11902Szelenkov@nginx.comimport os 21902Szelenkov@nginx.comfrom pathlib import Path 31902Szelenkov@nginx.com 41902Szelenkov@nginx.comimport pytest 51902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 61902Szelenkov@nginx.com 71902Szelenkov@nginx.com 81902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto): 91902Szelenkov@nginx.com prerequisites = {'features': ['chroot']} 101902Szelenkov@nginx.com 111902Szelenkov@nginx.com @pytest.fixture(autouse=True) 121902Szelenkov@nginx.com def setup_method_fixture(self, temp_dir): 131902Szelenkov@nginx.com os.makedirs(temp_dir + '/assets/dir') 141902Szelenkov@nginx.com Path(temp_dir + '/assets/index.html').write_text('0123456789') 151902Szelenkov@nginx.com Path(temp_dir + '/assets/dir/file').write_text('blah') 161902Szelenkov@nginx.com 171902Szelenkov@nginx.com test = Path(__file__) 181902Szelenkov@nginx.com self.test_path = '/' + test.parent.name + '/' + test.name 191902Szelenkov@nginx.com 201902Szelenkov@nginx.com self._load_conf( 211902Szelenkov@nginx.com { 221902Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "routes"}}, 231960Sz.hong@f5.com "routes": [{"action": {"share": temp_dir + "/assets$uri"}}], 241902Szelenkov@nginx.com } 251902Szelenkov@nginx.com ) 261902Szelenkov@nginx.com 271966Szelenkov@nginx.com def update_action(self, share, chroot): 281966Szelenkov@nginx.com return self.conf( 291966Szelenkov@nginx.com {"share": share, "chroot": chroot}, 'routes/0/action', 301966Szelenkov@nginx.com ) 311966Szelenkov@nginx.com 321966Szelenkov@nginx.com def get_custom(self, uri, host): 331966Szelenkov@nginx.com return self.get( 341966Szelenkov@nginx.com url=uri, headers={'Host': host, 'Connection': 'close'} 351966Szelenkov@nginx.com )['status'] 361966Szelenkov@nginx.com 371902Szelenkov@nginx.com def test_static_chroot(self, temp_dir): 381902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'default chroot' 391902Szelenkov@nginx.com assert self.get(url='/index.html')['status'] == 200, 'default chroot 2' 401902Szelenkov@nginx.com 411902Szelenkov@nginx.com assert 'success' in self.conf( 421902Szelenkov@nginx.com { 431960Sz.hong@f5.com "share": temp_dir + "/assets$uri", 441902Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir", 451902Szelenkov@nginx.com }, 461902Szelenkov@nginx.com 'routes/0/action', 471902Szelenkov@nginx.com ), 'configure chroot' 481902Szelenkov@nginx.com 491902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'chroot' 501902Szelenkov@nginx.com assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2' 511902Szelenkov@nginx.com assert self.get(url='/file')['status'] == 403, 'chroot 403' 521902Szelenkov@nginx.com 531966Szelenkov@nginx.com def test_share_chroot_array(self, temp_dir): 541966Szelenkov@nginx.com assert 'success' in self.conf( 551966Szelenkov@nginx.com { 561966Szelenkov@nginx.com "share": ["/blah", temp_dir + "/assets$uri"], 571966Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir", 581966Szelenkov@nginx.com }, 591966Szelenkov@nginx.com 'routes/0/action', 601966Szelenkov@nginx.com ), 'configure share array' 611966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'share array' 621966Szelenkov@nginx.com 631966Szelenkov@nginx.com assert 'success' in self.update_action( 641966Szelenkov@nginx.com ["/blah", temp_dir + '/assets$uri'], temp_dir + '/assets/$host' 651966Szelenkov@nginx.com ) 661966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200, 'array variable' 671966Szelenkov@nginx.com 681966Szelenkov@nginx.com assert 'success' in self.conf( 691966Szelenkov@nginx.com { 701966Szelenkov@nginx.com "share": ["/blah", "/blah2"], 711966Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir", 721966Szelenkov@nginx.com }, 731966Szelenkov@nginx.com 'routes/0/action', 741966Szelenkov@nginx.com ), 'configure share array bad' 751966Szelenkov@nginx.com assert self.get()['status'] != 200, 'share array bad' 761966Szelenkov@nginx.com 771902Szelenkov@nginx.com def