← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/tests/test_wsgi.py

Use ChrootTransportDecorator so that the WSGI server won't let you access the entire filesystem.

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/tests/test_wsgi.py
20
20
 
21
21
from bzrlib import tests
22
22
from bzrlib.transport.http import wsgi
23
 
from bzrlib.transport import memory
 
23
from bzrlib.transport import chroot, memory
24
24
 
25
25
 
26
26
class TestWSGI(tests.TestCase):
69
69
        self.headers = headers
70
70
 
71
71
    def test_construct(self):
72
 
        wsgi.SmartWSGIApp(None)
 
72
        app = wsgi.SmartWSGIApp(FakeTransport())
 
73
        self.assertIsInstance(
 
74
            app.backing_transport, chroot.ChrootTransportDecorator)
73
75
 
74
76
    def test_http_get_rejected(self):
75
77
        # GET requests are rejected.
76
 
        app = wsgi.SmartWSGIApp(None)
 
78
        app = wsgi.SmartWSGIApp(FakeTransport())
77
79
        environ = self.build_environ({'REQUEST_METHOD': 'GET'})
78
80
        iterable = app(environ, self.start_response)
79
81
        self.read_response(iterable)
198
200
        self.assertEqual('200 OK', self.status)
199
201
        self.assertEqual('error\x01incomplete request\n', response)
200
202
 
 
203
    def test_chrooting(self):
 
204
        # Show that requests that try to access things outside of the base
 
205
        # really will get intercepted by the ChrootTransportDecorator.
 
206
        transport = memory.MemoryTransport()
 
207
        transport.mkdir('foo')
 
208
        transport.put_bytes('foo/bar', 'this is foo/bar')
 
209
        wsgi_app = wsgi.SmartWSGIApp(transport.clone('foo'))
 
210
 
 
211
        smart_request = StringIO('mkdir\x01/bad file\x01\n0\ndone\n')
 
212
        environ = self.build_environ({
 
213
            'REQUEST_METHOD': 'POST',
 
214
            'CONTENT_LENGTH': len(smart_request.getvalue()),
 
215
            'wsgi.input': smart_request,
 
216
            'bzrlib.relpath': '.',
 
217
        })
 
218
        iterable = wsgi_app(environ, self.start_response)
 
219
        response = self.read_response(iterable)
 
220
        self.assertEqual('200 OK', self.status)
 
221
        self.assertEqual(
 
222
            "error\x01Path '/bad file' is not a child of "
 
223
            "path 'memory:///foo/'\n",
 
224
            response)
 
225
 
201
226
 
202
227
class FakeRequest(object):
203
228
    
218
243
 
219
244
    def __init__(self):
220
245
        self.calls = []
 
246
        self.base = 'fake:///'
 
247
 
 
248
    def abspath(self, relpath):
 
249
        return 'fake:///' + relpath
221
250
 
222
251
    def clone(self, relpath):
223
252
        self.calls.append(('clone', relpath))