Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
ZODB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
ZODB
Commits
5d83256f
Commit
5d83256f
authored
Jan 29, 2008
by
Thomas Lotze
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed bug in blob filesystem helper: the check was inversed.
parent
1861e3d4
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
57 additions
and
1 deletion
+57
-1
src/CHANGES.txt
src/CHANGES.txt
+2
-0
src/ZODB/blob.py
src/ZODB/blob.py
+1
-1
src/ZODB/tests/testblob.py
src/ZODB/tests/testblob.py
+54
-0
No files found.
src/CHANGES.txt
View file @
5d83256f
...
@@ -35,6 +35,8 @@ New Features
...
@@ -35,6 +35,8 @@ New Features
Bugs Fixed
Bugs Fixed
----------
----------
- Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
- Fixed bug in transaction buffer: a tuple was unpacked incorrectly in
- Fixed bug in transaction buffer: a tuple was unpacked incorrectly in
`clear`.
`clear`.
...
...
src/ZODB/blob.py
View file @
5d83256f
...
@@ -310,7 +310,7 @@ class FilesystemHelper:
...
@@ -310,7 +310,7 @@ class FilesystemHelper:
def
isSecure
(
self
,
path
):
def
isSecure
(
self
,
path
):
"""Ensure that (POSIX) path mode bits are 0700."""
"""Ensure that (POSIX) path mode bits are 0700."""
return
(
os
.
stat
(
path
).
st_mode
&
077
)
!
=
0
return
(
os
.
stat
(
path
).
st_mode
&
077
)
=
=
0
def
checkSecure
(
self
):
def
checkSecure
(
self
):
if
not
self
.
isSecure
(
self
.
base_dir
):
if
not
self
.
isSecure
(
self
.
base_dir
):
...
...
src/ZODB/tests/testblob.py
View file @
5d83256f
...
@@ -389,6 +389,60 @@ def packing_with_uncommitted_data_undoing():
...
@@ -389,6 +389,60 @@ def packing_with_uncommitted_data_undoing():
"""
"""
def
secure_blob_directory
():
"""
This is a test for secure creation and verification of secure settings of
blob directories.
>>> from ZODB.FileStorage.FileStorage import FileStorage
>>> from ZODB.blob import BlobStorage
>>> from tempfile import mkdtemp
>>> import os.path
>>> working_directory = mkdtemp()
>>> base_storage = FileStorage(os.path.join(working_directory, 'Data.fs'))
>>> blob_storage = BlobStorage(os.path.join(working_directory, 'blobs'),
... base_storage)
Two directories are created:
>>> blob_dir = os.path.join(working_directory, 'blobs')
>>> os.path.isdir(blob_dir)
True
>>> tmp_dir = os.path.join(blob_dir, 'tmp')
>>> os.path.isdir(tmp_dir)
True
They are only accessible by the owner:
>>> oct(os.stat(blob_dir).st_mode)
'040700'
>>> oct(os.stat(tmp_dir).st_mode)
'040700'
These settings are recognized as secure:
>>> blob_storage.fshelper.isSecure(blob_dir)
True
>>> blob_storage.fshelper.isSecure(tmp_dir)
True
After making the permissions of tmp_dir more liberal, the directory is
recognized as insecure:
>>> os.chmod(tmp_dir, 040711)
>>> blob_storage.fshelper.isSecure(tmp_dir)
False
Clean up:
>>> blob_storage.close()
>>> import shutil
>>> shutil.rmtree(working_directory)
"""
def
test_suite
():
def
test_suite
():
suite
=
unittest
.
TestSuite
()
suite
=
unittest
.
TestSuite
()
suite
.
addTest
(
unittest
.
makeSuite
(
ZODBBlobConfigTest
))
suite
.
addTest
(
unittest
.
makeSuite
(
ZODBBlobConfigTest
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment