xref: /unit/test/test_static_chroot.py (revision 1966)
11902Szelenkov@nginx.comimport os
21902Szelenkov@nginx.comfrom pathlib import Path
31902Szelenkov@nginx.com
41902Szelenkov@nginx.comimport pytest
51902Szelenkov@nginx.com
61902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
71902Szelenkov@nginx.com
81902Szelenkov@nginx.com
91902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto):
101902Szelenkov@nginx.com    prerequisites = {'features': ['chroot']}
111902Szelenkov@nginx.com
121902Szelenkov@nginx.com    @pytest.fixture(autouse=True)
131902Szelenkov@nginx.com    def setup_method_fixture(self, temp_dir):
141902Szelenkov@nginx.com        os.makedirs(temp_dir + '/assets/dir')
151902Szelenkov@nginx.com        Path(temp_dir + '/assets/index.html').write_text('0123456789')
161902Szelenkov@nginx.com        Path(temp_dir + '/assets/dir/file').write_text('blah')
171902Szelenkov@nginx.com
181902Szelenkov@nginx.com        test = Path(__file__)
191902Szelenkov@nginx.com        self.test_path = '/' + test.parent.name + '/' + test.name
201902Szelenkov@nginx.com
211902Szelenkov@nginx.com        self._load_conf(
221902Szelenkov@nginx.com            {
231902Szelenkov@nginx.com                "listeners": {"*:7080": {"pass": "routes"}},
241960Sz.hong@f5.com                "routes": [{"action": {"share": temp_dir + "/assets$uri"}}],
251902Szelenkov@nginx.com            }
261902Szelenkov@nginx.com        )
271902Szelenkov@nginx.com
28*1966Szelenkov@nginx.com    def update_action(self, share, chroot):
29*1966Szelenkov@nginx.com        return self.conf(
30*1966Szelenkov@nginx.com            {"share": share, "chroot": chroot}, 'routes/0/action',
31*1966Szelenkov@nginx.com        )
32*1966Szelenkov@nginx.com
33*1966Szelenkov@nginx.com    def get_custom(self, uri, host):
34*1966Szelenkov@nginx.com        return self.get(
35*1966Szelenkov@nginx.com            url=uri, headers={'Host': host, 'Connection': 'close'}
36*1966Szelenkov@nginx.com        )['status']
37*1966Szelenkov@nginx.com
381902Szelenkov@nginx.com    def test_static_chroot(self, temp_dir):
391902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'default chroot'
401902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 200, 'default chroot 2'
411902Szelenkov@nginx.com
421902Szelenkov@nginx.com        assert 'success' in self.conf(
431902Szelenkov@nginx.com            {
441960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
451902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
461902Szelenkov@nginx.com            },
471902Szelenkov@nginx.com            'routes/0/action',
481902Szelenkov@nginx.com        ), 'configure chroot'
491902Szelenkov@nginx.com
501902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
511902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2'
521902Szelenkov@nginx.com        assert self.get(url='/file')['status'] == 403, 'chroot 403'
531902Szelenkov@nginx.com
54*1966Szelenkov@nginx.com    def test_share_chroot_array(self, temp_dir):
55*1966Szelenkov@nginx.com        assert 'success' in self.conf(
56*1966Szelenkov@nginx.com            {
57*1966Szelenkov@nginx.com                "share": ["/blah", temp_dir + "/assets$uri"],
58*1966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
59*1966Szelenkov@nginx.com            },
60*1966Szelenkov@nginx.com            'routes/0/action',
61*1966Szelenkov@nginx.com        ), 'configure share array'
62*1966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'share array'
63*1966Szelenkov@nginx.com
64*1966Szelenkov@nginx.com        assert 'success' in self.update_action(
65*1966Szelenkov@nginx.com            ["/blah", temp_dir + '/assets$uri'], temp_dir + '/assets/$host'
66*1966Szelenkov@nginx.com        )
67*1966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200, 'array variable'
68*1966Szelenkov@nginx.com
69*1966Szelenkov@nginx.com        assert 'success' in self.conf(
70*1966Szelenkov@nginx.com            {
71*1966Szelenkov@nginx.com                "share": ["/blah", "/blah2"],
72*1966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
73*1966Szelenkov@nginx.com            },
74*1966Szelenkov@nginx.com            'routes/0/action',
75*1966Szelenkov@nginx.com        ), 'configure share array bad'
76*1966Szelenkov@nginx.com        assert self.get()['status'] != 200, 'share array bad'
