xref: /unit/test/test_static_symlink.py (revision 1902)
1*1902Szelenkov@nginx.comimport os
2*1902Szelenkov@nginx.comfrom pathlib import Path
3*1902Szelenkov@nginx.com
4*1902Szelenkov@nginx.comimport pytest
5*1902Szelenkov@nginx.com
6*1902Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
7*1902Szelenkov@nginx.com
8*1902Szelenkov@nginx.com
9*1902Szelenkov@nginx.comclass TestStaticSymlink(TestApplicationProto):
10*1902Szelenkov@nginx.com    prerequisites = {'features': ['chroot']}
11*1902Szelenkov@nginx.com
12*1902Szelenkov@nginx.com    @pytest.fixture(autouse=True)
13*1902Szelenkov@nginx.com    def setup_method_fixture(self, temp_dir):
14*1902Szelenkov@nginx.com        os.makedirs(temp_dir + '/assets/dir/dir')
15*1902Szelenkov@nginx.com        Path(temp_dir + '/assets/index.html').write_text('0123456789')
16*1902Szelenkov@nginx.com        Path(temp_dir + '/assets/dir/file').write_text('blah')
17*1902Szelenkov@nginx.com
18*1902Szelenkov@nginx.com        self._load_conf(
19*1902Szelenkov@nginx.com            {
20*1902Szelenkov@nginx.com                "listeners": {"*:7080": {"pass": "routes"}},
21*1902Szelenkov@nginx.com                "routes": [{"action": {"share": temp_dir + "/assets"}}],
22*1902Szelenkov@nginx.com            }
23*1902Szelenkov@nginx.com        )
24*1902Szelenkov@nginx.com
25*1902Szelenkov@nginx.com    def test_static_symlink(self, temp_dir, skip_alert):
26*1902Szelenkov@nginx.com        skip_alert(r'opening.*failed')
27*1902Szelenkov@nginx.com
28*1902Szelenkov@nginx.com        os.symlink(temp_dir + '/assets/dir', temp_dir + '/assets/link')
29*1902Szelenkov@nginx.com
30*1902Szelenkov@nginx.com        assert self.get(url='/dir')['status'] == 301, 'dir'
31*1902Szelenkov@nginx.com        assert self.get(url='/dir/file')['status'] == 200, 'file'
32*1902Szelenkov@nginx.com        assert self.get(url='/link')['status'] == 301, 'symlink dir'
33*1902Szelenkov@nginx.com        assert self.get(url='/link/file')['status'] == 200, 'symlink file'
34*1902Szelenkov@nginx.com
35*1902Szelenkov@nginx.com        assert 'success' in self.conf(
36*1902Szelenkov@nginx.com            {"share": temp_dir + "/assets", "follow_symlinks": False},
37*1902Szelenkov@nginx.com            'routes/0/action',
38*1902Szelenkov@nginx.com        ), 'configure symlink disable'
39*1902Szelenkov@nginx.com
40*1902Szelenkov@nginx.com        assert self.get(url='/link/file')['status'] == 403, 'symlink disabled'
41*1902Szelenkov@nginx.com
42*1902Szelenkov@nginx.com        assert 'success' in self.conf(
43*1902Szelenkov@nginx.com            {"share": temp_dir + "/assets", "follow_symlinks": True},
44*1902Szelenkov@nginx.com            'routes/0/action',
45*1902Szelenkov@nginx.com        ), 'configure symlink enable'
46*1902Szelenkov@nginx.com
47*1902Szelenkov@nginx.com        assert self.get(url='/link/file')['status'] == 200, 'symlink enabled'
48*1902Szelenkov@nginx.com
49*1902Szelenkov@nginx.com    def test_static_symlink_two_blocks(self, temp_dir, skip_alert):
50*1902Szelenkov@nginx.com        skip_alert(r'opening.*failed')
51*1902Szelenkov@nginx.com
52*1902Szelenkov@nginx.com        os.symlink(temp_dir + '/assets/dir', temp_dir + '/assets/link')
53*1902Szelenkov@nginx.com
54*1902Szelenkov@nginx.com        assert 'success' in self.conf(
55*1902Szelenkov@nginx.com            [
56*1902Szelenkov@nginx.com                {
57*1902Szelenkov@nginx.com                    "match": {"method": "HEAD"},
58*1902Szelenkov@nginx.com                    "action": {
59*1902Szelenkov@nginx.com                        "share": temp_dir + "/assets",
60*1902Szelenkov@nginx.com                        "follow_symlinks": False,
61*1902Szelenkov@nginx.com                    },
62*1902Szelenkov@nginx.com                },
63*1902Szelenkov@nginx.com                {
64*1902Szelenkov@nginx.com                    "match": {"method": "GET"},
65*1902Szelenkov@nginx.com                    "action": {
66*1902Szelenkov@nginx.com                        "share": temp_dir + "/assets",
67*1902Szelenkov@nginx.com                        "follow_symlinks": True,
68*1902Szelenkov@nginx.com                    },
69*1902Szelenkov@nginx.com                },
70*1902Szelenkov@nginx.com            ],
71*1902Szelenkov@nginx.com            'routes',
72*1902Szelenkov@nginx.com        ), 'configure two options'
73*1902Szelenkov@nginx.com
74*1902Szelenkov@nginx.com        assert self.get(url='/link/file')['status'] == 200, 'block enabled'
75*1902Szelenkov@nginx.com        assert self.head(url='/link/file')['status'] == 403, 'block disabled'
76*1902Szelenkov@nginx.com
77*1902Szelenkov@nginx.com    def test_static_symlink_chroot(self, temp_dir, skip_alert):
78*1902Szelenkov@nginx.com        skip_alert(r'opening.*failed')
79*1902Szelenkov@nginx.com
80*1902Szelenkov@nginx.com        os.symlink(
81*1902Szelenkov@nginx.com            temp_dir + '/assets/dir/file', temp_dir + '/assets/dir/dir/link'
82*1902Szelenkov@nginx.com        )
83*1902Szelenkov@nginx.com
84*1902Szelenkov@nginx.com        assert self.get(url='/dir/dir/link')['status'] == 200, 'default chroot'
85*1902Szelenkov@nginx.com
86*1902Szelenkov@nginx.com        assert 'success' in self.conf(
87*1902Szelenkov@nginx.com            {
88*1902Szelenkov@nginx.com                "share": temp_dir + "/assets",
89*1902Szelenkov@nginx.com                "chroot": temp_dir + "/assets/dir/dir",
90*1902Szelenkov@nginx.com            },
91*1902Szelenkov@nginx.com            'routes/0/action',
92*1902Szelenkov@nginx.com        ), 'configure chroot'
93*1902Szelenkov@nginx.com
94*1902Szelenkov@nginx.com        assert self.get(url='/dir/dir/link')['status'] == 404, 'chroot'
95