11902Szelenkov@nginx.comimport os 21902Szelenkov@nginx.comfrom pathlib import Path 31902Szelenkov@nginx.com 41902Szelenkov@nginx.comimport pytest 51902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 61902Szelenkov@nginx.com 71902Szelenkov@nginx.com 81902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto): 91902Szelenkov@nginx.com prerequisites = {'features': ['chroot']} 101902Szelenkov@nginx.com 111902Szelenkov@nginx.com @pytest.fixture(autouse=True) 121902Szelenkov@nginx.com def setup_method_fixture(self, temp_dir): 131902Szelenkov@nginx.com os.makedirs(temp_dir + '/assets/dir') 141902Szelenkov@nginx.com Path(temp_dir + '/assets/index.html').write_text('0123456789') 151902Szelenkov@nginx.com Path(temp_dir + '/assets/dir/file').write_text('blah') 161902Szelenkov@nginx.com 17*2144Szelenkov@nginx.com self.test_path = '/' + os.path.relpath(Path(__file__)) 181902Szelenkov@nginx.com 191902Szelenkov@nginx.com self._load_conf( 201902Szelenkov@nginx.com { 211902Szelenkov@nginx.com "listeners": {"*:7080": {"pass": "routes"}}, 221960Sz.hong@f5.com "routes": [{"action": {"share": temp_dir + "/assets$uri"}}], 231902Szelenkov@nginx.com } 241902Szelenkov@nginx.com ) 251902Szelenkov@nginx.com 261966Szelenkov@nginx.com def update_action(self, share, chroot): 271966Szelenkov@nginx.com return self.conf( 282073Szelenkov@nginx.com {"share": share, "chroot": chroot}, 292073Szelenkov@nginx.com 'routes/0/action', 301966Szelenkov@nginx.com ) 311966Szelenkov@nginx.com 321966Szelenkov@nginx.com def get_custom(self, uri, host): 332073Szelenkov@nginx.com return self.get(url=uri, headers={'Host': host, 'Connection': 'close'})[ 342073Szelenkov@nginx.com 'status' 352073Szelenkov@nginx.com ] 361966Szelenkov@nginx.com 371902Szelenkov@nginx.com def test_static_chroot(self, temp_dir): 381902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'default chroot' 391902Szelenkov@nginx.com assert self.get(url='/index.html')['status'] == 200, 'default chroot 2' 401902Szelenkov@nginx.com 41*2144Szelenkov@nginx.com assert 'success' in self.update_action( 42*2144Szelenkov@nginx.com temp_dir + "/assets$uri", temp_dir + "/assets/dir" 43*2144Szelenkov@nginx.com ) 441902Szelenkov@nginx.com 451902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'chroot' 461902Szelenkov@nginx.com assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2' 471902Szelenkov@nginx.com assert self.get(url='/file')['status'] == 403, 'chroot 403' 481902Szelenkov@nginx.com 491966Szelenkov@nginx.com def test_share_chroot_array(self, temp_dir): 50*2144Szelenkov@nginx.com assert 'success' in self.update_action( 51*2144Szelenkov@nginx.com ["/blah", temp_dir + "/assets$uri"], temp_dir + "/assets/dir" 52*2144Szelenkov@nginx.com ) 531966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'share array' 541966Szelenkov@nginx.com 551966Szelenkov@nginx.com assert 'success' in self.update_action( 561966Szelenkov@nginx.com ["/blah", temp_dir + '/assets$uri'], temp_dir + '/assets/$host' 571966Szelenkov@nginx.com ) 581966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200, 'array variable' 591966Szelenkov@nginx.com 60*2144Szelenkov@nginx.com assert 'success' in self.update_action( 61*2144Szelenkov@nginx.com ["/blah", "/blah2"], temp_dir + "/assets/dir" 62*2144Szelenkov@nginx.com ) 631966Szelenkov@nginx.com assert self.get()['status'] != 200, 'share array bad' 641966Szelenkov@nginx.com 651902Szelenkov@nginx.com def test_static_chroot_permission(self, is_su, temp_dir): 661902Szelenkov@nginx.com if is_su: 671902Szelenkov@nginx.com pytest.skip('does\'t work under root') 681902Szelenkov@nginx.com 691902Szelenkov@nginx.com os.chmod(temp_dir + '/assets/dir', 0o100) 701902Szelenkov@nginx.com 71*2144Szelenkov@nginx.com assert 'success' in self.update_action( 72*2144Szelenkov@nginx.com temp_dir + "/assets$uri", temp_dir + "/assets/dir" 731902Szelenkov@nginx.com ), 'configure chroot' 741902Szelenkov@nginx.com 751902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'chroot' 761902Szelenkov@nginx.com 771902Szelenkov@nginx.com def test_static_chroot_empty(self, temp_dir): 78*2144Szelenkov@nginx.com assert 'success' in self.update_action(temp_dir + "/assets$uri", "") 79*2144Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'empty absolute' 801902Szelenkov@nginx.com 81*2144Szelenkov@nginx.com assert 'success' in self.update_action(".$uri", "") 82*2144Szelenkov@nginx.com assert self.get(url=self.test_path)['status'] == 200, 'empty relative' 831902Szelenkov@nginx.com 841902Szelenkov@nginx.com def test_static_chroot_relative(self, is_su, temp_dir): 851902Szelenkov@nginx.com if is_su: 861902Szelenkov@nginx.com pytest.skip('does\'t work under root') 871902Szelenkov@nginx.com 88*2144Szelenkov@nginx.com assert 'success' in self.update_action(temp_dir + "/assets$uri", ".") 