77*1966Szelenkov@nginx.com
781902Szelenkov@nginx.com    def test_static_chroot_permission(self, is_su, temp_dir):
791902Szelenkov@nginx.com        if is_su:
801902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
811902Szelenkov@nginx.com
821902Szelenkov@nginx.com        os.chmod(temp_dir + '/assets/dir', 0o100)
831902Szelenkov@nginx.com
841902Szelenkov@nginx.com        assert 'success' in self.conf(
851902Szelenkov@nginx.com            {
861960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
871902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
881902Szelenkov@nginx.com            },
891902Szelenkov@nginx.com            'routes/0/action',
901902Szelenkov@nginx.com        ), 'configure chroot'
911902Szelenkov@nginx.com
921902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
931902Szelenkov@nginx.com
941902Szelenkov@nginx.com    def test_static_chroot_empty(self, temp_dir):
951902Szelenkov@nginx.com        assert 'success' in self.conf(
961960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": ""},
971960Sz.hong@f5.com            'routes/0/action',
981902Szelenkov@nginx.com        ), 'configure chroot empty absolute'
991902Szelenkov@nginx.com
1001902Szelenkov@nginx.com        assert (
1011902Szelenkov@nginx.com            self.get(url='/dir/file')['status'] == 200
1021902Szelenkov@nginx.com        ), 'chroot empty absolute'
1031902Szelenkov@nginx.com
1041902Szelenkov@nginx.com        assert 'success' in self.conf(
1051960Sz.hong@f5.com            {"share": ".$uri", "chroot": ""}, 'routes/0/action',
1061902Szelenkov@nginx.com        ), 'configure chroot empty relative'
1071902Szelenkov@nginx.com
1081902Szelenkov@nginx.com        assert (
1091902Szelenkov@nginx.com            self.get(url=self.test_path)['status'] == 200
1101902Szelenkov@nginx.com        ), 'chroot empty relative'
1111902Szelenkov@nginx.com
1121902Szelenkov@nginx.com    def test_static_chroot_relative(self, is_su, temp_dir):
1131902Szelenkov@nginx.com        if is_su:
1141902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
1151902Szelenkov@nginx.com
1161902Szelenkov@nginx.com        assert 'success' in self.conf(
1171960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": "."},
1181960Sz.hong@f5.com            'routes/0/action',
1191902Szelenkov@nginx.com        ), 'configure relative chroot'
1201902Szelenkov@nginx.com
1211902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 403, 'relative chroot'
1221902Szelenkov@nginx.com
1231902Szelenkov@nginx.com        assert 'success' in self.conf(
1241960Sz.hong@f5.com            {"share": ".$uri"}, 'routes/0/action',
1251902Szelenkov@nginx.com        ), 'configure relative share'
1261902Szelenkov@nginx.com
1271902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative share'
1281902Szelenkov@nginx.com
1291902Szelenkov@nginx.com        assert 'success' in self.conf(
1301960Sz.hong@f5.com            {"share": ".$uri", "chroot": "."}, 'routes/0/action',
1311902Szelenkov@nginx.com        ), 'configure relative'
1321902Szelenkov@nginx.com
1331902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative'
1341902Szelenkov@nginx.com
135*1966Szelenkov@nginx.com    def test_static_chroot_varibales(self, temp_dir):
136*1966Szelenkov@nginx.com        assert 'success' in self.update_action(
137*1966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
138*1966Szelenkov@nginx.com        )
139*1966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
140*1966Szelenkov@nginx.com
141*1966Szelenkov@nginx.com        assert 'success' in self.update_action(
142*1966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/${host}'
143*1966Szelenkov@nginx.com        )
144*1966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
145*1966Szelenkov@nginx.com
146*1966Szelenkov@nginx.com    def test_static_chroot_varibales_buildin_start(self, temp_dir):
147*1966Szelenkov@nginx.com        assert 'success' in self.update_action(
148*1966Szelenkov@nginx.com            temp_dir + '/assets/dir/$host', '$uri/assets/dir'
149*1966Szelenkov@nginx.com        )
150*1966Szelenkov@nginx.com
151*1966Szelenkov@nginx.com        assert self.get_custom(temp_dir, 'file') == 200
152*1966Szelenkov@nginx.com
153*1966Szelenkov@nginx.com    def test_static_chroot_varibales_buildin_mid(self, temp_dir):
