X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a734789218122d8ab0d8f766bac4d69c04db91bf..7337b18bf7b6996a7fe4df0aba5356a03bda452d:/services/fuse/tests/test_unmount.py?ds=sidebyside

diff --git a/services/fuse/tests/test_unmount.py b/services/fuse/tests/test_unmount.py
index 716a0e00d7..bf180beb7a 100644
--- a/services/fuse/tests/test_unmount.py
+++ b/services/fuse/tests/test_unmount.py
@@ -1,6 +1,14 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+import arvados_fuse.unmount
 import os
 import subprocess
+import shutil
+import tempfile
 import time
+import unittest
 
 from integration_test import IntegrationTest
 
@@ -85,3 +93,45 @@ class UnmountTest(IntegrationTest):
         self.assertEqual(mounts, self._mounted(mounts))
         subprocess.check_call(['./bin/arv-mount', '--unmount-all', self.tmp])
         self.assertEqual([], self._mounted(mounts))
+
+
+
+class SaferRealpath(unittest.TestCase):
+    def setUp(self):
+        self.tmp = tempfile.mkdtemp()
+
+    def tearDown(self):
+        shutil.rmtree(self.tmp)
+
+    def test_safer_realpath(self):
+        os.mkdir(self.tmp+"/dir")
+        os.mkdir(self.tmp+"/dir/dir2")
+        os.symlink("missing", self.tmp+"/relative-missing")
+        os.symlink("dir", self.tmp+"/./relative-dir")
+        os.symlink("relative-dir", self.tmp+"/relative-indirect")
+        os.symlink(self.tmp+"/dir", self.tmp+"/absolute-dir")
+        os.symlink("./dir/../loop", self.tmp+"/loop")
+        os.symlink(".", self.tmp+"/dir/self")
+        os.symlink("..", self.tmp+"/dir/dir2/parent")
+        os.symlink("../dir3", self.tmp+"/dir/dir2/sibling")
+        os.symlink("../missing/../danger", self.tmp+"/dir/tricky")
+        os.symlink("/proc/1/fd/12345", self.tmp+"/eperm")
+        for (inpath, outpath, ok) in [
+                ("dir/self", "dir", True),
+                ("dir/dir2/parent", "dir", True),
+                ("dir/dir2/sibling", "dir/dir3", False),
+                ("dir", "dir", True),
+                ("relative-dir", "dir", True),
+                ("relative-missing", "missing", False),
+                ("relative-indirect", "dir", True),
+                ("absolute-dir", "dir", True),
+                ("loop", "loop", False),
+                # "missing" doesn't exist, so "missing/.." isn't our
+                # tmpdir; it's important not to contract this to just
+                # "danger".
+                ("dir/tricky", "missing/../danger", False),
+                ("eperm", "/proc/1/fd/12345", False),
+        ]:
+            if not outpath.startswith('/'):
+                outpath = self.tmp + '/' + outpath
+            self.assertEqual((outpath, ok), arvados_fuse.unmount.safer_realpath(self.tmp+"/"+inpath))