xref: /unit/test/test_static_chroot.py (revision 2073)
11902Szelenkov@nginx.comimport os
21902Szelenkov@nginx.comfrom pathlib import Path
31902Szelenkov@nginx.com
41902Szelenkov@nginx.comimport pytest
51902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
61902Szelenkov@nginx.com
71902Szelenkov@nginx.com
81902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto):
91902Szelenkov@nginx.com    prerequisites = {'features': ['chroot']}
101902Szelenkov@nginx.com
111902Szelenkov@nginx.com    @pytest.fixture(autouse=True)
121902Szelenkov@nginx.com    def setup_method_fixture(self, temp_dir):
131902Szelenkov@nginx.com        os.makedirs(temp_dir + '/assets/dir')
141902Szelenkov@nginx.com        Path(temp_dir + '/assets/index.html').write_text('0123456789')
151902Szelenkov@nginx.com        Path(temp_dir + '/assets/dir/file').write_text('blah')
161902Szelenkov@nginx.com
171902Szelenkov@nginx.com        test = Path(__file__)
181902Szelenkov@nginx.com        self.test_path = '/' + test.parent.name + '/' + test.name
191902Szelenkov@nginx.com
201902Szelenkov@nginx.com        self._load_conf(
211902Szelenkov@nginx.com            {
221902Szelenkov@nginx.com                "listeners": {"*:7080": {"pass": "routes"}},
231960Sz.hong@f5.com                "routes": [{"action": {"share": temp_dir + "/assets$uri"}}],
241902Szelenkov@nginx.com            }
251902Szelenkov@nginx.com        )
261902Szelenkov@nginx.com
271966Szelenkov@nginx.com    def update_action(self, share, chroot):
281966Szelenkov@nginx.com        return self.conf(
29*2073Szelenkov@nginx.com            {"share": share, "chroot": chroot},
30*2073Szelenkov@nginx.com            'routes/0/action',
311966Szelenkov@nginx.com        )
321966Szelenkov@nginx.com
331966Szelenkov@nginx.com    def get_custom(self, uri, host):
34*2073Szelenkov@nginx.com        return self.get(url=uri, headers={'Host': host, 'Connection': 'close'})[
35*2073Szelenkov@nginx.com            'status'
36*2073Szelenkov@nginx.com        ]
371966Szelenkov@nginx.com
381902Szelenkov@nginx.com    def test_static_chroot(self, temp_dir):
391902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'default chroot'
401902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 200, 'default chroot 2'
411902Szelenkov@nginx.com
421902Szelenkov@nginx.com        assert 'success' in self.conf(
431902Szelenkov@nginx.com            {
441960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
451902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
461902Szelenkov@nginx.com            },
471902Szelenkov@nginx.com            'routes/0/action',
481902Szelenkov@nginx.com        ), 'configure chroot'
491902Szelenkov@nginx.com
501902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
511902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2'
521902Szelenkov@nginx.com        assert self.get(url='/file')['status'] == 403, 'chroot 403'
531902Szelenkov@nginx.com
541966Szelenkov@nginx.com    def test_share_chroot_array(self, temp_dir):
551966Szelenkov@nginx.com        assert 'success' in self.conf(
561966Szelenkov@nginx.com            {
571966Szelenkov@nginx.com                "share": ["/blah", temp_dir + "/assets$uri"],
581966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
591966Szelenkov@nginx.com            },
601966Szelenkov@nginx.com            'routes/0/action',
611966Szelenkov@nginx.com        ), 'configure share array'
621966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'share array'
631966Szelenkov@nginx.com
641966Szelenkov@nginx.com        assert 'success' in self.update_action(
651966Szelenkov@nginx.com            ["/blah", temp_dir + '/assets$uri'], temp_dir + '/assets/$host'
661966Szelenkov@nginx.com        )
671966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200, 'array variable'
681966Szelenkov@nginx.com
691966Szelenkov@nginx.com        assert 'success' in self.conf(
701966Szelenkov@nginx.com            {
711966Szelenkov@nginx.com                "share": ["/blah", "/blah2"],
721966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
731966Szelenkov@nginx.com            },
741966Szelenkov@nginx.com            'routes/0/action',
751966Szelenkov@nginx.com        ), 'configure share array bad'
761966Szelenkov@nginx.com        assert self.get()['status'] != 200, 'share array bad'
771966Szelenkov@nginx.com
