def validate_tempfile_authentication_header_value(header_value): if not re.match('^tmp\w{6}:\w{64}', header_value): raise ValueError( 'tempfile auth: invalid x-ftw.upgrade-tempfile-auth header value.') filename, authhash = header_value.split(':') directory = get_tempfile_authentication_directory(os.getcwd()) filepath = directory.joinpath(filename) if not filepath.isfile(): raise ValueError('tempfile auth: tempfile does not exist.') # Verify that "others" do not have any permissions on this file. if filepath.stat().st_mode & stat.S_IRWXO: raise ValueError('tempfile auth: tempfile is accesible by "others".') if filepath.getsize() != 64: raise ValueError('tempfile auth: tempfile size is invalid.') with open(filepath, 'r') as authfile: if authfile.read() != authhash: raise ValueError('tempfile auth: authentication failed.')
def validate_tempfile_authentication_header_value(header_value): if not re.match('^tmp\w{6}:\w{64}', header_value): raise ValueError( 'tempfile auth: invalid x-ftw.upgrade-tempfile-auth header value.') filename, authhash = header_value.split(':') directory = get_tempfile_authentication_directory(os.getcwd()) filepath = directory.joinpath(filename) if not filepath.isfile(): raise ValueError('tempfile auth: tempfile does not exist.') if stat.S_IMODE(filepath.stat().st_mode) != 0600: raise ValueError('tempfile auth: tempfile has invalid mode.') if filepath.stat().st_uid != os.getuid(): raise ValueError('tempfile auth: tempfile has invalid owner.') if filepath.getsize() != 64: raise ValueError('tempfile auth: tempfile size is invalid.') with open(filepath, 'r') as authfile: if authfile.read() != authhash: raise ValueError('tempfile auth: authentication failed.')
def _get_temp_directory(self): relative_to = self.relative_to or sys.argv[0] return get_tempfile_authentication_directory(relative_to)
def test_detects_unwanted_others_permissions(self): tmpdir = get_tempfile_authentication_directory(self.buildoutdir) tmpdir.chmod(tmpdir.stat().st_mode | stat.S_IROTH) with self.assertRaises(ValueError): get_tempfile_authentication_directory(self.buildoutdir)
def test_supports_setguid_flag(self): tmpdir = get_tempfile_authentication_directory(self.buildoutdir) tmpdir.chmod(tmpdir.stat().st_mode | stat.S_ISGID) get_tempfile_authentication_directory(self.buildoutdir)
def test_directory_is_created(self): tmpdir = get_tempfile_authentication_directory(self.buildoutdir) self.assertTrue(tmpdir.isdir())