diff options
| author | ben <ben@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2002-07-16 05:16:42 +0000 |
|---|---|---|
| committer | ben <ben@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2002-07-16 05:16:42 +0000 |
| commit | 4c8440ee71ba819c7327913870a615186ef8d386 (patch) | |
| tree | 5d4d811680e1b3fd0a3393de3d49eb9cae116481 /rdiff-backup/testing/securitytest.py | |
| parent | 6efc3610e37994c38a70cf32266e1e495035fbd3 (diff) | |
| download | rdiff-backup-4c8440ee71ba819c7327913870a615186ef8d386.tar.gz | |
Various changes to 0.9.3, see CHANGELOG
git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/trunk@157 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
Diffstat (limited to 'rdiff-backup/testing/securitytest.py')
| -rw-r--r-- | rdiff-backup/testing/securitytest.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/rdiff-backup/testing/securitytest.py b/rdiff-backup/testing/securitytest.py new file mode 100644 index 0000000..689544d --- /dev/null +++ b/rdiff-backup/testing/securitytest.py @@ -0,0 +1,60 @@ +import os, unittest +from commontest import * +import rdiff_backup.Security, Security + +#Log.setverbosity(5) + +class SecurityTest(unittest.TestCase): + def assert_exc_sec(self, exc): + """Fudge - make sure exception is a security violation + + This is necessary because of some kind of pickling/module + problem. + + """ + assert isinstance(exc, rdiff_backup.Security.Violation) + #assert str(exc).find("Security") >= 0, "%s\n%s" % (exc, repr(exc)) + + def test_vet_request_ro(self): + """Test vetting of ConnectionRequests on read-only server""" + remote_cmd = "rdiff-backup --server --restrict-read-only foo" + conn = SetConnections.init_connection(remote_cmd) + assert type(conn.os.getuid()) is type(5) + try: conn.os.remove("/tmp/foobar") + except Exception, e: self.assert_exc_sec(e) + else: assert 0, "No exception raised" + SetConnections.CloseConnections() + + def test_vet_request_minimal(self): + """Test vetting of ConnectionRequests on minimal server""" + remote_cmd = "rdiff-backup --server --restrict-update-only foo" + conn = SetConnections.init_connection(remote_cmd) + assert type(conn.os.getuid()) is type(5) + try: conn.os.remove("/tmp/foobar") + except Exception, e: self.assert_exc_sec(e) + else: assert 0, "No exception raised" + SetConnections.CloseConnections() + + def test_vet_rpath(self): + """Test to make sure rpaths not in restricted path will be rejected""" + remote_cmd = "rdiff-backup --server --restrict-update-only foo" + conn = SetConnections.init_connection(remote_cmd) + + for rp in [RPath(Globals.local_connection, "blahblah"), + RPath(conn, "foo/bar")]: + conn.Globals.set("TEST_var", rp) + assert conn.Globals.get("TEST_var").path == rp.path + + for rp in [RPath(conn, "foobar"), + RPath(conn, "/usr/local"), + RPath(conn, "foo/../bar")]: + try: conn.Globals.set("TEST_var", rp) + except Exception, e: + self.assert_exc_sec(e) + continue + assert 0, "No violation raised by rp %s" % (rp,) + + SetConnections.CloseConnections() + +if __name__ == "__main__": unittest.main() + |