xref: /unit/test/test_static_chroot.py (revision 2144:b14caaedca5e)
11902Szelenkov@nginx.comimport os
21902Szelenkov@nginx.comfrom pathlib import Path
31902Szelenkov@nginx.com
41902Szelenkov@nginx.comimport pytest
51902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
61902Szelenkov@nginx.com
71902Szelenkov@nginx.com
81902Szelenkov@nginx.comclass TestStaticChroot(TestApplicationProto):
91902Szelenkov@nginx.com    prerequisites = {'features': ['chroot']}
101902Szelenkov@nginx.com
111902Szelenkov@nginx.com    @pytest.fixture(autouse=True)
121902Szelenkov@nginx.com    def setup_method_fixture(self, temp_dir):
131902Szelenkov@nginx.com        os.makedirs(temp_dir + '/assets/dir')
141902Szelenkov@nginx.com        Path(temp_dir + '/assets/index.html').write_text('0123456789')
151902Szelenkov@nginx.com        Path(temp_dir + '/assets/dir/file').write_text('blah')
161902Szelenkov@nginx.com
17*2144Szelenkov@nginx.com        self.test_path = '/' + os.path.relpath(Path(__file__))
181902Szelenkov@nginx.com
191902Szelenkov@nginx.com        self._load_conf(
201902Szelenkov@nginx.com            {
211902Szelenkov@nginx.com                "listeners": {"*:7080": {"pass": "routes"}},
221960Sz.hong@f5.com                "routes": [{"action": {"share": temp_dir + "/assets$uri"}}],
231902Szelenkov@nginx.com            }
241902Szelenkov@nginx.com        )
251902Szelenkov@nginx.com
261966Szelenkov@nginx.com    def update_action(self, share, chroot):
271966Szelenkov@nginx.com        return self.conf(
282073Szelenkov@nginx.com            {"share": share, "chroot": chroot},
292073Szelenkov@nginx.com            'routes/0/action',
301966Szelenkov@nginx.com        )
311966Szelenkov@nginx.com
321966Szelenkov@nginx.com    def get_custom(self, uri, host):
332073Szelenkov@nginx.com        return self.get(url=uri, headers={'Host': host, 'Connection': 'close'})[
342073Szelenkov@nginx.com            'status'
352073Szelenkov@nginx.com        ]
361966Szelenkov@nginx.com
371902Szelenkov@nginx.com    def test_static_chroot(self, temp_dir):
381902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'default chroot'
391902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 200, 'default chroot 2'
401902Szelenkov@nginx.com
41*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
42*2144Szelenkov@nginx.com            temp_dir + "/assets$uri", temp_dir + "/assets/dir"
43*2144Szelenkov@nginx.com        )
441902Szelenkov@nginx.com
451902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
461902Szelenkov@nginx.com        assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2'
471902Szelenkov@nginx.com        assert self.get(url='/file')['status'] == 403, 'chroot 403'
481902Szelenkov@nginx.com
491966Szelenkov@nginx.com    def test_share_chroot_array(self, temp_dir):
50*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
51*2144Szelenkov@nginx.com            ["/blah", temp_dir + "/assets$uri"], temp_dir + "/assets/dir"
52*2144Szelenkov@nginx.com        )
531966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'share array'
541966Szelenkov@nginx.com
551966Szelenkov@nginx.com        assert 'success' in self.update_action(
561966Szelenkov@nginx.com            ["/blah", temp_dir + '/assets$uri'], temp_dir + '/assets/$host'
571966Szelenkov@nginx.com        )
581966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200, 'array variable'
591966Szelenkov@nginx.com
60*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
61*2144Szelenkov@nginx.com            ["/blah", "/blah2"], temp_dir + "/assets/dir"
62*2144Szelenkov@nginx.com        )
631966Szelenkov@nginx.com        assert self.get()['status'] != 200, 'share array bad'
641966Szelenkov@nginx.com
651902Szelenkov@nginx.com    def test_static_chroot_permission(self, is_su, temp_dir):
661902Szelenkov@nginx.com        if is_su:
671902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
681902Szelenkov@nginx.com
691902Szelenkov@nginx.com        os.chmod(temp_dir + '/assets/dir', 0o100)
701902Szelenkov@nginx.com
71*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
72*2144Szelenkov@nginx.com            temp_dir + "/assets$uri", temp_dir + "/assets/dir"
731902Szelenkov@nginx.com        ), 'configure chroot'
741902Szelenkov@nginx.com
751902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'chroot'
761902Szelenkov@nginx.com
771902Szelenkov@nginx.com    def test_static_chroot_empty(self, temp_dir):
78*2144Szelenkov@nginx.com        assert 'success' in self.update_action(temp_dir + "/assets$uri", "")
79*2144Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'empty absolute'
801902Szelenkov@nginx.com
81*2144Szelenkov@nginx.com        assert 'success' in self.update_action(".$uri", "")
82*2144Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'empty relative'
831902Szelenkov@nginx.com
841902Szelenkov@nginx.com    def test_static_chroot_relative(self, is_su, temp_dir):
851902Szelenkov@nginx.com        if is_su:
861902Szelenkov@nginx.com            pytest.skip('does\'t work under root')
871902Szelenkov@nginx.com
88*2144Szelenkov@nginx.com        assert 'success' in self.update_action(temp_dir + "/assets$uri", ".")
