11902Szelenkov@nginx.comimport os 21902Szelenkov@nginx.comfrom pathlib import Path 31902Szelenkov@nginx.com 41902Szelenkov@nginx.comimport pytest 5*2616Szelenkov@nginx.com 62491Szelenkov@nginx.comfrom unit.applications.proto import ApplicationProto 72330Szelenkov@nginx.comfrom unit.option import option 81902Szelenkov@nginx.com 92488Szelenkov@nginx.comprerequisites = {'features': {'chroot': True}} 102488Szelenkov@nginx.com 112491Szelenkov@nginx.comclient = ApplicationProto() 12*2616Szelenkov@nginx.comtest_path = f'/{os.path.relpath(Path(__file__))}' 131902Szelenkov@nginx.com 142491Szelenkov@nginx.com 152491Szelenkov@nginx.com@pytest.fixture(autouse=True) 162491Szelenkov@nginx.comdef setup_method_fixture(temp_dir): 17*2616Szelenkov@nginx.com Path(f'{temp_dir}/assets/dir').mkdir(parents=True) 18*2616Szelenkov@nginx.com Path(f'{temp_dir}/assets/index.html').write_text( 19*2616Szelenkov@nginx.com '0123456789', encoding='utf-8' 20*2616Szelenkov@nginx.com ) 21*2616Szelenkov@nginx.com Path(f'{temp_dir}/assets/dir/file').write_text('blah', encoding='utf-8') 221902Szelenkov@nginx.com 232491Szelenkov@nginx.com assert 'success' in client.conf( 242491Szelenkov@nginx.com { 252592Szelenkov@nginx.com "listeners": {"*:8080": {"pass": "routes"}}, 262491Szelenkov@nginx.com "routes": [{"action": {"share": f'{temp_dir}/assets$uri'}}], 272491Szelenkov@nginx.com } 282491Szelenkov@nginx.com ) 292491Szelenkov@nginx.com 301902Szelenkov@nginx.com 312491Szelenkov@nginx.comdef update_action(chroot, share=f'{option.temp_dir}/assets$uri'): 322491Szelenkov@nginx.com return client.conf( 332491Szelenkov@nginx.com {'chroot': chroot, 'share': share}, 342491Szelenkov@nginx.com 'routes/0/action', 352491Szelenkov@nginx.com ) 362491Szelenkov@nginx.com 371966Szelenkov@nginx.com 382491Szelenkov@nginx.comdef get_custom(uri, host): 392491Szelenkov@nginx.com return client.get(url=uri, headers={'Host': host, 'Connection': 'close'})[ 402491Szelenkov@nginx.com 'status' 412491Szelenkov@nginx.com ] 422491Szelenkov@nginx.com 431966Szelenkov@nginx.com 442491Szelenkov@nginx.comdef test_static_chroot(temp_dir): 452491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'default chroot' 462491Szelenkov@nginx.com assert client.get(url='/index.html')['status'] == 200, 'default chroot 2' 471902Szelenkov@nginx.com 482491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/assets/dir') 491902Szelenkov@nginx.com 502491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'chroot' 512491Szelenkov@nginx.com assert client.get(url='/index.html')['status'] == 403, 'chroot 403 2' 522491Szelenkov@nginx.com assert client.get(url='/file')['status'] == 403, 'chroot 403' 532491Szelenkov@nginx.com 541902Szelenkov@nginx.com 552491Szelenkov@nginx.comdef test_share_chroot_array(temp_dir): 562491Szelenkov@nginx.com assert 'success' in update_action( 572491Szelenkov@nginx.com f'{temp_dir}/assets/dir', ["/blah", f'{temp_dir}/assets$uri'] 582491Szelenkov@nginx.com ) 592491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'share array' 601966Szelenkov@nginx.com 612491Szelenkov@nginx.com assert 'success' in update_action( 622491Szelenkov@nginx.com f'{temp_dir}/assets/$host', 632491Szelenkov@nginx.com ['/blah', f'{temp_dir}/assets$uri'], 642491Szelenkov@nginx.com ) 652491Szelenkov@nginx.com assert get_custom('/dir/file', 'dir') == 200, 'array variable' 661966Szelenkov@nginx.com 672491Szelenkov@nginx.com assert 'success' in update_action( 682491Szelenkov@nginx.com f'{temp_dir}/assets/dir', ['/blah', '/blah2'] 692491Szelenkov@nginx.com ) 702491Szelenkov@nginx.com assert client.get()['status'] != 200, 'share array bad' 711966Szelenkov@nginx.com 721902Szelenkov@nginx.com 732491Szelenkov@nginx.comdef test_static_chroot_permission(require, temp_dir): 742491Szelenkov@nginx.com require({'privileged_user': False}) 752491Szelenkov@nginx.com 762491Szelenkov@nginx.com os.chmod(f'{temp_dir}/assets/dir', 0o100) 771902Szelenkov@nginx.com 782491Szelenkov@nginx.com assert 'success' in update_action( 792491Szelenkov@nginx.com f'{temp_dir}/assets/dir' 802491Szelenkov@nginx.com ), 'configure chroot' 811902Szelenkov@nginx.com 822491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'chroot' 832491Szelenkov@nginx.com 841902Szelenkov@nginx.com 852491Szelenkov@nginx.comdef test_static_chroot_empty(): 862491Szelenkov@nginx.com assert 'success' in update_action('') 872491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'empty absolute' 881902Szelenkov@nginx.com 892491Szelenkov@nginx.com assert 'success' in update_action("", ".