xref: /unit/test/test_static_chroot.py (revision 1971)
11902Szelenkov@nginx.comimport os
21902Szelenkov@nginx.comfrom pathlib import Path
31902Szelenkov@nginx.com
41902Szelenkov@nginx.comimport pytest
51902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
61902Szelenkov@nginx.com
71902Szelenkov@nginx.com
81902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto):
91902Szelenkov@nginx.com    prerequisites = {'features': ['chroot']}
101902Szelenkov@nginx.com
111902Szelenkov@nginx.com    @pytest.fixture(autouse=True)
121902Szelenkov@nginx.com    def setup_method_fixture(self, temp_dir):
131902Szelenkov@nginx.com        os.makedirs(temp_dir + '/assets/dir')
141902Szelenkov@nginx.com        Path(temp_dir + '/assets/index.html').write_text('0123456789')
151902Szelenkov@nginx.com        Path(temp_dir + '/assets/dir/file').write_text('blah')
161902Szelenkov@nginx.com
171902Szelenkov@nginx.com        test = Path(__file__)
181902Szelenkov@nginx.com        self.test_path = '/' + test.parent.name + '/' + test.name
191902Szelenkov@nginx.com
201902Szelenkov@nginx.com        self._load_conf(
211902Szelenkov@nginx.com            {
221902Szelenkov@nginx.com                "listeners": {"*:7080": {"pass": "routes"}},
231960Sz.hong@f5.com                "routes": [{"action": {"share": temp_dir + "/assets$uri"}}],
241902Szelenkov@nginx.com            }
251902Szelenkov@nginx.com        )
261902Szelenkov@nginx.com
271966Szelenkov@nginx.com    def update_action(self, share, chroot):
281966Szelenkov@nginx.com        return self.conf(
291966Szelenkov@nginx.com            {"share": share, "chroot": chroot}, 'routes/0/action',
301966Szelenkov@nginx.com        )
311966Szelenkov@nginx.com
321966Szelenkov@nginx.com    def get_custom(self, uri, host):
331966Szelenkov@nginx.com        return self.get(
341966Szelenkov@nginx.com            url=uri, headers={'Host': host, 'Connection': 'close'}
351966Szelenkov@nginx.com        )['status']
361966Szelenkov@nginx.com
371902Szelenkov@nginx.com    def test_static_chroot(self, temp_dir):
381902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'default chroot'
391902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 200, 'default chroot 2'
401902Szelenkov@nginx.com
411902Szelenkov@nginx.com        assert 'success' in self.conf(
421902Szelenkov@nginx.com            {
431960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
441902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
451902Szelenkov@nginx.com            },
461902Szelenkov@nginx.com            'routes/0/action',
471902Szelenkov@nginx.com        ), 'configure chroot'
481902Szelenkov@nginx.com
491902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
501902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2'
511902Szelenkov@nginx.com        assert self.get(url='/file')['status'] == 403, 'chroot 403'
521902Szelenkov@nginx.com
531966Szelenkov@nginx.com    def test_share_chroot_array(self, temp_dir):
541966Szelenkov@nginx.com        assert 'success' in self.conf(
551966Szelenkov@nginx.com            {
561966Szelenkov@nginx.com                "share": ["/blah", temp_dir + "/assets$uri"],
571966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
581966Szelenkov@nginx.com            },
591966Szelenkov@nginx.com            'routes/0/action',
601966Szelenkov@nginx.com        ), 'configure share array'
611966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'share array'
621966Szelenkov@nginx.com
631966Szelenkov@nginx.com        assert 'success' in self.update_action(
641966Szelenkov@nginx.com            ["/blah", temp_dir + '/assets$uri'], temp_dir + '/assets/$host'
651966Szelenkov@nginx.com        )
661966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200, 'array variable'
671966Szelenkov@nginx.com
681966Szelenkov@nginx.com        assert 'success' in self.conf(
691966Szelenkov@nginx.com            {
701966Szelenkov@nginx.com                "share": ["/blah", "/blah2"],
711966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
721966Szelenkov@nginx.com            },
731966Szelenkov@nginx.com            'routes/0/action',
741966Szelenkov@nginx.com        ), 'configure share array bad'
751966Szelenkov@nginx.com        assert self.get()['status'] != 200, 'share array bad'
