def test_restricted_path_function_allowed(self):
fake_function = self.mox.CreateMockAnything()
fake_function('foo', bar='baz').AndReturn(1)
stubs.FakeFile.is_file_accessible('foo', False).AndReturn(
stubs.FakeFile.Visibility.OK)
self.mox.ReplayAll()
restricted_path_fake_function = stubs.RestrictedPathFunction(
fake_function)
self.assertEqual(1, restricted_path_fake_function('foo', bar='baz'))
self.mox.VerifyAll()
def _install_open_hooks():
"""Install open hooks for sandbox."""
if _open_hooks:
for install_open_hook in _open_hooks:
install_open_hook()
# Assume installed open hooks don't enforce the sandbox path restrictions
# and install a final hook to do that (the goal of hooks is to allow
# alternate open techniques, not to circumvent the sandbox). It does mean
# that open requests that make it to FakeFile have their path checked
# twice but that doesn't break anything.
__builtin__.open = stubs.RestrictedPathFunction(__builtin__.open, IOError)
def test_static_access_message_restricted_path_function(self):
fake_function = self.mox.CreateMockAnything()
stubs.FakeFile.is_file_accessible('foo', False).AndReturn(
stubs.FakeFile.Visibility.STATIC_BLOCK)
logging.info('Sandbox prevented access to static file "%s"', 'foo')
logging.info(
'Check that `application_readable: true` is set in app.yaml')
stubs.FakeFile.is_file_accessible('foo', False).AndReturn(
stubs.FakeFile.Visibility.CACHED_BLOCK)
self.mox.ReplayAll()
# We'll try to access it twice here, the second time with the result cached.
# Verify it only prints the message once.
restricted_path_fake_function = stubs.RestrictedPathFunction(
fake_function)
with self.assertRaises(OSError) as cm:
restricted_path_fake_function('foo', bar='baz')
with self.assertRaises(OSError) as cm:
restricted_path_fake_function('foo', bar='baz')
self.mox.VerifyAll()
e = cm.exception
self.assertEqual(errno.EACCES, e.errno)
self.assertEqual('path not accessible', e.strerror)
self.assertEqual('foo', e.filename)
_MODULE_OVERRIDE_POLICIES = {
'os':
ModuleOverridePolicy(
default_stub=stubs.os_error_not_implemented,
whitelist=[
'altsep', 'chown', 'close', 'curdir', 'defpath', 'devnull',
'environ', 'error', 'execv', 'fchmod', 'fchown', 'fdopen', 'fork',
'fstat', 'ftruncate', 'getcwd', 'getcwdu', 'getenv',
'_get_exports_list', 'kill', 'lchown', 'name', 'open', 'pardir',
'path', 'pathsep', 'popen', 'readline', 'sep', 'setuid',
'stat_float_times', 'stat_result', 'strerror', 'sys', 'waitpid',
'walk', 'readlink'
],
overrides={
'access': stubs.fake_access,
'chmod': stubs.RestrictedPathFunction(os.chmod, for_write=True),
'listdir': stubs.make_fake_listdir(os.listdir),
# Alias lstat() to stat() to match the behavior in production.
'lstat': stubs.RestrictedPathFunction(os.stat),
'makedirs': stubs.RestrictedPathFunction(os.makedirs,
for_write=True),
'mkdir': stubs.RestrictedPathFunction(os.mkdir, for_write=True),
'open': stubs.fake_open,
'stat': stubs.RestrictedPathFunction(os.stat),
'uname': stubs.fake_uname,
'getpid': stubs.return_minus_one,
'getppid': stubs.return_minus_one,
'getpgrp': stubs.return_minus_one,
'getgid': stubs.return_minus_one,
'getegid': stubs.return_minus_one,
'geteuid': stubs.return_minus_one,
_MODULE_OVERRIDE_POLICIES = {
'os':
ModuleOverridePolicy(
default_stub=stubs.os_error_not_implemented,
whitelist=[
'altsep', 'chown', 'curdir', 'defpath', 'devnull', 'environ',
'error', 'execv', 'fchmod', 'fchown', 'fork', 'fstat', 'ftruncate',
'getcwd', 'getcwdu', 'getenv', '_get_exports_list', 'kill',
'lchown', 'lstat', 'name', 'open', 'pardir', 'path', 'pathsep',
'readline', 'sep', 'setuid', 'stat', 'stat_float_times',
'stat_result', 'strerror', 'sys', 'waitpid', 'walk', 'readlink'
],
overrides={
'access': stubs.fake_access,
'listdir': stubs.RestrictedPathFunction(os.listdir),
'open': stubs.fake_open,
'uname': stubs.fake_uname,
'getpid': stubs.return_minus_one,
'getppid': stubs.return_minus_one,
'getpgrp': stubs.return_minus_one,
'getgid': stubs.return_minus_one,
'getegid': stubs.return_minus_one,
'geteuid': stubs.return_minus_one,
'getuid': stubs.return_minus_one,
'urandom': stubs.fake_urandom,
'system': stubs.return_minus_one,
},
deletes=['execve']),
'signal':
ModuleOverridePolicy(overrides={'__doc__': None}),
del module_dict[symbol]
_MODULE_OVERRIDE_POLICIES = {
'os':
ModuleOverridePolicy(
default_stub=stubs.os_error_not_implemented,
whitelist=[
'altsep', 'curdir', 'defpath', 'devnull', 'environ', 'error',
'fstat', 'getcwd', 'getcwdu', 'getenv', '_get_exports_list',
'name', 'open', 'pardir', 'path', 'pathsep', 'sep',
'stat_float_times', 'stat_result', 'strerror', 'sys', 'walk'
],
overrides={
'access': stubs.fake_access,
'listdir': stubs.RestrictedPathFunction(os.listdir),
# Alias lstat() to stat() to match the behavior in production.
'lstat': stubs.RestrictedPathFunction(os.stat),
'open': stubs.fake_open,
'stat': stubs.RestrictedPathFunction(os.stat),
'uname': stubs.fake_uname,
'getpid': stubs.return_minus_one,
'getppid': stubs.return_minus_one,
'getpgrp': stubs.return_minus_one,
'getgid': stubs.return_minus_one,
'getegid': stubs.return_minus_one,
'geteuid': stubs.return_minus_one,
'getuid': stubs.return_minus_one,
'urandom': stubs.fake_urandom,
'system': stubs.return_minus_one,
},