EINVAL
with pytest.raises(OSError):
maybe_drop_privileges(uid='user', gid='group')
def test_setgid(self, _setgid, parse_gid):
parse_gid.return_value = 50001
setgid('group')
parse_gid.assert_called_with('group')
_setgid.assert_called_with(50001)
def test_only_gid(self, parse_gid, setgid, setuid):
parse_gid.return_value = 50001
maybe_drop_privileges(gid='group')
parse_gid.assert_called_with('group')
setgid.assert_called_with(50001)
setuid.assert_not_called()
def test_setgid(self, _setgid, parse_gid):
parse_gid.return_value = 50001
setgid('group')
parse_gid.assert_called_with('group')
_setgid.assert_called_with(50001)
def test_only_gid(self, parse_gid, setgid, setuid):
parse_gid.return_value = 50001
maybe_drop_privileges(gid='group')
parse_gid.assert_called_with('group')
setgid.assert_called_with(50001)
self.assertFalse(setuid.called)
def test_only_gid(self, parse_gid, setgid, setuid):
parse_gid.return_value = 50001
maybe_drop_privileges(gid="group")
parse_gid.assert_called_with("group")
setgid.assert_called_with(50001)
self.assertFalse(setuid.called)
