2011-12-22 22:38:02 +00:00
|
|
|
import os
|
2016-12-01 16:05:08 +00:00
|
|
|
import stat
|
|
|
|
import sys
|
2011-12-22 22:38:02 +00:00
|
|
|
import tempfile
|
2013-07-01 12:22:27 +00:00
|
|
|
import unittest
|
2011-12-22 22:38:02 +00:00
|
|
|
|
2021-01-22 11:23:18 +00:00
|
|
|
from django.core.exceptions import SuspiciousOperation
|
|
|
|
from django.test import SimpleTestCase
|
2019-02-15 23:59:51 +00:00
|
|
|
from django.utils import archive
|
2011-12-22 22:38:02 +00:00
|
|
|
|
|
|
|
|
2019-02-15 23:59:51 +00:00
|
|
|
class TestArchive(unittest.TestCase):
|
2011-12-22 22:38:02 +00:00
|
|
|
|
|
|
|
def setUp(self):
|
2019-02-15 23:59:51 +00:00
|
|
|
self.testdir = os.path.join(os.path.dirname(__file__), 'archives')
|
2011-12-22 22:38:02 +00:00
|
|
|
self.old_cwd = os.getcwd()
|
2019-02-15 23:59:51 +00:00
|
|
|
os.chdir(self.testdir)
|
2011-12-22 22:38:02 +00:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
os.chdir(self.old_cwd)
|
|
|
|
|
|
|
|
def test_extract_function(self):
|
2019-02-15 23:59:51 +00:00
|
|
|
for entry in os.scandir(self.testdir):
|
|
|
|
with self.subTest(entry.name), tempfile.TemporaryDirectory() as tmpdir:
|
|
|
|
archive.extract(entry.path, tmpdir)
|
|
|
|
self.assertTrue(os.path.isfile(os.path.join(tmpdir, '1')))
|
|
|
|
self.assertTrue(os.path.isfile(os.path.join(tmpdir, '2')))
|
|
|
|
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', '1')))
|
|
|
|
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', '2')))
|
|
|
|
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', 'bar', '1')))
|
|
|
|
self.assertTrue(os.path.isfile(os.path.join(tmpdir, 'foo', 'bar', '2')))
|
2014-05-22 12:12:22 +00:00
|
|
|
|
2016-12-01 16:05:08 +00:00
|
|
|
@unittest.skipIf(sys.platform == 'win32', 'Python on Windows has a limited os.chmod().')
|
|
|
|
def test_extract_file_permissions(self):
|
2019-02-15 23:59:51 +00:00
|
|
|
"""archive.extract() preserves file permissions."""
|
|
|
|
mask = stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO
|
|
|
|
umask = os.umask(0)
|
|
|
|
os.umask(umask) # Restore the original umask.
|
|
|
|
for entry in os.scandir(self.testdir):
|
|
|
|
if entry.name.startswith('leadpath_'):
|
|
|
|
continue
|
|
|
|
with self.subTest(entry.name), tempfile.TemporaryDirectory() as tmpdir:
|
|
|
|
archive.extract(entry.path, tmpdir)
|
|
|
|
# An executable file in the archive has executable permissions.
|
|
|
|
filepath = os.path.join(tmpdir, 'executable')
|
|
|
|
self.assertEqual(os.stat(filepath).st_mode & mask, 0o775)
|
|
|
|
# A file is readable even if permission data is missing.
|
|
|
|
filepath = os.path.join(tmpdir, 'no_permissions')
|
2020-06-29 05:51:43 +00:00
|
|
|
self.assertEqual(os.stat(filepath).st_mode & mask, 0o666 & ~umask)
|
2021-01-22 11:23:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
class TestArchiveInvalid(SimpleTestCase):
|
|
|
|
def test_extract_function_traversal(self):
|
|
|
|
archives_dir = os.path.join(os.path.dirname(__file__), 'traversal_archives')
|
|
|
|
tests = [
|
|
|
|
('traversal.tar', '..'),
|
|
|
|
('traversal_absolute.tar', '/tmp/evil.py'),
|
|
|
|
]
|
|
|
|
if sys.platform == 'win32':
|
|
|
|
tests += [
|
|
|
|
('traversal_disk_win.tar', 'd:evil.py'),
|
|
|
|
('traversal_disk_win.zip', 'd:evil.py'),
|
|
|
|
]
|
|
|
|
msg = "Archive contains invalid path: '%s'"
|
|
|
|
for entry, invalid_path in tests:
|
|
|
|
with self.subTest(entry), tempfile.TemporaryDirectory() as tmpdir:
|
|
|
|
with self.assertRaisesMessage(SuspiciousOperation, msg % invalid_path):
|
|
|
|
archive.extract(os.path.join(archives_dir, entry), tmpdir)
|