summaryrefslogtreecommitdiffhomepage
path: root/test/test_static_chroot.py
blob: 21a47a78f97c3e610b07526ed618d830c392ca9d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
import os
from pathlib import Path

import pytest
from unit.applications.proto import TestApplicationProto
from unit.option import option

prerequisites = {'features': {'chroot': True}}


class TestStaticChroot(TestApplicationProto):
    @pytest.fixture(autouse=True)
    def setup_method_fixture(self, temp_dir):
        os.makedirs(f'{temp_dir}/assets/dir')
        Path(f'{temp_dir}/assets/index.html').write_text('0123456789')
        Path(f'{temp_dir}/assets/dir/file').write_text('blah')

        self.test_path = f'/{os.path.relpath(Path(__file__))}'

        self._load_conf(
            {
                "listeners": {"*:7080": {"pass": "routes"}},
                "routes": [{"action": {"share": f'{temp_dir}/assets$uri'}}],
            }
        )

    def update_action(self, chroot, share=f'{option.temp_dir}/assets$uri'):
        return self.conf(
            {'chroot': chroot, 'share': share},
            'routes/0/action',
        )

    def get_custom(self, uri, host):
        return self.get(url=uri, headers={'Host': host, 'Connection': 'close'})[
            'status'
        ]

    def test_static_chroot(self, temp_dir):
        assert self.get(url='/dir/file')['status'] == 200, 'default chroot'
        assert self.get(url='/index.html')['status'] == 200, 'default chroot 2'

        assert 'success' in self.update_action(f'{temp_dir}/assets/dir')

        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
        assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2'
        assert self.get(url='/file')['status'] == 403, 'chroot 403'

    def test_share_chroot_array(self, temp_dir):
        assert 'success' in self.update_action(
            f'{temp_dir}/assets/dir', ["/blah", f'{temp_dir}/assets$uri']
        )
        assert self.get(url='/dir/file')['status'] == 200, 'share array'

        assert 'success' in self.update_action(
            f'{temp_dir}/assets/$host',
            ['/blah', f'{temp_dir}/assets$uri'],
        )
        assert self.get_custom('/dir/file', 'dir') == 200, 'array variable'

        assert 'success' in self.update_action(
            f'{temp_dir}/assets/dir', ['/blah', '/blah2']
        )
        assert self.get()['status'] != 200, 'share array bad'

    def test_static_chroot_permission(self, require, temp_dir):
        require({'privileged_user': False})

        os.chmod(f'{temp_dir}/assets/dir', 0o100)

        assert 'success' in self.update_action(
            f'{temp_dir}/assets/dir'
        ), 'configure chroot'

        assert self.get(url='/dir/file')['status'] == 200, 'chroot'

    def test_static_chroot_empty(self):
        assert 'success' in self.update_action('')
        assert self.get(url='/dir/file')['status'] == 200, 'empty absolute'

        assert 'success' in self.update_action("", ".$uri")
        assert self.get(url=self.test_path)['status'] == 200, 'empty relative'

    def test_static_chroot_relative(self, require):
        require({'privileged_user': False})

        assert 'success' in self.update_action('.')
        assert self.get(url='/dir/file')['status'] == 403, 'relative chroot'

        assert 'success' in self.conf({"share": ".$uri"}, 'routes/0/action')
        assert self.get(url=self.test_path)['status'] == 200, 'relative share'

        assert 'success' in self.update_action(".", ".$uri")
        assert self.get(url=self.test_path)['status'] == 200, 'relative'

    def test_static_chroot_variables(self, temp_dir):
        assert 'success' in self.update_action(f'{temp_dir}/assets/$host')
        assert self.get_custom('/dir/file', 'dir') == 200

        assert 'success' in self.update_action(f'{temp_dir}/assets/${{host}}')
        assert self.get_custom('/dir/file', 'dir') == 200

    def test_static_chroot_variables_buildin_start(self, temp_dir):
        assert 'success' in self.update_action(
            '$uri/assets/dir',
            f'{temp_dir}/assets/dir/$host',
        )
        assert self.get_custom(temp_dir, 'file') == 200

    def test_static_chroot_variables_buildin_mid(self, temp_dir):
        assert 'success' in self.update_action(f'{temp_dir}/$host/dir')
        assert self.get_custom('/dir/file', 'assets') == 200

    def test_static_chroot_variables_buildin_end(self, temp_dir):
        assert 'success' in self.update_action(f'{temp_dir}/assets/$host')
        assert self.get_custom('/dir/file', 'dir') == 200

    def test_static_chroot_slash(self, temp_dir):
        assert 'success' in self.update_action(f'{temp_dir}/assets/dir/')
        assert self.get(url='/dir/file')['status'] == 200, 'slash end'
        assert self.get(url='/dirxfile')['status'] == 403, 'slash end bad'

        assert 'success' in self.update_action(f'{temp_dir}/assets/dir')
        assert self.get(url='/dir/file')['status'] == 200, 'no slash end'

        assert 'success' in self.update_action(f'{temp_dir}/assets/dir/')
        assert self.get(url='/dir/file')['status'] == 200, 'slash end 2'
        assert self.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad'

        assert 'success' in self.update_action(
            f'{temp_dir}//assets////dir///', f'{temp_dir}///assets/////$uri'
        )
        assert self.get(url='/dir/file')['status'] == 200, 'multiple slashes'

    def test_static_chroot_invalid(self, temp_dir):
        assert 'error' in self.conf(
            {"share": temp_dir, "chroot": True},
            'routes/0/action',
        ), 'configure chroot error'
        assert 'error' in self.conf(
            {"share": temp_dir, "symlinks": "True"},
            'routes/0/action',
        ), 'configure symlink error'
        assert 'error' in self.conf(
            {"share": temp_dir, "mount": "True"},
            'routes/0/action',
        ), 'configure mount error'

        assert 'error' in self.update_action(f'{temp_dir}/assets/d$r$uri')
        assert 'error' in self.update_action(f'{temp_dir}/assets/$$uri')