891902Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 403, 'relative chroot' 901902Szelenkov@nginx.com 91*2144Szelenkov@nginx.com assert 'success' in self.conf({"share": ".$uri"}, 'routes/0/action') 921902Szelenkov@nginx.com assert self.get(url=self.test_path)['status'] == 200, 'relative share' 931902Szelenkov@nginx.com 94*2144Szelenkov@nginx.com assert 'success' in self.update_action(".$uri", ".") 951902Szelenkov@nginx.com assert self.get(url=self.test_path)['status'] == 200, 'relative' 961902Szelenkov@nginx.com 971971Szelenkov@nginx.com def test_static_chroot_variables(self, temp_dir): 981966Szelenkov@nginx.com assert 'success' in self.update_action( 991966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/$host' 1001966Szelenkov@nginx.com ) 1011966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200 1021966Szelenkov@nginx.com 1031966Szelenkov@nginx.com assert 'success' in self.update_action( 1041966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/${host}' 1051966Szelenkov@nginx.com ) 1061966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200 1071966Szelenkov@nginx.com 1081971Szelenkov@nginx.com def test_static_chroot_variables_buildin_start(self, temp_dir): 1091966Szelenkov@nginx.com assert 'success' in self.update_action( 1101966Szelenkov@nginx.com temp_dir + '/assets/dir/$host', '$uri/assets/dir' 1111966Szelenkov@nginx.com ) 1121966Szelenkov@nginx.com assert self.get_custom(temp_dir, 'file') == 200 1131966Szelenkov@nginx.com 1141971Szelenkov@nginx.com def test_static_chroot_variables_buildin_mid(self, temp_dir): 1151966Szelenkov@nginx.com assert 'success' in self.update_action( 1161966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/$host/dir' 1171966Szelenkov@nginx.com ) 1181966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'assets') == 200 1191966Szelenkov@nginx.com 1201971Szelenkov@nginx.com def test_static_chroot_variables_buildin_end(self, temp_dir): 1211966Szelenkov@nginx.com assert 'success' in self.update_action( 1221966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/$host' 1231966Szelenkov@nginx.com ) 1241966Szelenkov@nginx.com assert self.get_custom('/dir/file', 'dir') == 200 1251966Szelenkov@nginx.com 1261966Szelenkov@nginx.com def test_static_chroot_slash(self, temp_dir): 127*2144Szelenkov@nginx.com assert 'success' in self.update_action( 128*2144Szelenkov@nginx.com temp_dir + "/assets$uri", temp_dir + "/assets/dir/" 129*2144Szelenkov@nginx.com ) 1301966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'slash end' 1311966Szelenkov@nginx.com assert self.get(url='/dirxfile')['status'] == 403, 'slash end bad' 1321966Szelenkov@nginx.com 133*2144Szelenkov@nginx.com assert 'success' in self.update_action( 134*2144Szelenkov@nginx.com temp_dir + "/assets$uri", temp_dir + "/assets/dir" 135*2144Szelenkov@nginx.com ) 1361966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'no slash end' 1371966Szelenkov@nginx.com 138*2144Szelenkov@nginx.com assert 'success' in self.update_action( 139*2144Szelenkov@nginx.com temp_dir + "/assets$uri", temp_dir + "/assets/dir/" 140*2144Szelenkov@nginx.com ) 1411966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'slash end 2' 1421966Szelenkov@nginx.com assert self.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad' 1431966Szelenkov@nginx.com 144*2144Szelenkov@nginx.com assert 'success' in self.update_action( 145*2144Szelenkov@nginx.com temp_dir + "///assets/////$uri", temp_dir + "//assets////dir///" 146*2144Szelenkov@nginx.com ) 1471966Szelenkov@nginx.com assert self.get(url='/dir/file')['status'] == 200, 'multiple slashes' 1481966Szelenkov@nginx.com 1491902Szelenkov@nginx.com def test_static_chroot_invalid(self, temp_dir): 1501902Szelenkov@nginx.com assert 'error' in self.conf( 1512073Szelenkov@nginx.com {"share": temp_dir, "chroot": True}, 1522073Szelenkov@nginx.com 'routes/0/action', 1531902Szelenkov@nginx.com ), 'configure chroot error' 1541902Szelenkov@nginx.com assert 'error' in self.conf( 1552073Szelenkov@nginx.com {"share": temp_dir, "symlinks": "True"}, 1562073Szelenkov@nginx.com 'routes/0/action', 1571902Szelenkov@nginx.com ), 'configure symlink error' 1581902Szelenkov@nginx.com assert 'error' in self.conf( 1592073Szelenkov@nginx.com {"share": temp_dir, "mount": "True"}, 1602073Szelenkov@nginx.com 'routes/0/action', 1611902Szelenkov@nginx.com ), 'configure mount error' 1621966Szelenkov@nginx.com 1631966Szelenkov@nginx.com assert 'error' in self.update_action( 1641966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/d$r$uri' 1651966Szelenkov@nginx.com ) 1661966Szelenkov@nginx.com assert 'error' in self.update_action( 1671966Szelenkov@nginx.com temp_dir + '/assets$uri', temp_dir + '/assets/$$uri' 1681966Szelenkov@nginx.com ) 169