761966Szelenkov@nginx.com
771902Szelenkov@nginx.com    def test_static_chroot_permission(self, is_su, temp_dir):
781902Szelenkov@nginx.com        if is_su:
791902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
801902Szelenkov@nginx.com
811902Szelenkov@nginx.com        os.chmod(temp_dir + '/assets/dir', 0o100)
821902Szelenkov@nginx.com
831902Szelenkov@nginx.com        assert 'success' in self.conf(
841902Szelenkov@nginx.com            {
851960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
861902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
871902Szelenkov@nginx.com            },
881902Szelenkov@nginx.com            'routes/0/action',
891902Szelenkov@nginx.com        ), 'configure chroot'
901902Szelenkov@nginx.com
911902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
921902Szelenkov@nginx.com
931902Szelenkov@nginx.com    def test_static_chroot_empty(self, temp_dir):
941902Szelenkov@nginx.com        assert 'success' in self.conf(
951960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": ""},
961960Sz.hong@f5.com            'routes/0/action',
971902Szelenkov@nginx.com        ), 'configure chroot empty absolute'
981902Szelenkov@nginx.com
991902Szelenkov@nginx.com        assert (
1001902Szelenkov@nginx.com            self.get(url='/dir/file')['status'] == 200
1011902Szelenkov@nginx.com        ), 'chroot empty absolute'
1021902Szelenkov@nginx.com
1031902Szelenkov@nginx.com        assert 'success' in self.conf(
1041960Sz.hong@f5.com            {"share": ".$uri", "chroot": ""}, 'routes/0/action',
1051902Szelenkov@nginx.com        ), 'configure chroot empty relative'
1061902Szelenkov@nginx.com
1071902Szelenkov@nginx.com        assert (
1081902Szelenkov@nginx.com            self.get(url=self.test_path)['status'] == 200
1091902Szelenkov@nginx.com        ), 'chroot empty relative'
1101902Szelenkov@nginx.com
1111902Szelenkov@nginx.com    def test_static_chroot_relative(self, is_su, temp_dir):
1121902Szelenkov@nginx.com        if is_su:
1131902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
1141902Szelenkov@nginx.com
1151902Szelenkov@nginx.com        assert 'success' in self.conf(
1161960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": "."},
1171960Sz.hong@f5.com            'routes/0/action',
1181902Szelenkov@nginx.com        ), 'configure relative chroot'
1191902Szelenkov@nginx.com
1201902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 403, 'relative chroot'
1211902Szelenkov@nginx.com
1221902Szelenkov@nginx.com        assert 'success' in self.conf(
1231960Sz.hong@f5.com            {"share": ".$uri"}, 'routes/0/action',
1241902Szelenkov@nginx.com        ), 'configure relative share'
1251902Szelenkov@nginx.com
1261902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative share'
1271902Szelenkov@nginx.com
1281902Szelenkov@nginx.com        assert 'success' in self.conf(
1291960Sz.hong@f5.com            {"share": ".$uri", "chroot": "."}, 'routes/0/action',
1301902Szelenkov@nginx.com        ), 'configure relative'
1311902Szelenkov@nginx.com
1321902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative'
1331902Szelenkov@nginx.com
134*1971Szelenkov@nginx.com    def test_static_chroot_variables(self, temp_dir):
1351966Szelenkov@nginx.com        assert 'success' in self.update_action(
1361966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
1371966Szelenkov@nginx.com        )
1381966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1391966Szelenkov@nginx.com
1401966Szelenkov@nginx.com        assert 'success' in self.update_action(
1411966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/${host}'
1421966Szelenkov@nginx.com        )
1431966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1441966Szelenkov@nginx.com
145*1971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_start(self, temp_dir):
1461966Szelenkov@nginx.com        assert 'success' in self.update_action(
1471966Szelenkov@nginx.com            temp_dir + '/assets/dir/$host', '$uri/assets/dir'
1481966Szelenkov@nginx.com        )
1491966Szelenkov@nginx.com
1501966Szelenkov@nginx.com        assert self.get_custom(temp_dir, 'file') == 200
1511966Szelenkov@nginx.com