154*1966Szelenkov@nginx.com        assert 'success' in self.update_action(
155*1966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/$host/dir'
156*1966Szelenkov@nginx.com        )
157*1966Szelenkov@nginx.com
158*1966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'assets') == 200
159*1966Szelenkov@nginx.com
160*1966Szelenkov@nginx.com    def test_static_chroot_varibales_buildin_end(self, temp_dir):
161*1966Szelenkov@nginx.com        assert 'success' in self.update_action(
162*1966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
163*1966Szelenkov@nginx.com        )
164*1966Szelenkov@nginx.com
165*1966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
166*1966Szelenkov@nginx.com
167*1966Szelenkov@nginx.com    def test_static_chroot_slash(self, temp_dir):
168*1966Szelenkov@nginx.com        assert 'success' in self.conf(
169*1966Szelenkov@nginx.com            {
170*1966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
171*1966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir/",
172*1966Szelenkov@nginx.com            },
173*1966Szelenkov@nginx.com            'routes/0/action',
174*1966Szelenkov@nginx.com        ), 'configure chroot slash end'
175*1966Szelenkov@nginx.com
176*1966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end'
177*1966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end bad'
178*1966Szelenkov@nginx.com
179*1966Szelenkov@nginx.com        assert 'success' in self.conf(
180*1966Szelenkov@nginx.com            {
181*1966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
182*1966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
183*1966Szelenkov@nginx.com            },
184*1966Szelenkov@nginx.com            'routes/0/action',
185*1966Szelenkov@nginx.com        ), 'configure chroot no slash end'
186*1966Szelenkov@nginx.com
187*1966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'no slash end'
188*1966Szelenkov@nginx.com
189*1966Szelenkov@nginx.com        assert 'success' in self.conf(
190*1966Szelenkov@nginx.com            {
191*1966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
192*1966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir/",
193*1966Szelenkov@nginx.com            },
194*1966Szelenkov@nginx.com            'routes/0/action',
195*1966Szelenkov@nginx.com        ), 'configure chroot slash end 2'
196*1966Szelenkov@nginx.com
197*1966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end 2'
198*1966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad'
199*1966Szelenkov@nginx.com
200*1966Szelenkov@nginx.com        assert 'success' in self.conf(
201*1966Szelenkov@nginx.com            {
202*1966Szelenkov@nginx.com                "share": temp_dir + "///assets/////$uri",
203*1966Szelenkov@nginx.com                "chroot": temp_dir + "//assets////dir///",
204*1966Szelenkov@nginx.com            },
205*1966Szelenkov@nginx.com            'routes/0/action',
206*1966Szelenkov@nginx.com        ), 'configure chroot multiple slashes'
207*1966Szelenkov@nginx.com
208*1966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'multiple slashes'
209*1966Szelenkov@nginx.com
2101902Szelenkov@nginx.com    def test_static_chroot_invalid(self, temp_dir):
2111902Szelenkov@nginx.com        assert 'error' in self.conf(
2121902Szelenkov@nginx.com            {"share": temp_dir, "chroot": True}, 'routes/0/action',
2131902Szelenkov@nginx.com        ), 'configure chroot error'
2141902Szelenkov@nginx.com        assert 'error' in self.conf(
2151902Szelenkov@nginx.com            {"share": temp_dir, "symlinks": "True"}, 'routes/0/action',
2161902Szelenkov@nginx.com        ), 'configure symlink error'
2171902Szelenkov@nginx.com        assert 'error' in self.conf(
2181902Szelenkov@nginx.com            {"share": temp_dir, "mount": "True"}, 'routes/0/action',
2191902Szelenkov@nginx.com        ), 'configure mount error'
220*1966Szelenkov@nginx.com
221*1966Szelenkov@nginx.com        assert 'error' in self.update_action(
222*1966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/d$r$uri'
223*1966Szelenkov@nginx.com        )
224*1966Szelenkov@nginx.com        assert 'error' in self.update_action(
225*1966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$$uri'
226*1966Szelenkov@nginx.com        )
227