Fixed bug in blob filesystem helper: the `isSecure` check was inversed.

(backport from trunk)

Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
(backport from trunk)
600b4696 · Christian Theune · 1fcbcb60 · 600b4696 · 600b4696 · 600b4696
Commit 600b4696 authored Jan 29, 2008 by Christian Theune
Hide whitespace changes
Inline Side-by-side

Showing with 57 additions and 1 deletion

NEWS.txt NEWS.txt +2 -0

src/ZODB/blob.py src/ZODB/blob.py +1 -1

src/ZODB/tests/testblob.py src/ZODB/tests/testblob.py +54 -0

No files found.
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -33,6 +33,8 @@ General
 ZEO
 ---
+- (???) Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
 - (3.8.0b6) Bug #98275: Made ZEO cache more tolerant when invalidating current
  versions of objects.

--- a/src/ZODB/blob.py
+++ b/src/ZODB/blob.py
@@ -310,7 +310,7 @@ class FilesystemHelper:
    def isSecure(self, path):
        """Ensure that (POSIX) path mode bits are 0700."""
-        return (os.stat(path).st_mode & 077) != 0
+        return (os.stat(path).st_mode & 077) == 0
    def checkSecure(self):
        if not self.isSecure(self.base_dir):

--- a/src/ZODB/tests/testblob.py
+++ b/src/ZODB/tests/testblob.py
@@ -389,6 +389,60 @@ def packing_with_uncommitted_data_undoing():
    """
+def secure_blob_directory():
+    """
+    This is a test for secure creation and verification of secure settings of
+    blob directories.
+    >>> from ZODB.FileStorage.FileStorage import FileStorage
+    >>> from ZODB.blob import BlobStorage
+    >>> from tempfile import mkdtemp
+    >>> import os.path
+    >>> working_directory = mkdtemp()
+    >>> base_storage = FileStorage(os.path.join(working_directory, 'Data.fs'))
+    >>> blob_storage = BlobStorage(os.path.join(working_directory, 'blobs'),
+    ...                            base_storage)
+    Two directories are created:
+    >>> blob_dir = os.path.join(working_directory, 'blobs')
+    >>> os.path.isdir(blob_dir)
+    True
+    >>> tmp_dir = os.path.join(blob_dir, 'tmp')
+    >>> os.path.isdir(tmp_dir)
+    True
+    They are only accessible by the owner:
+    >>> oct(os.stat(blob_dir).st_mode)
+    '040700'
+    >>> oct(os.stat(tmp_dir).st_mode)
+    '040700'
+    These settings are recognized as secure:
+    >>> blob_storage.fshelper.isSecure(blob_dir)
+    True
+    >>> blob_storage.fshelper.isSecure(tmp_dir)
+    True
+    After making the permissions of tmp_dir more liberal, the directory is
+    recognized as insecure:
+    >>> os.chmod(tmp_dir, 040711)
+    >>> blob_storage.fshelper.isSecure(tmp_dir)
+    False
+    Clean up:
+    >>> blob_storage.close()
+    >>> import shutil
+    >>> shutil.rmtree(working_directory)
+    """
 def test_suite():
    suite = unittest.TestSuite()
    suite.addTest(unittest.makeSuite(ZODBBlobConfigTest))