diff options
| author | cvs2svn <cvs2svn@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2003-11-02 08:13:51 +0000 |
|---|---|---|
| committer | cvs2svn <cvs2svn@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2003-11-02 08:13:51 +0000 |
| commit | 67149c17f515c27b8d3604c1300adf7ada23436d (patch) | |
| tree | 97126ee472675f9fb299cb0dd82772e1daba499a | |
| parent | 8c16d0e2c767afb0d67fdf05a687197e4370f82f (diff) | |
| download | rdiff-backup-r0-12-6.tar.gz | |
This commit was manufactured by cvs2svn to create tag 'r0-12-6'.r0-12-6
git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/tags/r0-12-6@490 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
| -rw-r--r-- | rdiff-backup/testing/securitytest.py | 128 |
1 files changed, 125 insertions, 3 deletions
diff --git a/rdiff-backup/testing/securitytest.py b/rdiff-backup/testing/securitytest.py index 863d36a..1c7bade 100644 --- a/rdiff-backup/testing/securitytest.py +++ b/rdiff-backup/testing/securitytest.py @@ -1,6 +1,6 @@ -import os, unittest +import os, unittest, time from commontest import * -import rdiff_backup.Security +import rdiff_backup.Security as Security #Log.setverbosity(5) @@ -12,7 +12,7 @@ class SecurityTest(unittest.TestCase): problem. """ - assert isinstance(exc, rdiff_backup.Security.Violation) + assert isinstance(exc, Security.Violation) #assert str(exc).find("Security") >= 0, "%s\n%s" % (exc, repr(exc)) def test_vet_request_ro(self): @@ -56,5 +56,127 @@ class SecurityTest(unittest.TestCase): SetConnections.CloseConnections() + def secure_rdiff_backup(self, in_dir, out_dir, in_local, restrict_args, + extra_args = "", success = 1, current_time = None): + """Run rdiff-backup locally, with given restrict settings""" + if not current_time: current_time = int(time.time()) + prefix = ('rdiff-backup --current-time %s ' % (current_time,) + + '--remote-schema %s ') + + if in_local: out_dir = ("'rdiff-backup %s --server'::%s" % + (restrict_args, out_dir)) + else: in_dir = ("'rdiff-backup %s --server'::%s" % + (restrict_args, in_dir)) + + cmdline = "%s %s %s %s" % (prefix, extra_args, in_dir, out_dir) + print "Executing:", cmdline + exit_val = os.system(cmdline) + if success: assert not exit_val + else: assert exit_val, "Success when wanted failure" + + def test_restrict_positive(self): + """Test that --restrict switch doesn't get in the way + + This makes sure that basic backups with the restrict operator + work, (initial backup, incremental, restore). + + """ + Myrm("testfiles/output") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict testfiles/output', + current_time = 10000) + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict testfiles/output') + + Myrm("testfiles/restore_out") + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict testfiles/restore_out', + extra_args = '-r now') + + def test_restrict_negative(self): + """Test that --restrict switch denies certain operations""" + # Backup to wrong directory + Myrm("testfiles/output testfiles/output2") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output2', 1, + '--restrict testfiles/output', + success = 0) + + # Restore to wrong directory + Myrm("testfiles/output testfiles/restore_out") + rdiff_backup(1, 1, 'testfiles/various_file_types', + 'testfiles/output') + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict testfiles/output2', + extra_args = '-r now', + success = 0) + + # Backup from wrong directory + Myrm("testfiles/output") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 0, + '--restrict testfiles/foobar', + success = 0) + + def test_restrict_readonly_positive(self): + """Test that --restrict-read-only switch doesn't impair normal ops""" + Myrm("testfiles/output testfiles/restore_out") + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 0, + '--restrict-read-only testfiles/various_file_types') + + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 0, + '--restrict-read-only testfiles/output', + extra_args = '-r now') + + def test_restrict_readonly_negative(self): + """Test that --restrict-read-only doesn't allow too much""" + # Backup to restricted directory + Myrm('testfiles/output') + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict-read-only testfiles/output', + success = 0) + + # Restore to restricted directory + Myrm('testfiles/output testfiles/restore_out') + rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output') + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict-read-only testfiles/restore_out', + extra_args = '-r now', + success = 0) + + def test_restrict_updateonly_positive(self): + """Test that --restrict-update-only allows intended use""" + Myrm('testfiles/output') + rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output', + current_time = 10000) + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict-update-only testfiles/output') + + def test_restrict_updateonly_negative(self): + """Test that --restrict-update-only impairs unintended""" + Myrm('testfiles/output') + self.secure_rdiff_backup('testfiles/various_file_types', + 'testfiles/output', 1, + '--restrict-update-only testfiles/output', + success = 0) + + Myrm('testfiles/output testfiles/restore_out') + rdiff_backup(1, 1, 'testfiles/various_file_types', 'testfiles/output') + self.secure_rdiff_backup('testfiles/output', + 'testfiles/restore_out', 1, + '--restrict-update-only testfiles/restore_out', + extra_args = '-r now', + success = 0) + + if __name__ == "__main__": unittest.main() |