11902Szelenkov@nginx.comimport os 21902Szelenkov@nginx.comfrom pathlib import Path 31902Szelenkov@nginx.com 41902Szelenkov@nginx.comimport pytest 51902Szelenkov@nginx.com 61902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 71902Szelenkov@nginx.com 81902Szelenkov@nginx.com 91902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto): 101902Szelenkov@nginx.com prerequisites = {'features': ['chroot']} 111902Szelenkov@nginx.com 121902Szelenkov@nginx.com @pytest.fixture(autouse=True) 131902Szelenkov@nginx.com def setup_method_fixture(self, temp_dir): 141902Szelenkov@nginx.com os.makedirs(temp_dir + '/assets/dir') 151902Szelenkov@nginx.com Path(temp_dir + '/assets/index.html').write_text('0123456789') 161902Szelenkov@nginx.com Path(temp_dir + '/assets/dir/file').write_text('blah') 171902Szelenkov@nginx.com 181902Szelenkov@nginx.com test = Path(__file__) 191902Szelenkov@nginx.com self.test_path = '/' + test.parent.name + '/' + test.name 201902Szelenkov@nginx.com 211902Szelenkov@nginx.com self._load_conf( 221902Szelenkov@nginx.com { 231902Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "routes"}}, 24*1960Sz.hong@f5.com "routes": [{"action": {"share": temp_dir + "/assets$uri"}}], 251902Szelenkov@nginx.com } 261902Szelenkov@nginx.com ) 271902Szelenkov@nginx.com 281902Szelenkov@nginx.com def test_static_chroot(self, temp_dir): 291902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'default chroot' 301902Szelenkov@nginx.com assert self.get(url='/index.html')['status'] == 200, 'default chroot 2' 311902Szelenkov@nginx.com 321902Szelenkov@nginx.com assert 'success' in self.conf( 331902Szelenkov@nginx.com { 34*1960Sz.hong@f5.com "share": temp_dir + "/assets$uri", 351902Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir", 361902Szelenkov@nginx.com }, 371902Szelenkov@nginx.com 'routes/0/action', 381902Szelenkov@nginx.com ), 'configure chroot' 391902Szelenkov@nginx.com 401902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'chroot' 411902Szelenkov@nginx.com assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2' 421902Szelenkov@nginx.com assert self.get(url='/file')['status'] == 403, 'chroot 403' 431902Szelenkov@nginx.com 441902Szelenkov@nginx.com def test_static_chroot_permission(self, is_su, temp_dir): 451902Szelenkov@nginx.com if is_su: 461902Szelenkov@nginx.com pytest.skip('does\'t work under root') 471902Szelenkov@nginx.com 481902Szelenkov@nginx.com os.chmod(temp_dir + '/assets/dir', 0o100) 491902Szelenkov@nginx.com 501902Szelenkov@nginx.com assert 'success' in self.conf( 511902Szelenkov@nginx.com { 52*1960Sz.hong@f5.com "share": temp_dir + "/assets$uri", 531902Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir", 541902Szelenkov@nginx.com }, 551902Szelenkov@nginx.com 'routes/0/action', 561902Szelenkov@nginx.com ), 'configure chroot' 571902Szelenkov@nginx.com 581902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'chroot' 591902Szelenkov@nginx.com 601902Szelenkov@nginx.com def test_static_chroot_empty(self, temp_dir): 611902Szelenkov@nginx.com assert 'success' in self.conf( 62*1960Sz.hong@f5.com {"share": temp_dir + "/assets$uri", "chroot": ""}, 63*1960Sz.hong@f5.com 'routes/0/action', 641902Szelenkov@nginx.com ), 'configure chroot empty absolute' 651902Szelenkov@nginx.com 661902Szelenkov@nginx.com assert ( 671902Szelenkov@nginx.com self.get(url='/dir/file')['status'] == 200 681902Szelenkov@nginx.com ), 'chroot empty absolute' 691902Szelenkov@nginx.com 701902Szelenkov@nginx.com assert 'success' in self.conf( 71*1960Sz.hong@f5.com {"share": ".$uri", "chroot": ""}, 'routes/0/action', 721902Szelenkov@nginx.com ), 'configure chroot empty relative' 731902Szelenkov@nginx.com 741902Szelenkov@nginx.com assert ( 751902Szelenkov@nginx.com self.get(url=self.test_path)['status'] == 200 761902Szelenkov@nginx.com ), 'chroot empty relative' 771902Szelenkov@nginx.com 781902Szelenkov@nginx.com def test_static_chroot_relative(self, is_su, temp_dir): 791902Szelenkov@nginx.com if is_su: 801902Szelenkov@nginx.com pytest.skip('does\'t work under root') 811902Szelenkov@nginx.com 821902Szelenkov@nginx.com assert 'success' in self.conf( 83*1960Sz.hong@f5.com {"share": temp_dir + "/assets$uri", "chroot": "."}, 84*1960Sz.hong@f5.com 'routes/0/action', 851902Szelenkov@nginx.com ), 'configure relative chroot' 861902Szelenkov@nginx.com 871902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 403, 'relative chroot' 881902Szelenkov@nginx.com 891902Szelenkov@nginx.com assert 'success' in self.conf( 90*1960Sz.hong@f5.com {"share": ".$uri"}, 'routes/0/action', 911902Szelenkov@nginx.com ), 'configure relative share' 921902Szelenkov@nginx.com 931902Szelenkov@nginx.com assert self.get(url=self.test_path)['status'] == 200, 'relative share' 941902Szelenkov@nginx.com 951902Szelenkov@nginx.com assert 'success' in self.conf( 96*1960Sz.hong@f5.com {"share": ".$uri", "chroot": "."}, 'routes/0/action', 971902Szelenkov@nginx.com ), 'configure relative' 981902Szelenkov@nginx.com 991902Szelenkov@nginx.com assert self.get(url=self.test_path)['status'] == 200, 'relative' 1001902Szelenkov@nginx.com 1011902Szelenkov@nginx.com def test_static_chroot_invalid(self, temp_dir): 1021902Szelenkov@nginx.com assert 'error' in self.conf( 1031902Szelenkov@nginx.com {"share": temp_dir, "chroot": True}, 'routes/0/action', 1041902Szelenkov@nginx.com ), 'configure chroot error' 1051902Szelenkov@nginx.com assert 'error' in self.conf( 1061902Szelenkov@nginx.com {"share": temp_dir, "symlinks": "True"}, 'routes/0/action', 1071902Szelenkov@nginx.com ), 'configure symlink error' 1081902Szelenkov@nginx.com assert 'error' in self.conf( 1091902Szelenkov@nginx.com {"share": temp_dir, "mount": "True"}, 'routes/0/action', 1101902Szelenkov@nginx.com ), 'configure mount error' 111