test_static_chroot_permission(self, is_su, temp_dir): 781902Szelenkov@nginx.com if is_su: 791902Szelenkov@nginx.com pytest.skip('does\'t work under root') 801902Szelenkov@nginx.com 811902Szelenkov@nginx.com os.chmod(temp_dir + '/assets/dir', 0o100) 821902Szelenkov@nginx.com 831902Szelenkov@nginx.com assert 'success' in self.conf( 841902Szelenkov@nginx.com { 851960Sz.hong@f5.com "share": temp_dir + "/assets$uri", 861902Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir", 871902Szelenkov@nginx.com }, 881902Szelenkov@nginx.com 'routes/0/action', 891902Szelenkov@nginx.com ), 'configure chroot' 901902Szelenkov@nginx.com 911902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'chroot' 921902Szelenkov@nginx.com 931902Szelenkov@nginx.com def test_static_chroot_empty(self, temp_dir): 941902Szelenkov@nginx.com assert 'success' in self.conf( 951960Sz.hong@f5.com {"share": temp_dir + "/assets$uri", "chroot": ""}, 961960Sz.hong@f5.com 'routes/0/action', 971902Szelenkov@nginx.com ), 'configure chroot empty absolute' 981902Szelenkov@nginx.com 991902Szelenkov@nginx.com assert ( 1001902Szelenkov@nginx.com self.get(url='/dir/file')['status'] == 200 1011902Szelenkov@nginx.com ), 'chroot empty absolute' 1021902Szelenkov@nginx.com 1031902Szelenkov@nginx.com assert 'success' in self.conf( 1041960Sz.hong@f5.com {"share": ".$uri", "chroot": ""}, 'routes/0/action', 1051902Szelenkov@nginx.com ), 'configure chroot empty relative' 1061902Szelenkov@nginx.com 1071902Szelenkov@nginx.com assert ( 1081902Szelenkov@nginx.com self.get(url=self.test_path)['status'] == 200 1091902Szelenkov@nginx.com ), 'chroot empty relative' 1101902Szelenkov@nginx.com 1111902Szelenkov@nginx.com def test_static_chroot_relative(self, is_su, temp_dir): 1121902Szelenkov@nginx.com if is_su: 1131902Szelenkov@nginx.com pytest.skip('does\'t work under root') 1141902Szelenkov@nginx.com 1151902Szelenkov@nginx.com assert 'success' in self.conf( 1161960Sz.hong@f5.com {"share": temp_dir + "/assets$uri", "chroot": "."}, 1171960Sz.hong@f5.com 'routes/0/action', 1181902Szelenkov@nginx.com ), 'configure relative chroot' 1191902Szelenkov@nginx.com 1201902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 403, 'relative chroot' 1211902Szelenkov@nginx.com 1221902Szelenkov@nginx.com assert 'success' in self.conf( 1231960Sz.hong@f5.com {"share": ".$uri"}, 'routes/0/action', 1241902Szelenkov@nginx.com ), 'configure relative share' 1251902Szelenkov@nginx.com 1261902Szelenkov@nginx.com assert self.get(url=self.test_path)['status'] == 200, 'relative share' 1271902Szelenkov@nginx.com 1281902Szelenkov@nginx.com assert 'success' in self.conf( 1291960Sz.hong@f5.com {"share": ".$uri", "chroot": "."}, 'routes/0/action', 1301902Szelenkov@nginx.com ), 'configure relative' 1311902Szelenkov@nginx.com 1321902Szelenkov@nginx.com assert self.get(url=self.test_path)['status'] == 200, 'relative' 1331902Szelenkov@nginx.com 134*1971Szelenkov@nginx.com def test_static_chroot_variables(self, temp_dir): 1351966Szelenkov@nginx.com assert 'success' in self.update_action( 1361966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/$host' 1371966Szelenkov@nginx.com ) 1381966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200 1391966Szelenkov@nginx.com 1401966Szelenkov@nginx.com assert 'success' in self.update_action( 1411966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/${host}' 1421966Szelenkov@nginx.com ) 1431966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200 1441966Szelenkov@nginx.com 145*1971Szelenkov@nginx.com def test_static_chroot_variables_buildin_start(self, temp_dir): 1461966Szelenkov@nginx.com assert 'success' in self.update_action( 1471966Szelenkov@nginx.com temp_dir + '/assets/dir/$host', '$uri/assets/dir' 1481966Szelenkov@nginx.com ) 1491966Szelenkov@nginx.com 1501966Szelenkov@nginx.com assert self.get_custom(temp_dir, 'file') == 200 1511966Szelenkov@nginx.com 152*1971Szelenkov@nginx.com def