891902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 403, 'relative chroot'
901902Szelenkov@nginx.com
91*2144Szelenkov@nginx.com        assert 'success' in self.conf({"share": ".$uri"}, 'routes/0/action')
921902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative share'
931902Szelenkov@nginx.com
94*2144Szelenkov@nginx.com        assert 'success' in self.update_action(".$uri", ".")
951902Szelenkov@nginx.com        assert self.get(url=self.test_path)['status'] == 200, 'relative'
961902Szelenkov@nginx.com
971971Szelenkov@nginx.com    def test_static_chroot_variables(self, temp_dir):
981966Szelenkov@nginx.com        assert 'success' in self.update_action(
991966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
1001966Szelenkov@nginx.com        )
1011966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1021966Szelenkov@nginx.com
1031966Szelenkov@nginx.com        assert 'success' in self.update_action(
1041966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/${host}'
1051966Szelenkov@nginx.com        )
1061966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1071966Szelenkov@nginx.com
1081971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_start(self, temp_dir):
1091966Szelenkov@nginx.com        assert 'success' in self.update_action(
1101966Szelenkov@nginx.com            temp_dir + '/assets/dir/$host', '$uri/assets/dir'
1111966Szelenkov@nginx.com        )
1121966Szelenkov@nginx.com        assert self.get_custom(temp_dir, 'file') == 200
1131966Szelenkov@nginx.com
1141971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_mid(self, temp_dir):
1151966Szelenkov@nginx.com        assert 'success' in self.update_action(
1161966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/$host/dir'
1171966Szelenkov@nginx.com        )
1181966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'assets') == 200
1191966Szelenkov@nginx.com
1201971Szelenkov@nginx.com    def test_static_chroot_variables_buildin_end(self, temp_dir):
1211966Szelenkov@nginx.com        assert 'success' in self.update_action(
1221966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$host'
1231966Szelenkov@nginx.com        )
1241966Szelenkov@nginx.com        assert self.get_custom('/dir/file', 'dir') == 200
1251966Szelenkov@nginx.com
1261966Szelenkov@nginx.com    def test_static_chroot_slash(self, temp_dir):
127*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
128*2144Szelenkov@nginx.com            temp_dir + "/assets$uri", temp_dir + "/assets/dir/"
129*2144Szelenkov@nginx.com        )
1301966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end'
1311966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end bad'
1321966Szelenkov@nginx.com
133*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
134*2144Szelenkov@nginx.com            temp_dir + "/assets$uri", temp_dir + "/assets/dir"
135*2144Szelenkov@nginx.com        )
1361966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'no slash end'
1371966Szelenkov@nginx.com
138*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
139*2144Szelenkov@nginx.com            temp_dir + "/assets$uri", temp_dir + "/assets/dir/"
140*2144Szelenkov@nginx.com        )
1411966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'slash end 2'
1421966Szelenkov@nginx.com        assert self.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad'
1431966Szelenkov@nginx.com
144*2144Szelenkov@nginx.com        assert 'success' in self.update_action(
145*2144Szelenkov@nginx.com            temp_dir + "///assets/////$uri", temp_dir + "//assets////dir///"
146*2144Szelenkov@nginx.com        )
1471966Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'multiple slashes'
1481966Szelenkov@nginx.com
1491902Szelenkov@nginx.com    def test_static_chroot_invalid(self, temp_dir):
1501902Szelenkov@nginx.com        assert 'error' in self.conf(
1512073Szelenkov@nginx.com            {"share": temp_dir, "chroot": True},
1522073Szelenkov@nginx.com            'routes/0/action',
1531902Szelenkov@nginx.com        ), 'configure chroot error'
1541902Szelenkov@nginx.com        assert 'error' in self.conf(
1552073Szelenkov@nginx.com            {"share": temp_dir, "symlinks": "True"},
1562073Szelenkov@nginx.com            'routes/0/action',
1571902Szelenkov@nginx.com        ), 'configure symlink error'
1581902Szelenkov@nginx.com        assert 'error' in self.conf(
1592073Szelenkov@nginx.com            {"share": temp_dir, "mount": "True"},
1602073Szelenkov@nginx.com            'routes/0/action',
1611902Szelenkov@nginx.com        ), 'configure mount error'
1621966Szelenkov@nginx.com
1631966Szelenkov@nginx.com        assert 'error' in self.update_action(
1641966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/d$r$uri'
1651966Szelenkov@nginx.com        )
1661966Szelenkov@nginx.com        assert 'error' in self.update_action(
1671966Szelenkov@nginx.com            temp_dir + '/assets$uri', temp_dir + '/assets/$$uri'
1681966Szelenkov@nginx.com        )
169