781902Szelenkov@nginx.com    def test_static_chroot_permission(self, is_su, temp_dir):
791902Szelenkov@nginx.com        if is_su:
801902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
811902Szelenkov@nginx.com
821902Szelenkov@nginx.com        os.chmod(temp_dir + '/assets/dir', 0o100)
831902Szelenkov@nginx.com
841902Szelenkov@nginx.com        assert 'success' in self.conf(
851902Szelenkov@nginx.com            {
861960Sz.hong@f5.com                "share": temp_dir + "/assets$uri",
871902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
881902Szelenkov@nginx.com            },
891902Szelenkov@nginx.com            'routes/0/action',
901902Szelenkov@nginx.com        ), 'configure chroot'
911902Szelenkov@nginx.com
921902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
931902Szelenkov@nginx.com
941902Szelenkov@nginx.com    def test_static_chroot_empty(self, temp_dir):
951902Szelenkov@nginx.com        assert 'success' in self.conf(
961960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": ""},
971960Sz.hong@f5.com            'routes/0/action',
981902Szelenkov@nginx.com        ), 'configure chroot empty absolute'
991902Szelenkov@nginx.com
1001902Szelenkov@nginx.com        assert (
1011902Szelenkov@nginx.com            self.get(url='/dir/file')['status'] == 200
1021902Szelenkov@nginx.com        ), 'chroot empty absolute'
1031902Szelenkov@nginx.com
1041902Szelenkov@nginx.com        assert 'success' in self.conf(
105*2073Szelenkov@nginx.com            {"share": ".$uri", "chroot": ""},
106*2073Szelenkov@nginx.com            'routes/0/action',
1071902Szelenkov@nginx.com        ), 'configure chroot empty relative'
1081902Szelenkov@nginx.com
1091902Szelenkov@nginx.com        assert (
1101902Szelenkov@nginx.com            self.get(url=self.test_path)['status'] == 200
1111902Szelenkov@nginx.com        ), 'chroot empty relative'
1121902Szelenkov@nginx.com
1131902Szelenkov@nginx.com    def test_static_chroot_relative(self, is_su, temp_dir):
1141902Szelenkov@nginx.com        if is_su:
1151902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
1161902Szelenkov@nginx.com
1171902Szelenkov@nginx.com        assert 'success' in self.conf(
1181960Sz.hong@f5.com            {"share": temp_dir + "/assets$uri", "chroot": "."},
1191960Sz.hong@f5.com            'routes/0/action',
1201902Szelenkov@nginx.com        ), 'configure relative chroot'
1211902Szelenkov@nginx.com
1221902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 403, 'relative chroot'
1231902Szelenkov@nginx.com
1241902Szelenkov@nginx.com        assert 'success' in self.conf(
125*2073Szelenkov@nginx.com            {"share": ".$uri"},
126*2073Szelenkov@nginx.com            'routes/0/action',
1271902Szelenkov@nginx.com        ), 'configure relative share'
1281902Szelenkov@nginx.com
1291902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative share'
1301902Szelenkov@nginx.com
1311902Szelenkov@nginx.com        assert 'success' in self.conf(
132*2073Szelenkov@nginx.com            {"share": ".$uri", "chroot": "."},
133*2073Szelenkov@nginx.com            'routes/0/action',
1341902Szelenkov@nginx.com        ), 'configure relative'
1351902Szelenkov@nginx.com
1361902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative'
1371902Szelenkov@nginx.com
1381971Szelenkov@nginx.com    def test_static_chroot_variables(self, temp_dir):
1391966Szelenkov@nginx.com        assert 'success' in self.update_action(
1401966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
1411966Szelenkov@nginx.com        )
1421966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1431966Szelenkov@nginx.com
1441966Szelenkov@nginx.com        assert 'success' in self.update_action(
1451966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/${host}'
1461966Szelenkov@nginx.com        )
1471966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1481966Szelenkov@nginx.com
1491971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_start(self, temp_dir):
1501966Szelenkov@nginx.com        assert 'success' in self.update_action(
1511966Szelenkov@nginx.com            temp_dir + '/assets/dir/$host', '$uri/assets/dir'
1521966Szelenkov@nginx.com        )
1531966Szelenkov@nginx.com
1541966Szelenkov@nginx.com        assert self.get_custom(temp_dir, 'file') == 200
1551966Szelenkov@nginx.com
1561971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_mid(self, temp_dir):
