xref: /unit/test/test_static_chroot.py (revision 1960)
11902Szelenkov@nginx.comimport os
21902Szelenkov@nginx.comfrom pathlib import Path
31902Szelenkov@nginx.com
41902Szelenkov@nginx.comimport pytest
51902Szelenkov@nginx.com
61902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
71902Szelenkov@nginx.com
81902Szelenkov@nginx.com
91902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto):
101902Szelenkov@nginx.com    prerequisites = {'features': ['chroot']}
111902Szelenkov@nginx.com
121902Szelenkov@nginx.com    @pytest.fixture(autouse=True)
131902Szelenkov@nginx.com    def setup_method_fixture(self, temp_dir):
141902Szelenkov@nginx.com        os.makedirs(temp_dir + '/assets/dir')
151902Szelenkov@nginx.com        Path(temp_dir + '/assets/index.html').write_text('0123456789')
161902Szelenkov@nginx.com        Path(temp_dir + '/assets/dir/file').write_text('blah')
171902Szelenkov@nginx.com
181902Szelenkov@nginx.com        test = Path(__file__)
191902Szelenkov@nginx.com        self.test_path = '/' + test.parent.name + '/' + test.name
201902Szelenkov@nginx.com
211902Szelenkov@nginx.com        self._load_conf(
221902Szelenkov@nginx.com            {
231902Szelenkov@nginx.com                "listeners": {"*:7080": {"pass": "routes"}},
24*1960Sz.hong@f5.com                "routes": [{"action": {"share": temp_dir + "/assets$uri"}}],
251902Szelenkov@nginx.com            }
261902Szelenkov@nginx.com        )
271902Szelenkov@nginx.com
281902Szelenkov@nginx.com    def test_static_chroot(self, temp_dir):
291902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'default chroot'
301902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 200, 'default chroot 2'
311902Szelenkov@nginx.com
321902Szelenkov@nginx.com        assert 'success' in self.conf(
331902Szelenkov@nginx.com            {
34*1960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
351902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
361902Szelenkov@nginx.com            },
371902Szelenkov@nginx.com            'routes/0/action',
381902Szelenkov@nginx.com        ), 'configure chroot'
391902Szelenkov@nginx.com
401902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
411902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2'
421902Szelenkov@nginx.com        assert self.get(url='/file')['status'] == 403, 'chroot 403'
431902Szelenkov@nginx.com
441902Szelenkov@nginx.com    def test_static_chroot_permission(self, is_su, temp_dir):
451902Szelenkov@nginx.com        if is_su:
461902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
471902Szelenkov@nginx.com
481902Szelenkov@nginx.com        os.chmod(temp_dir + '/assets/dir', 0o100)
491902Szelenkov@nginx.com
501902Szelenkov@nginx.com        assert 'success' in self.conf(
511902Szelenkov@nginx.com            {
52*1960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
531902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
541902Szelenkov@nginx.com            },
551902Szelenkov@nginx.com            'routes/0/action',
561902Szelenkov@nginx.com        ), 'configure chroot'
571902Szelenkov@nginx.com
581902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
591902Szelenkov@nginx.com
601902Szelenkov@nginx.com    def test_static_chroot_empty(self, temp_dir):
611902Szelenkov@nginx.com        assert 'success' in self.conf(
62*1960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": ""},
63*1960Sz.hong@f5.com            'routes/0/action',
641902Szelenkov@nginx.com        ), 'configure chroot empty absolute'
651902Szelenkov@nginx.com
661902Szelenkov@nginx.com        assert (
671902Szelenkov@nginx.com            self.get(url='/dir/file')['status'] == 200
681902Szelenkov@nginx.com        ), 'chroot empty absolute'
691902Szelenkov@nginx.com
701902Szelenkov@nginx.com        assert 'success' in self.conf(
71*1960Sz.hong@f5.com            {"share": ".$uri", "chroot": ""}, 'routes/0/action',
721902Szelenkov@nginx.com        ), 'configure chroot empty relative'
731902Szelenkov@nginx.com
741902Szelenkov@nginx.com        assert (
751902Szelenkov@nginx.com            self.get(url=self.test_path)['status'] == 200
761902Szelenkov@nginx.com        ), 'chroot empty relative'
771902Szelenkov@nginx.com
781902Szelenkov@nginx.com    def test_static_chroot_relative(self, is_su, temp_dir):
791902Szelenkov@nginx.com        if is_su:
801902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
811902Szelenkov@nginx.com
821902Szelenkov@nginx.com        assert 'success' in self.conf(
83*1960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": "."},
84*1960Sz.hong@f5.com            'routes/0/action',
851902Szelenkov@nginx.com        ), 'configure relative chroot'
861902Szelenkov@nginx.com
871902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 403, 'relative chroot'
881902Szelenkov@nginx.com
891902Szelenkov@nginx.com        assert 'success' in self.conf(
90*1960Sz.hong@f5.com            {"share": ".$uri"}, 'routes/0/action',
911902Szelenkov@nginx.com        ), 'configure relative share'
921902Szelenkov@nginx.com
931902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative share'
941902Szelenkov@nginx.com
951902Szelenkov@nginx.com        assert 'success' in self.conf(
96*1960Sz.hong@f5.com            {"share": ".$uri", "chroot": "."}, 'routes/0/action',
971902Szelenkov@nginx.com        ), 'configure relative'
981902Szelenkov@nginx.com
991902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative'
1001902Szelenkov@nginx.com
1011902Szelenkov@nginx.com    def test_static_chroot_invalid(self, temp_dir):
1021902Szelenkov@nginx.com        assert 'error' in self.conf(
1031902Szelenkov@nginx.com            {"share": temp_dir, "chroot": True}, 'routes/0/action',
1041902Szelenkov@nginx.com        ), 'configure chroot error'
1051902Szelenkov@nginx.com        assert 'error' in self.conf(
1061902Szelenkov@nginx.com            {"share": temp_dir, "symlinks": "True"}, 'routes/0/action',
1071902Szelenkov@nginx.com        ), 'configure symlink error'
1081902Szelenkov@nginx.com        assert 'error' in self.conf(
1091902Szelenkov@nginx.com            {"share": temp_dir, "mount": "True"}, 'routes/0/action',
1101902Szelenkov@nginx.com        ), 'configure mount error'
111