$uri") 90*2616Szelenkov@nginx.com assert client.get(url=test_path)['status'] == 200, 'empty relative' 911902Szelenkov@nginx.com 922491Szelenkov@nginx.com 932491Szelenkov@nginx.comdef test_static_chroot_relative(require): 942491Szelenkov@nginx.com require({'privileged_user': False}) 951902Szelenkov@nginx.com 962491Szelenkov@nginx.com assert 'success' in update_action('.') 972491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 403, 'relative chroot' 981902Szelenkov@nginx.com 992491Szelenkov@nginx.com assert 'success' in client.conf({"share": ".$uri"}, 'routes/0/action') 100*2616Szelenkov@nginx.com assert client.get(url=test_path)['status'] == 200, 'relative share' 1011902Szelenkov@nginx.com 1022491Szelenkov@nginx.com assert 'success' in update_action(".", ".$uri") 103*2616Szelenkov@nginx.com assert client.get(url=test_path)['status'] == 200, 'relative' 1042491Szelenkov@nginx.com 1051902Szelenkov@nginx.com 1062491Szelenkov@nginx.comdef test_static_chroot_variables(temp_dir): 1072491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/assets/$host') 1082491Szelenkov@nginx.com assert get_custom('/dir/file', 'dir') == 200 1091966Szelenkov@nginx.com 1102491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/assets/${{host}}') 1112491Szelenkov@nginx.com assert get_custom('/dir/file', 'dir') == 200 1122491Szelenkov@nginx.com 1131966Szelenkov@nginx.com 1142491Szelenkov@nginx.comdef test_static_chroot_variables_buildin_start(temp_dir): 1152491Szelenkov@nginx.com assert 'success' in update_action( 1162491Szelenkov@nginx.com '$uri/assets/dir', 1172491Szelenkov@nginx.com f'{temp_dir}/assets/dir/$host', 1182491Szelenkov@nginx.com ) 1192491Szelenkov@nginx.com assert get_custom(temp_dir, 'file') == 200 1201966Szelenkov@nginx.com 1212491Szelenkov@nginx.com 1222491Szelenkov@nginx.comdef test_static_chroot_variables_buildin_mid(temp_dir): 1232491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/$host/dir') 1242491Szelenkov@nginx.com assert get_custom('/dir/file', 'assets') == 200 1252491Szelenkov@nginx.com 1261966Szelenkov@nginx.com 1272491Szelenkov@nginx.comdef test_static_chroot_variables_buildin_end(temp_dir): 1282491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/assets/$host') 1292491Szelenkov@nginx.com assert get_custom('/dir/file', 'dir') == 200 1302491Szelenkov@nginx.com 1311966Szelenkov@nginx.com 1322491Szelenkov@nginx.comdef test_static_chroot_slash(temp_dir): 1332491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/assets/dir/') 1342491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'slash end' 1352491Szelenkov@nginx.com assert client.get(url='/dirxfile')['status'] == 403, 'slash end bad' 1361966Szelenkov@nginx.com 1372491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/assets/dir') 1382491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'no slash end' 1391966Szelenkov@nginx.com 1402491Szelenkov@nginx.com assert 'success' in update_action(f'{temp_dir}/assets/dir/') 1412491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'slash end 2' 1422491Szelenkov@nginx.com assert client.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad' 1431966Szelenkov@nginx.com 1442491Szelenkov@nginx.com assert 'success' in update_action( 1452491Szelenkov@nginx.com f'{temp_dir}//assets////dir///', f'{temp_dir}///assets/////$uri' 1462491Szelenkov@nginx.com ) 1472491Szelenkov@nginx.com assert client.get(url='/dir/file')['status'] == 200, 'multiple slashes' 1482491Szelenkov@nginx.com 1491966Szelenkov@nginx.com 1502491Szelenkov@nginx.comdef test_static_chroot_invalid(temp_dir): 1512491Szelenkov@nginx.com assert 'error' in client.conf( 1522491Szelenkov@nginx.com {"share": temp_dir, "chroot": True}, 1532491Szelenkov@nginx.com 'routes/0/action', 1542491Szelenkov@nginx.com ), 'configure chroot error' 1552491Szelenkov@nginx.com assert 'error' in client.conf( 1562491Szelenkov@nginx.com {"share": temp_dir, "symlinks": "True"}, 1572491Szelenkov@nginx.com 'routes/0/action', 1582491Szelenkov@nginx.com ), 'configure symlink error' 1592491Szelenkov@nginx.com assert 'error' in client.conf( 1602491Szelenkov@nginx.com {"share": temp_dir, "mount": "True"}, 1612491Szelenkov@nginx.com 'routes/0/action', 1622491Szelenkov@nginx.com ), 'configure mount error' 1631966Szelenkov@nginx.com 1642491Szelenkov@nginx.com assert 'error' in update_action(f'{temp_dir}/assets/d$r$uri') 1652491Szelenkov@nginx.com assert 'error' in update_action(f'{temp_dir}/assets/$$uri') 166