1571966Szelenkov@nginx.com        assert 'success' in self.update_action(
1581966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/$host/dir'
1591966Szelenkov@nginx.com        )
1601966Szelenkov@nginx.com
1611966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'assets') == 200
1621966Szelenkov@nginx.com
1631971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_end(self, temp_dir):
1641966Szelenkov@nginx.com        assert 'success' in self.update_action(
1651966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
1661966Szelenkov@nginx.com        )
1671966Szelenkov@nginx.com
1681966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1691966Szelenkov@nginx.com
1701966Szelenkov@nginx.com    def test_static_chroot_slash(self, temp_dir):
1711966Szelenkov@nginx.com        assert 'success' in self.conf(
1721966Szelenkov@nginx.com            {
1731966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
1741966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir/",
1751966Szelenkov@nginx.com            },
1761966Szelenkov@nginx.com            'routes/0/action',
1771966Szelenkov@nginx.com        ), 'configure chroot slash end'
1781966Szelenkov@nginx.com
1791966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end'
1801966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end bad'
1811966Szelenkov@nginx.com
1821966Szelenkov@nginx.com        assert 'success' in self.conf(
1831966Szelenkov@nginx.com            {
1841966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
1851966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir",
1861966Szelenkov@nginx.com            },
1871966Szelenkov@nginx.com            'routes/0/action',
1881966Szelenkov@nginx.com        ), 'configure chroot no slash end'
1891966Szelenkov@nginx.com
1901966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'no slash end'
1911966Szelenkov@nginx.com
1921966Szelenkov@nginx.com        assert 'success' in self.conf(
1931966Szelenkov@nginx.com            {
1941966Szelenkov@nginx.com                "share": temp_dir + "/assets$uri",
1951966Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir/",
1961966Szelenkov@nginx.com            },
1971966Szelenkov@nginx.com            'routes/0/action',
1981966Szelenkov@nginx.com        ), 'configure chroot slash end 2'
1991966Szelenkov@nginx.com
2001966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end 2'
2011966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad'
2021966Szelenkov@nginx.com
2031966Szelenkov@nginx.com        assert 'success' in self.conf(
2041966Szelenkov@nginx.com            {
2051966Szelenkov@nginx.com                "share": temp_dir + "///assets/////$uri",
2061966Szelenkov@nginx.com                "chroot": temp_dir + "//assets////dir///",
2071966Szelenkov@nginx.com            },
2081966Szelenkov@nginx.com            'routes/0/action',
2091966Szelenkov@nginx.com        ), 'configure chroot multiple slashes'
2101966Szelenkov@nginx.com
2111966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'multiple slashes'
2121966Szelenkov@nginx.com
2131902Szelenkov@nginx.com    def test_static_chroot_invalid(self, temp_dir):
2141902Szelenkov@nginx.com        assert 'error' in self.conf(
215*2073Szelenkov@nginx.com            {"share": temp_dir, "chroot": True},
216*2073Szelenkov@nginx.com            'routes/0/action',
2171902Szelenkov@nginx.com        ), 'configure chroot error'
2181902Szelenkov@nginx.com        assert 'error' in self.conf(
219*2073Szelenkov@nginx.com            {"share": temp_dir, "symlinks": "True"},
220*2073Szelenkov@nginx.com            'routes/0/action',
2211902Szelenkov@nginx.com        ), 'configure symlink error'
2221902Szelenkov@nginx.com        assert 'error' in self.conf(
223*2073Szelenkov@nginx.com            {"share": temp_dir, "mount": "True"},
224*2073Szelenkov@nginx.com            'routes/0/action',
2251902Szelenkov@nginx.com        ), 'configure mount error'
2261966Szelenkov@nginx.com
2271966Szelenkov@nginx.com        assert 'error' in self.update_action(
2281966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/d$r$uri'
2291966Szelenkov@nginx.com        )
2301966Szelenkov@nginx.com        assert 'error' in self.update_action(
2311966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$$uri'
2321966Szelenkov@nginx.com        )
233