mirror of
https://github.com/TheLocehiliosan/yadm
synced 2024-10-27 20:34:27 +00:00
112 lines
3.9 KiB
Python
112 lines
3.9 KiB
Python
|
"""Test perms"""
|
||
|
|
||
|
import os
|
||
|
import warnings
|
||
|
import pytest
|
||
|
|
||
|
|
||
|
@pytest.mark.parametrize('autoperms', ['notest', 'unset', 'true', 'false'])
|
||
|
@pytest.mark.usefixtures('ds1_copy')
|
||
|
def test_perms(runner, yadm_y, paths, ds1, autoperms):
|
||
|
"""Test perms"""
|
||
|
# set the value of auto-perms
|
||
|
if autoperms != 'notest':
|
||
|
if autoperms != 'unset':
|
||
|
os.system(' '.join(yadm_y('config', 'yadm.auto-perms', autoperms)))
|
||
|
|
||
|
# privatepaths will hold all paths that should become secured
|
||
|
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
|
||
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
||
|
|
||
|
# create an archive file
|
||
|
os.system(f'touch "{str(paths.archive)}"')
|
||
|
privatepaths.append(paths.archive)
|
||
|
|
||
|
# create encrypted file test data
|
||
|
efile1 = paths.work.join('efile1')
|
||
|
efile1.write('efile1')
|
||
|
efile2 = paths.work.join('efile2')
|
||
|
efile2.write('efile2')
|
||
|
paths.encrypt.write('efile1\nefile2\n!efile1\n')
|
||
|
insecurepaths = [efile1]
|
||
|
privatepaths.append(efile2)
|
||
|
|
||
|
# assert these paths begin unsecured
|
||
|
for private in privatepaths + insecurepaths:
|
||
|
assert not oct(private.stat().mode).endswith('00'), (
|
||
|
'Path started secured')
|
||
|
|
||
|
cmd = 'perms'
|
||
|
if autoperms != 'notest':
|
||
|
cmd = 'status'
|
||
|
run = runner(yadm_y(cmd))
|
||
|
assert run.success
|
||
|
assert run.err == ''
|
||
|
if cmd == 'perms':
|
||
|
assert run.out == ''
|
||
|
|
||
|
# these paths should be secured if processing perms
|
||
|
for private in privatepaths:
|
||
|
if '.p2' in private.basename or '.p4' in private.basename:
|
||
|
# Dot files within .ssh/.gnupg are not protected.
|
||
|
# This is a but which must be fixed
|
||
|
warnings.warn('Unhandled bug: private dot files', Warning)
|
||
|
continue
|
||
|
if autoperms == 'false':
|
||
|
assert not oct(private.stat().mode).endswith('00'), (
|
||
|
'Path should not be secured')
|
||
|
else:
|
||
|
assert oct(private.stat().mode).endswith('00'), (
|
||
|
'Path has not been secured')
|
||
|
|
||
|
# these paths should never be secured
|
||
|
for private in insecurepaths:
|
||
|
assert not oct(private.stat().mode).endswith('00'), (
|
||
|
'Path should not be secured')
|
||
|
|
||
|
|
||
|
@pytest.mark.parametrize('sshperms', [None, 'true', 'false'])
|
||
|
@pytest.mark.parametrize('gpgperms', [None, 'true', 'false'])
|
||
|
@pytest.mark.usefixtures('ds1_copy')
|
||
|
def test_perms_control(runner, yadm_y, paths, ds1, sshperms, gpgperms):
|
||
|
"""Test fine control of perms"""
|
||
|
# set the value of ssh-perms
|
||
|
if sshperms:
|
||
|
os.system(' '.join(yadm_y('config', 'yadm.ssh-perms', sshperms)))
|
||
|
|
||
|
# set the value of gpg-perms
|
||
|
if gpgperms:
|
||
|
os.system(' '.join(yadm_y('config', 'yadm.gpg-perms', gpgperms)))
|
||
|
|
||
|
# privatepaths will hold all paths that should become secured
|
||
|
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
|
||
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
||
|
|
||
|
# assert these paths begin unsecured
|
||
|
for private in privatepaths:
|
||
|
assert not oct(private.stat().mode).endswith('00'), (
|
||
|
'Path started secured')
|
||
|
|
||
|
run = runner(yadm_y('perms'))
|
||
|
assert run.success
|
||
|
assert run.err == ''
|
||
|
assert run.out == ''
|
||
|
|
||
|
# these paths should be secured if processing perms
|
||
|
for private in privatepaths:
|
||
|
if '.p2' in private.basename or '.p4' in private.basename:
|
||
|
# Dot files within .ssh/.gnupg are not protected.
|
||
|
# This is a but which must be fixed
|
||
|
warnings.warn('Unhandled bug: private dot files', Warning)
|
||
|
continue
|
||
|
if (
|
||
|
(sshperms == 'false' and 'ssh' in str(private))
|
||
|
or
|
||
|
(gpgperms == 'false' and 'gnupg' in str(private))
|
||
|
):
|
||
|
assert not oct(private.stat().mode).endswith('00'), (
|
||
|
'Path should not be secured')
|
||
|
else:
|
||
|
assert oct(private.stat().mode).endswith('00'), (
|
||
|
'Path has not been secured')
|