152*1971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_mid(self, temp_dir):
1531966Szelenkov@nginx.com        assert 'success' in self.update_action(
1541966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/$host/dir'
1551966Szelenkov@nginx.com        )
1561966Szelenkov@nginx.com
1571966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'assets') == 200
1581966Szelenkov@nginx.com
159*1971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_end(self, temp_dir):
1601966Szelenkov@nginx.com        assert 'success' in self.update_action(
1611966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
1621966Szelenkov@nginx.com        )
1631966Szelenkov@nginx.com
1641966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1651966Szelenkov@nginx.com
1661966Szelenkov@nginx.com    def test_static_chroot_slash(self, temp_dir):
1671966Szelenkov@nginx.com        assert 'success' in self.conf(
1681966Szelenkov@nginx.com            {
1691966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
1701966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir/",
1711966Szelenkov@nginx.com            },
1721966Szelenkov@nginx.com            'routes/0/action',
1731966Szelenkov@nginx.com        ), 'configure chroot slash end'
1741966Szelenkov@nginx.com
1751966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end'
1761966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end bad'
1771966Szelenkov@nginx.com
1781966Szelenkov@nginx.com        assert 'success' in self.conf(
1791966Szelenkov@nginx.com            {
1801966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
1811966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
1821966Szelenkov@nginx.com            },
1831966Szelenkov@nginx.com            'routes/0/action',
1841966Szelenkov@nginx.com        ), 'configure chroot no slash end'
1851966Szelenkov@nginx.com
1861966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'no slash end'
1871966Szelenkov@nginx.com
1881966Szelenkov@nginx.com        assert 'success' in self.conf(
1891966Szelenkov@nginx.com            {
1901966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
1911966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir/",
1921966Szelenkov@nginx.com            },
1931966Szelenkov@nginx.com            'routes/0/action',
1941966Szelenkov@nginx.com        ), 'configure chroot slash end 2'
1951966Szelenkov@nginx.com
1961966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end 2'
1971966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad'
1981966Szelenkov@nginx.com
1991966Szelenkov@nginx.com        assert 'success' in self.conf(
2001966Szelenkov@nginx.com            {
2011966Szelenkov@nginx.com                "share": temp_dir + "///assets/////$uri",
2021966Szelenkov@nginx.com                "chroot": temp_dir + "//assets////dir///",
2031966Szelenkov@nginx.com            },
2041966Szelenkov@nginx.com            'routes/0/action',
2051966Szelenkov@nginx.com        ), 'configure chroot multiple slashes'
2061966Szelenkov@nginx.com
2071966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'multiple slashes'
2081966Szelenkov@nginx.com
2091902Szelenkov@nginx.com    def test_static_chroot_invalid(self, temp_dir):
2101902Szelenkov@nginx.com        assert 'error' in self.conf(
2111902Szelenkov@nginx.com            {"share": temp_dir, "chroot": True}, 'routes/0/action',
2121902Szelenkov@nginx.com        ), 'configure chroot error'
2131902Szelenkov@nginx.com        assert 'error' in self.conf(
2141902Szelenkov@nginx.com            {"share": temp_dir, "symlinks": "True"}, 'routes/0/action',
2151902Szelenkov@nginx.com        ), 'configure symlink error'
2161902Szelenkov@nginx.com        assert 'error' in self.conf(
2171902Szelenkov@nginx.com            {"share": temp_dir, "mount": "True"}, 'routes/0/action',
2181902Szelenkov@nginx.com        ), 'configure mount error'
2191966Szelenkov@nginx.com
2201966Szelenkov@nginx.com        assert 'error' in self.update_action(
2211966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/d$r$uri'
2221966Szelenkov@nginx.com        )
2231966Szelenkov@nginx.com        assert 'error' in self.update_action(
2241966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$$uri'
2251966Szelenkov@nginx.com        )
226