Skip to content
This repository has been archived by the owner on Jan 5, 2024. It is now read-only.

Commit

Permalink
Rename directory_util > directory, clean up imports
Browse files Browse the repository at this point in the history
  • Loading branch information
@rocodes
rocodes committed Jan 11, 2023
1 parent 5e12476 commit ed6ea1e
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 23 deletions.
4 changes: 2 additions & 2 deletions .semgrep/custom-rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ rules:
languages:
- python
severity: ERROR
message: Possible path traversal or insecure directory and file permissions through os.mkdir(). Use securedrop_export.directory_util.safe_mkdir instead.
message: Possible path traversal or insecure directory and file permissions through os.mkdir(). Use securedrop_export.directory.safe_mkdir instead.
patterns:
- pattern: "....mkdir(...)"
- pattern-not-inside: |
Expand All @@ -58,7 +58,7 @@ rules:
languages:
- python
severity: ERROR
message: Possible path traversal or insecure directory and file permissions through os.makedirs(). Use securedrop_export.directory_util.safe_mkdir instead.
message: Possible path traversal or insecure directory and file permissions through os.makedirs(). Use securedrop_export.directory.safe_mkdir instead.
patterns:
- pattern: "....makedirs(...)"
- pattern-not-inside: |
Expand Down
2 changes: 1 addition & 1 deletion securedrop_export/archive.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
from securedrop_export.exceptions import ExportException
from securedrop_export.status import BaseStatus
from securedrop_export.command import Command
from securedrop_export.directory_util import safe_extractall
from securedrop_export.directory import safe_extractall

logger = logging.getLogger(__name__)

Expand Down
3 changes: 0 additions & 3 deletions securedrop_export/directory.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@
import tarfile
from pathlib import Path
from typing import Optional, Union
import logging

logger = logging.getLogger(__name__)


def safe_mkdir(
Expand Down
2 changes: 1 addition & 1 deletion securedrop_export/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from securedrop_export.archive import Archive, Metadata
from securedrop_export.command import Command
from securedrop_export.status import BaseStatus
from securedrop_export.directory_util import safe_mkdir
from securedrop_export.directory import safe_mkdir
from securedrop_export.exceptions import ExportException

from securedrop_export.disk.service import Service as ExportService
Expand Down
2 changes: 1 addition & 1 deletion tests/print/test_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
import subprocess
from subprocess import CalledProcessError

from securedrop_export.directory_util import safe_mkdir
from securedrop_export.directory import safe_mkdir

from securedrop_export.exceptions import ExportException
from securedrop_export.archive import Archive
Expand Down
28 changes: 13 additions & 15 deletions tests/test_directory_util.py → tests/test_directory.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
import shutil

from pathlib import Path
from securedrop_export import directory_util
from securedrop_export import directory


class TestDirectoryUtil:
class TestDirectory:

_REL_TRAVERSAL = "../../../whee"
_SAFE_RELPATH = "./hi"
Expand All @@ -32,53 +32,51 @@ def teadown_method(self, method):

def test_safe_mkdir_error_base_relpath(self):
with pytest.raises(ValueError):
directory_util.safe_mkdir(base_path=Path("."))
directory.safe_mkdir(base_path=Path("."))

def test_safe_mkdir_error_basepath_path_traversal(self):
with pytest.raises(ValueError):
directory_util.safe_mkdir(f"{self.homedir}{self._REL_TRAVERSAL}")
directory.safe_mkdir(f"{self.homedir}{self._REL_TRAVERSAL}")

def test_safe_mkdir_error_relpath_path_traversal(self):
with pytest.raises(ValueError):
directory_util.safe_mkdir(f"{self.homedir}", f"{self._REL_TRAVERSAL}")
directory.safe_mkdir(f"{self.homedir}", f"{self._REL_TRAVERSAL}")

def test_safe_mkdir_success(self):
directory_util.safe_mkdir(f"{self.homedir}")
directory.safe_mkdir(f"{self.homedir}")

def test_safe_mkdir_success_with_relpath(self):
directory_util.safe_mkdir(f"{self.homedir}", f"{self._SAFE_RELPATH}")
directory.safe_mkdir(f"{self.homedir}", f"{self._SAFE_RELPATH}")

assert os.path.exists(f"{self.homedir}{self._SAFE_RELPATH}")

def test_safe_mkdir_success_another_relpath(self):
directory_util.safe_mkdir(f"{self.homedir}", f"{self._SAFE_RELPATH2}")
directory.safe_mkdir(f"{self.homedir}", f"{self._SAFE_RELPATH2}")

assert os.path.exists(f"{self.homedir}{self._SAFE_RELPATH2}")

def test_safe_mkdir_weird_path(self):
with pytest.raises(ValueError):
directory_util.safe_mkdir(f"{self.homedir}", f"{self._UNSAFE_RELPATH}")
directory.safe_mkdir(f"{self.homedir}", f"{self._UNSAFE_RELPATH}")

def test__check_all_permissions_path_missing(self):
with pytest.raises(ValueError):
directory_util._check_all_permissions(
f"{self.homedir}", f"{self._SAFE_RELPATH}"
)
directory._check_all_permissions(f"{self.homedir}", f"{self._SAFE_RELPATH}")

def test_check_dir_perms_unsafe(self):
path = Path(f"{self.homedir}{self._SAFE_RELPATH}")

directory_util.safe_mkdir(path)
directory.safe_mkdir(path)

# Not what we want, ever
path.chmod(0o666)

with pytest.raises(RuntimeError):
directory_util._check_dir_permissions(path)
directory._check_dir_permissions(path)

def test_check_all_perms_invalid_full_path(self):
path = Path(f"{self.homedir}/idontexist")
base = Path(f"{self.homedir}")

# Returns without error
assert directory_util._check_all_permissions(path, base) is None
assert directory._check_all_permissions(path, base) is None

0 comments on commit ed6ea1e

Please sign in to comment.