Commit 1781cc26 authored by Thomas Lotze's avatar Thomas Lotze

Fixed bug in blob filesystem helper: the check was inversed.

parent 9f64b841
......@@ -35,6 +35,8 @@ New Features
Bugs Fixed
----------
- Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
- Fixed bug in transaction buffer: a tuple was unpacked incorrectly in
`clear`.
......
......@@ -310,7 +310,7 @@ class FilesystemHelper:
def isSecure(self, path):
"""Ensure that (POSIX) path mode bits are 0700."""
return (os.stat(path).st_mode & 077) != 0
return (os.stat(path).st_mode & 077) == 0
def checkSecure(self):
if not self.isSecure(self.base_dir):
......
......@@ -389,6 +389,60 @@ def packing_with_uncommitted_data_undoing():
"""
def secure_blob_directory():
"""
This is a test for secure creation and verification of secure settings of
blob directories.
>>> from ZODB.FileStorage.FileStorage import FileStorage
>>> from ZODB.blob import BlobStorage
>>> from tempfile import mkdtemp
>>> import os.path
>>> working_directory = mkdtemp()
>>> base_storage = FileStorage(os.path.join(working_directory, 'Data.fs'))
>>> blob_storage = BlobStorage(os.path.join(working_directory, 'blobs'),
... base_storage)
Two directories are created:
>>> blob_dir = os.path.join(working_directory, 'blobs')
>>> os.path.isdir(blob_dir)
True
>>> tmp_dir = os.path.join(blob_dir, 'tmp')
>>> os.path.isdir(tmp_dir)
True
They are only accessible by the owner:
>>> oct(os.stat(blob_dir).st_mode)
'040700'
>>> oct(os.stat(tmp_dir).st_mode)
'040700'
These settings are recognized as secure:
>>> blob_storage.fshelper.isSecure(blob_dir)
True
>>> blob_storage.fshelper.isSecure(tmp_dir)
True
After making the permissions of tmp_dir more liberal, the directory is
recognized as insecure:
>>> os.chmod(tmp_dir, 040711)
>>> blob_storage.fshelper.isSecure(tmp_dir)
False
Clean up:
>>> blob_storage.close()
>>> import shutil
>>> shutil.rmtree(working_directory)
"""
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(ZODBBlobConfigTest))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment