xref: /unit/test/test_static_chroot.py (revision 1902)
1*1902Szelenkov@nginx.comimport os
2*1902Szelenkov@nginx.comfrom pathlib import Path
3*1902Szelenkov@nginx.com
4*1902Szelenkov@nginx.comimport pytest
5*1902Szelenkov@nginx.com
6*1902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
7*1902Szelenkov@nginx.com
8*1902Szelenkov@nginx.com
9*1902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto):
10*1902Szelenkov@nginx.com    prerequisites = {'features': ['chroot']}
11*1902Szelenkov@nginx.com
12*1902Szelenkov@nginx.com    @pytest.fixture(autouse=True)
13*1902Szelenkov@nginx.com    def setup_method_fixture(self, temp_dir):
14*1902Szelenkov@nginx.com        os.makedirs(temp_dir + '/assets/dir')
15*1902Szelenkov@nginx.com        Path(temp_dir + '/assets/index.html').write_text('0123456789')
16*1902Szelenkov@nginx.com        Path(temp_dir + '/assets/dir/file').write_text('blah')
17*1902Szelenkov@nginx.com
18*1902Szelenkov@nginx.com        test = Path(__file__)
19*1902Szelenkov@nginx.com        self.test_path = '/' + test.parent.name + '/' + test.name
20*1902Szelenkov@nginx.com
21*1902Szelenkov@nginx.com        self._load_conf(
22*1902Szelenkov@nginx.com            {
23*1902Szelenkov@nginx.com                "listeners": {"*:7080": {"pass": "routes"}},
24*1902Szelenkov@nginx.com                "routes": [{"action": {"share": temp_dir + "/assets"}}],
25*1902Szelenkov@nginx.com            }
26*1902Szelenkov@nginx.com        )
27*1902Szelenkov@nginx.com
28*1902Szelenkov@nginx.com    def test_static_chroot(self, temp_dir):
29*1902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'default chroot'
30*1902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 200, 'default chroot 2'
31*1902Szelenkov@nginx.com
32*1902Szelenkov@nginx.com        assert 'success' in self.conf(
33*1902Szelenkov@nginx.com            {
34*1902Szelenkov@nginx.com                "share": temp_dir + "/assets",
35*1902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
36*1902Szelenkov@nginx.com            },
37*1902Szelenkov@nginx.com            'routes/0/action',
38*1902Szelenkov@nginx.com        ), 'configure chroot'
39*1902Szelenkov@nginx.com
40*1902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
41*1902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2'
42*1902Szelenkov@nginx.com        assert self.get(url='/file')['status'] == 403, 'chroot 403'
43*1902Szelenkov@nginx.com
44*1902Szelenkov@nginx.com    def test_static_chroot_permission(self, is_su, temp_dir):
45*1902Szelenkov@nginx.com        if is_su:
46*1902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
47*1902Szelenkov@nginx.com
48*1902Szelenkov@nginx.com        os.chmod(temp_dir + '/assets/dir', 0o100)
49*1902Szelenkov@nginx.com
50*1902Szelenkov@nginx.com        assert 'success' in self.conf(
51*1902Szelenkov@nginx.com            {
52*1902Szelenkov@nginx.com                "share": temp_dir + "/assets",
53*1902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
54*1902Szelenkov@nginx.com            },
55*1902Szelenkov@nginx.com            'routes/0/action',
56*1902Szelenkov@nginx.com        ), 'configure chroot'
57*1902Szelenkov@nginx.com
58*1902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
59*1902Szelenkov@nginx.com
60*1902Szelenkov@nginx.com    def test_static_chroot_empty(self, temp_dir):
61*1902Szelenkov@nginx.com        assert 'success' in self.conf(
62*1902Szelenkov@nginx.com            {"share": temp_dir + "/assets", "chroot": ""}, 'routes/0/action',
63*1902Szelenkov@nginx.com        ), 'configure chroot empty absolute'
64*1902Szelenkov@nginx.com
65*1902Szelenkov@nginx.com        assert (
66*1902Szelenkov@nginx.com            self.get(url='/dir/file')['status'] == 200
67*1902Szelenkov@nginx.com        ), 'chroot empty absolute'
68*1902Szelenkov@nginx.com
69*1902Szelenkov@nginx.com        assert 'success' in self.conf(
70*1902Szelenkov@nginx.com            {"share": ".", "chroot": ""}, 'routes/0/action',
71*1902Szelenkov@nginx.com        ), 'configure chroot empty relative'
72*1902Szelenkov@nginx.com
73*1902Szelenkov@nginx.com        assert (
74*1902Szelenkov@nginx.com            self.get(url=self.test_path)['status'] == 200
75*1902Szelenkov@nginx.com        ), 'chroot empty relative'
76*1902Szelenkov@nginx.com
77*1902Szelenkov@nginx.com    def test_static_chroot_relative(self, is_su, temp_dir):
78*1902Szelenkov@nginx.com        if is_su:
79*1902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
80*1902Szelenkov@nginx.com
81*1902Szelenkov@nginx.com        assert 'success' in self.conf(
82*1902Szelenkov@nginx.com            {"share": temp_dir + "/assets", "chroot": "."}, 'routes/0/action',
83*1902Szelenkov@nginx.com        ), 'configure relative chroot'
84*1902Szelenkov@nginx.com
85*1902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 403, 'relative chroot'
86*1902Szelenkov@nginx.com
87*1902Szelenkov@nginx.com        assert 'success' in self.conf(
88*1902Szelenkov@nginx.com            {"share": "."}, 'routes/0/action',
89*1902Szelenkov@nginx.com        ), 'configure relative share'
90*1902Szelenkov@nginx.com
91*1902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative share'
92*1902Szelenkov@nginx.com
93*1902Szelenkov@nginx.com        assert 'success' in self.conf(
94*1902Szelenkov@nginx.com            {"share": ".", "chroot": "."}, 'routes/0/action',
95*1902Szelenkov@nginx.com        ), 'configure relative'
96*1902Szelenkov@nginx.com
97*1902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative'
98*1902Szelenkov@nginx.com
99*1902Szelenkov@nginx.com    def test_static_chroot_invalid(self, temp_dir):
100*1902Szelenkov@nginx.com        assert 'error' in self.conf(
101*1902Szelenkov@nginx.com            {"share": temp_dir, "chroot": True}, 'routes/0/action',
102*1902Szelenkov@nginx.com        ), 'configure chroot error'
103*1902Szelenkov@nginx.com        assert 'error' in self.conf(
104*1902Szelenkov@nginx.com            {"share": temp_dir, "symlinks": "True"}, 'routes/0/action',
105*1902Szelenkov@nginx.com        ), 'configure symlink error'
106*1902Szelenkov@nginx.com        assert 'error' in self.conf(
107*1902Szelenkov@nginx.com            {"share": temp_dir, "mount": "True"}, 'routes/0/action',
108*1902Szelenkov@nginx.com        ), 'configure mount error'
109