Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
ZODB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
ZODB
Commits
600b4696
Commit
600b4696
authored
Jan 29, 2008
by
Christian Theune
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
(backport from trunk)
parent
1fcbcb60
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
57 additions
and
1 deletion
+57
-1
NEWS.txt
NEWS.txt
+2
-0
src/ZODB/blob.py
src/ZODB/blob.py
+1
-1
src/ZODB/tests/testblob.py
src/ZODB/tests/testblob.py
+54
-0
No files found.
NEWS.txt
View file @
600b4696
...
@@ -33,6 +33,8 @@ General
...
@@ -33,6 +33,8 @@ General
ZEO
ZEO
---
---
- (???) Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
- (3.8.0b6) Bug #98275: Made ZEO cache more tolerant when invalidating current
- (3.8.0b6) Bug #98275: Made ZEO cache more tolerant when invalidating current
versions of objects.
versions of objects.
...
...
src/ZODB/blob.py
View file @
600b4696
...
@@ -310,7 +310,7 @@ class FilesystemHelper:
...
@@ -310,7 +310,7 @@ class FilesystemHelper:
def
isSecure
(
self
,
path
):
def
isSecure
(
self
,
path
):
"""Ensure that (POSIX) path mode bits are 0700."""
"""Ensure that (POSIX) path mode bits are 0700."""
return
(
os
.
stat
(
path
).
st_mode
&
077
)
!
=
0
return
(
os
.
stat
(
path
).
st_mode
&
077
)
=
=
0
def
checkSecure
(
self
):
def
checkSecure
(
self
):
if
not
self
.
isSecure
(
self
.
base_dir
):
if
not
self
.
isSecure
(
self
.
base_dir
):
...
...
src/ZODB/tests/testblob.py
View file @
600b4696
...
@@ -389,6 +389,60 @@ def packing_with_uncommitted_data_undoing():
...
@@ -389,6 +389,60 @@ def packing_with_uncommitted_data_undoing():
"""
"""
def
secure_blob_directory
():
"""
This is a test for secure creation and verification of secure settings of
blob directories.
>>> from ZODB.FileStorage.FileStorage import FileStorage
>>> from ZODB.blob import BlobStorage
>>> from tempfile import mkdtemp
>>> import os.path
>>> working_directory = mkdtemp()
>>> base_storage = FileStorage(os.path.join(working_directory, 'Data.fs'))
>>> blob_storage = BlobStorage(os.path.join(working_directory, 'blobs'),
... base_storage)
Two directories are created:
>>> blob_dir = os.path.join(working_directory, 'blobs')
>>> os.path.isdir(blob_dir)
True
>>> tmp_dir = os.path.join(blob_dir, 'tmp')
>>> os.path.isdir(tmp_dir)
True
They are only accessible by the owner:
>>> oct(os.stat(blob_dir).st_mode)
'040700'
>>> oct(os.stat(tmp_dir).st_mode)
'040700'
These settings are recognized as secure:
>>> blob_storage.fshelper.isSecure(blob_dir)
True
>>> blob_storage.fshelper.isSecure(tmp_dir)
True
After making the permissions of tmp_dir more liberal, the directory is
recognized as insecure:
>>> os.chmod(tmp_dir, 040711)
>>> blob_storage.fshelper.isSecure(tmp_dir)
False
Clean up:
>>> blob_storage.close()
>>> import shutil
>>> shutil.rmtree(working_directory)
"""
def
test_suite
():
def
test_suite
():
suite
=
unittest
.
TestSuite
()
suite
=
unittest
.
TestSuite
()
suite
.
addTest
(
unittest
.
makeSuite
(
ZODBBlobConfigTest
))
suite
.
addTest
(
unittest
.
makeSuite
(
ZODBBlobConfigTest
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment