xref: /unit/test/test_static_chroot.py (revision 2616:ab2896c980ab)
1import os
2from pathlib import Path
3
4import pytest
5
6from unit.applications.proto import ApplicationProto
7from unit.option import option
8
9prerequisites = {'features': {'chroot': True}}
10
11client = ApplicationProto()
12test_path = f'/{os.path.relpath(Path(__file__))}'
13
14
15@pytest.fixture(autouse=True)
16def setup_method_fixture(temp_dir):
17    Path(f'{temp_dir}/assets/dir').mkdir(parents=True)
18    Path(f'{temp_dir}/assets/index.html').write_text(
19        '0123456789', encoding='utf-8'
20    )
21    Path(f'{temp_dir}/assets/dir/file').write_text('blah', encoding='utf-8')
22
23    assert 'success' in client.conf(
24        {
25            "listeners": {"*:8080": {"pass": "routes"}},
26            "routes": [{"action": {"share": f'{temp_dir}/assets$uri'}}],
27        }
28    )
29
30
31def update_action(chroot, share=f'{option.temp_dir}/assets$uri'):
32    return client.conf(
33        {'chroot': chroot, 'share': share},
34        'routes/0/action',
35    )
36
37
38def get_custom(uri, host):
39    return client.get(url=uri, headers={'Host': host, 'Connection': 'close'})[
40        'status'
41    ]
42
43
44def test_static_chroot(temp_dir):
45    assert client.get(url='/dir/file')['status'] == 200, 'default chroot'
46    assert client.get(url='/index.html')['status'] == 200, 'default chroot 2'
47
48    assert 'success' in update_action(f'{temp_dir}/assets/dir')
49
50    assert client.get(url='/dir/file')['status'] == 200, 'chroot'
51    assert client.get(url='/index.html')['status'] == 403, 'chroot 403 2'
52    assert client.get(url='/file')['status'] == 403, 'chroot 403'
53
54
55def test_share_chroot_array(temp_dir):
56    assert 'success' in update_action(
57        f'{temp_dir}/assets/dir', ["/blah", f'{temp_dir}/assets$uri']
58    )
59    assert client.get(url='/dir/file')['status'] == 200, 'share array'
60
61    assert 'success' in update_action(
62        f'{temp_dir}/assets/$host',
63        ['/blah', f'{temp_dir}/assets$uri'],
64    )
65    assert get_custom('/dir/file', 'dir') == 200, 'array variable'
66
67    assert 'success' in update_action(
68        f'{temp_dir}/assets/dir', ['/blah', '/blah2']
69    )
70    assert client.get()['status'] != 200, 'share array bad'
71
72
73def test_static_chroot_permission(require, temp_dir):
74    require({'privileged_user': False})
75
76    os.chmod(f'{temp_dir}/assets/dir', 0o100)
77
78    assert 'success' in update_action(
79        f'{temp_dir}/assets/dir'
80    ), 'configure chroot'
81
82    assert client.get(url='/dir/file')['status'] == 200, 'chroot'
83
84
85def test_static_chroot_empty():
86    assert 'success' in update_action('')
87    assert client.get(url='/dir/file')['status'] == 200, 'empty absolute'
88
89    assert 'success' in update_action("", ".$uri")
90    assert client.get(url=test_path)['status'] == 200, 'empty relative'
91
92
93def test_static_chroot_relative(require):
94    require({'privileged_user': False})
95
96    assert 'success' in update_action('.')
97    assert client.get(url='/dir/file')['status'] == 403, 'relative chroot'
98
99    assert 'success' in client.conf({"share": ".$uri"}, 'routes/0/action')
100    assert client.get(url=test_path)['status'] == 200, 'relative share'
101
102    assert 'success' in update_action(".", ".$uri")
103    assert client.get(url=test_path)['status'] == 200, 'relative'
104
105
106def test_static_chroot_variables(temp_dir):
107    assert 'success' in update_action(f'{temp_dir}/assets/$host')
108    assert get_custom('/dir/file', 'dir') == 200
109
110    assert 'success' in update_action(f'{temp_dir}/assets/${{host}}')
111    assert get_custom('/dir/file', 'dir') == 200
112
113
114def test_static_chroot_variables_buildin_start(temp_dir):
115    assert 'success' in update_action(
116        '$uri/assets/dir',
117        f'{temp_dir}/assets/dir/$host',
118    )
119    assert get_custom(temp_dir, 'file') == 200
120
121
122def test_static_chroot_variables_buildin_mid(temp_dir):
123    assert 'success' in update_action(f'{temp_dir}/$host/dir')
124    assert get_custom('/dir/file', 'assets') == 200
125
126
127def test_static_chroot_variables_buildin_end(temp_dir):
128    assert 'success' in update_action(f'{temp_dir}/assets/$host')
129    assert get_custom('/dir/file', 'dir') == 200
130
131
132def test_static_chroot_slash(temp_dir):
133    assert 'success' in update_action(f'{temp_dir}/assets/dir/')
134    assert client.get(url='/dir/file')['status'] == 200, 'slash end'
135    assert client.get(url='/dirxfile')['status'] == 403, 'slash end bad'
136
137    assert 'success' in update_action(f'{temp_dir}/assets/dir')
138    assert client.get(url='/dir/file')['status'] == 200, 'no slash end'
139
140    assert 'success' in update_action(f'{temp_dir}/assets/dir/')
141    assert client.get(url='/dir/file')['status'] == 200, 'slash end 2'
142    assert client.get(url='/dirxfile')['status'] == 403, 'slash end 2 bad'
143
144    assert 'success' in update_action(
145        f'{temp_dir}//assets////dir///', f'{temp_dir}///assets/////$uri'
146    )
147    assert client.get(url='/dir/file')['status'] == 200, 'multiple slashes'
148
149
150def test_static_chroot_invalid(temp_dir):
151    assert 'error' in client.conf(
152        {"share": temp_dir, "chroot": True},
153        'routes/0/action',
154    ), 'configure chroot error'
155    assert 'error' in client.conf(
156        {"share": temp_dir, "symlinks": "True"},
157        'routes/0/action',
158    ), 'configure symlink error'
159    assert 'error' in client.conf(
160        {"share": temp_dir, "mount": "True"},
161        'routes/0/action',
162    ), 'configure mount error'
163
164    assert 'error' in update_action(f'{temp_dir}/assets/d$r$uri')
165    assert 'error' in update_action(f'{temp_dir}/assets/$$uri')
166