def test_restricted_path_function_allowed(self): fake_function = self.mox.CreateMockAnything() fake_function('foo', bar='baz').AndReturn(1) stubs.FakeFile.is_file_accessible('foo', False).AndReturn( stubs.FakeFile.Visibility.OK) self.mox.ReplayAll() restricted_path_fake_function = stubs.RestrictedPathFunction( fake_function) self.assertEqual(1, restricted_path_fake_function('foo', bar='baz')) self.mox.VerifyAll()
def _install_open_hooks(): """Install open hooks for sandbox.""" if _open_hooks: for install_open_hook in _open_hooks: install_open_hook() # Assume installed open hooks don't enforce the sandbox path restrictions # and install a final hook to do that (the goal of hooks is to allow # alternate open techniques, not to circumvent the sandbox). It does mean # that open requests that make it to FakeFile have their path checked # twice but that doesn't break anything. __builtin__.open = stubs.RestrictedPathFunction(__builtin__.open, IOError)
def test_static_access_message_restricted_path_function(self): fake_function = self.mox.CreateMockAnything() stubs.FakeFile.is_file_accessible('foo', False).AndReturn( stubs.FakeFile.Visibility.STATIC_BLOCK) logging.info('Sandbox prevented access to static file "%s"', 'foo') logging.info( 'Check that `application_readable: true` is set in app.yaml') stubs.FakeFile.is_file_accessible('foo', False).AndReturn( stubs.FakeFile.Visibility.CACHED_BLOCK) self.mox.ReplayAll() # We'll try to access it twice here, the second time with the result cached. # Verify it only prints the message once. restricted_path_fake_function = stubs.RestrictedPathFunction( fake_function) with self.assertRaises(OSError) as cm: restricted_path_fake_function('foo', bar='baz') with self.assertRaises(OSError) as cm: restricted_path_fake_function('foo', bar='baz') self.mox.VerifyAll() e = cm.exception self.assertEqual(errno.EACCES, e.errno) self.assertEqual('path not accessible', e.strerror) self.assertEqual('foo', e.filename)
_MODULE_OVERRIDE_POLICIES = { 'os': ModuleOverridePolicy( default_stub=stubs.os_error_not_implemented, whitelist=[ 'altsep', 'chown', 'close', 'curdir', 'defpath', 'devnull', 'environ', 'error', 'execv', 'fchmod', 'fchown', 'fdopen', 'fork', 'fstat', 'ftruncate', 'getcwd', 'getcwdu', 'getenv', '_get_exports_list', 'kill', 'lchown', 'name', 'open', 'pardir', 'path', 'pathsep', 'popen', 'readline', 'sep', 'setuid', 'stat_float_times', 'stat_result', 'strerror', 'sys', 'waitpid', 'walk', 'readlink' ], overrides={ 'access': stubs.fake_access, 'chmod': stubs.RestrictedPathFunction(os.chmod, for_write=True), 'listdir': stubs.make_fake_listdir(os.listdir), # Alias lstat() to stat() to match the behavior in production. 'lstat': stubs.RestrictedPathFunction(os.stat), 'makedirs': stubs.RestrictedPathFunction(os.makedirs, for_write=True), 'mkdir': stubs.RestrictedPathFunction(os.mkdir, for_write=True), 'open': stubs.fake_open, 'stat': stubs.RestrictedPathFunction(os.stat), 'uname': stubs.fake_uname, 'getpid': stubs.return_minus_one, 'getppid': stubs.return_minus_one, 'getpgrp': stubs.return_minus_one, 'getgid': stubs.return_minus_one, 'getegid': stubs.return_minus_one, 'geteuid': stubs.return_minus_one,
_MODULE_OVERRIDE_POLICIES = { 'os': ModuleOverridePolicy( default_stub=stubs.os_error_not_implemented, whitelist=[ 'altsep', 'chown', 'curdir', 'defpath', 'devnull', 'environ', 'error', 'execv', 'fchmod', 'fchown', 'fork', 'fstat', 'ftruncate', 'getcwd', 'getcwdu', 'getenv', '_get_exports_list', 'kill', 'lchown', 'lstat', 'name', 'open', 'pardir', 'path', 'pathsep', 'readline', 'sep', 'setuid', 'stat', 'stat_float_times', 'stat_result', 'strerror', 'sys', 'waitpid', 'walk', 'readlink' ], overrides={ 'access': stubs.fake_access, 'listdir': stubs.RestrictedPathFunction(os.listdir), 'open': stubs.fake_open, 'uname': stubs.fake_uname, 'getpid': stubs.return_minus_one, 'getppid': stubs.return_minus_one, 'getpgrp': stubs.return_minus_one, 'getgid': stubs.return_minus_one, 'getegid': stubs.return_minus_one, 'geteuid': stubs.return_minus_one, 'getuid': stubs.return_minus_one, 'urandom': stubs.fake_urandom, 'system': stubs.return_minus_one, }, deletes=['execve']), 'signal': ModuleOverridePolicy(overrides={'__doc__': None}),
del module_dict[symbol] _MODULE_OVERRIDE_POLICIES = { 'os': ModuleOverridePolicy( default_stub=stubs.os_error_not_implemented, whitelist=[ 'altsep', 'curdir', 'defpath', 'devnull', 'environ', 'error', 'fstat', 'getcwd', 'getcwdu', 'getenv', '_get_exports_list', 'name', 'open', 'pardir', 'path', 'pathsep', 'sep', 'stat_float_times', 'stat_result', 'strerror', 'sys', 'walk' ], overrides={ 'access': stubs.fake_access, 'listdir': stubs.RestrictedPathFunction(os.listdir), # Alias lstat() to stat() to match the behavior in production. 'lstat': stubs.RestrictedPathFunction(os.stat), 'open': stubs.fake_open, 'stat': stubs.RestrictedPathFunction(os.stat), 'uname': stubs.fake_uname, 'getpid': stubs.return_minus_one, 'getppid': stubs.return_minus_one, 'getpgrp': stubs.return_minus_one, 'getgid': stubs.return_minus_one, 'getegid': stubs.return_minus_one, 'geteuid': stubs.return_minus_one, 'getuid': stubs.return_minus_one, 'urandom': stubs.fake_urandom, 'system': stubs.return_minus_one, },