test_static_chroot_variables_buildin_mid(self, temp_dir): 1531966Szelenkov@nginx.com assert 'success' in self.update_action( 1541966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/$host/dir' 1551966Szelenkov@nginx.com ) 1561966Szelenkov@nginx.com 1571966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'assets') == 200 1581966Szelenkov@nginx.com 159*1971Szelenkov@nginx.com def test_static_chroot_variables_buildin_end(self, temp_dir): 1601966Szelenkov@nginx.com assert 'success' in self.update_action( 1611966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/$host' 1621966Szelenkov@nginx.com ) 1631966Szelenkov@nginx.com 1641966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200 1651966Szelenkov@nginx.com 1661966Szelenkov@nginx.com def test_static_chroot_slash(self, temp_dir): 1671966Szelenkov@nginx.com assert 'success' in self.conf( 1681966Szelenkov@nginx.com { 1691966Szelenkov@nginx.com "share": temp_dir + "/assets$uri", 1701966Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir/", 1711966Szelenkov@nginx.com }, 1721966Szelenkov@nginx.com 'routes/0/action', 1731966Szelenkov@nginx.com ), 'configure chroot slash end' 1741966Szelenkov@nginx.com 1751966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'slash end' 1761966Szelenkov@nginx.com assert self.get(url='/dirxfile')['status'] == 403, 'slash end bad' 1771966Szelenkov@nginx.com 1781966Szelenkov@nginx.com assert 'success' in self.conf( 1791966Szelenkov@nginx.com { 1801966Szelenkov@nginx.com "share": temp_dir + "/assets$uri", 1811966Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir", 1821966Szelenkov@nginx.com }, 1831966Szelenkov@nginx.com 'routes/0/action', 1841966Szelenkov@nginx.com ), 'configure chroot no slash end' 1851966Szelenkov@nginx.com 1861966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'no slash end' 1871966Szelenkov@nginx.com 1881966Szelenkov@nginx.com assert 'success' in self.conf( 1891966Szelenkov@nginx.com { 1901966Szelenkov@nginx.com "share": temp_dir + "/assets$uri", 1911966Szelenkov@nginx.com "chroot": temp_dir + "/assets/dir/", 1921966Szelenkov@nginx.com }, 1931966Szelenkov@nginx.com 'routes/0/action', 1941966Szelenkov@nginx.com ), 'configure chroot slash end 2' 1951966Szelenkov@nginx.com 1961966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'slash end 2' 1971966Szelenkov@nginx.com assert self.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad' 1981966Szelenkov@nginx.com 1991966Szelenkov@nginx.com assert 'success' in self.conf( 2001966Szelenkov@nginx.com { 2011966Szelenkov@nginx.com "share": temp_dir + "///assets/////$uri", 2021966Szelenkov@nginx.com "chroot": temp_dir + "//assets////dir///", 2031966Szelenkov@nginx.com }, 2041966Szelenkov@nginx.com 'routes/0/action', 2051966Szelenkov@nginx.com ), 'configure chroot multiple slashes' 2061966Szelenkov@nginx.com 2071966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'multiple slashes' 2081966Szelenkov@nginx.com 2091902Szelenkov@nginx.com def test_static_chroot_invalid(self, temp_dir): 2101902Szelenkov@nginx.com assert 'error' in self.conf( 2111902Szelenkov@nginx.com {"share": temp_dir, "chroot": True}, 'routes/0/action', 2121902Szelenkov@nginx.com ), 'configure chroot error' 2131902Szelenkov@nginx.com assert 'error' in self.conf( 2141902Szelenkov@nginx.com {"share": temp_dir, "symlinks": "True"}, 'routes/0/action', 2151902Szelenkov@nginx.com ), 'configure symlink error' 2161902Szelenkov@nginx.com assert 'error' in self.conf( 2171902Szelenkov@nginx.com {"share": temp_dir, "mount": "True"}, 'routes/0/action', 2181902Szelenkov@nginx.com ), 'configure mount error' 2191966Szelenkov@nginx.com 2201966Szelenkov@nginx.com assert 'error' in self.update_action( 2211966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/d$r$uri' 2221966Szelenkov@nginx.com ) 2231966Szelenkov@nginx.com assert 'error' in self.update_action( 2241966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/$$uri' 2251966Szelenkov@nginx.com ) 226