Fix tests about images paths security

2025-01-27 00:11:07 +00:00 · 2015-11-10 15:21:10 +01:00 · 2015-11-10 15:21:10 +01:00 · caade47e16
commit caade47e16
parent 390c88d7cd
5 changed files with 33 additions and 31 deletions
--- a/gns3server/modules/base_manager.py
+++ b/gns3server/modules/base_manager.py
@ -417,9 +417,9 @@ class BaseManager:
        else:
            # For non local server we disallow using absolute path outside image directory
            if Config.instance().get_section_config("Server").get("local", False) is False:
-                img_directory = self.config.get_section_config("Server").get("images_path", "~/GNS3/images")
+                img_directory = self.config.get_section_config("Server").get("images_path", os.path.expanduser("~/GNS3/images"))
                if len(os.path.commonprefix([img_directory, path])) < len(img_directory):
-                    raise VMError("%s is not allowed on this remote server. Please use only the image filename.".format(path))
+                    raise VMError("{} is not allowed on this remote server. Please use only a filename in {}.".format(path, img_directory))
        return force_unix_path(path)
--- a/tests/handlers/api/test_iou.py
+++ b/tests/handlers/api/test_iou.py
@ -42,7 +42,7 @@ def fake_iou_bin(tmpdir):
@pytest.fixture
 def base_params(tmpdir, fake_iou_bin):
    """Return standard parameters"""
-    return {"name": "PC TEST 1", "path": fake_iou_bin}
+    return {"name": "PC TEST 1", "path": "iou.bin"}
@pytest.fixture
--- a/tests/handlers/api/test_qemu.py
+++ b/tests/handlers/api/test_qemu.py
@ -82,7 +82,7 @@ def test_qemu_create_platform(server, project, base_params, fake_qemu_bin):
 def test_qemu_create_with_params(server, project, base_params, fake_qemu_vm):
    params = base_params
    params["ram"] = 1024
-    params["hda_disk_image"] = fake_qemu_vm
+    params["hda_disk_image"] = "linux.img"
    response = server.post("/projects/{project_id}/qemu/vms".format(project_id=project.id), params, example=True)
    assert response.status == 201
@ -90,7 +90,7 @@ def test_qemu_create_with_params(server, project, base_params, fake_qemu_vm):
    assert response.json["name"] == "PC TEST 1"
    assert response.json["project_id"] == project.id
    assert response.json["ram"] == 1024
-    assert response.json["hda_disk_image"] == fake_qemu_vm
+    assert response.json["hda_disk_image"] == "linux.img"
 def test_qemu_get(server, project, vm):
@ -149,13 +149,13 @@ def test_qemu_update(server, vm, tmpdir, free_console_port, project, fake_qemu_v
        "name": "test",
        "console": free_console_port,
        "ram": 1024,
-        "hdb_disk_image": fake_qemu_vm
+        "hdb_disk_image": "linux.img"
    }
    response = server.put("/projects/{project_id}/qemu/vms/{vm_id}".format(project_id=vm["project_id"], vm_id=vm["vm_id"]), params, example=True)
    assert response.status == 200
    assert response.json["name"] == "test"
    assert response.json["console"] == free_console_port
-    assert response.json["hdb_disk_image"] == fake_qemu_vm
+    assert response.json["hdb_disk_image"] == "linux.img"
    assert response.json["ram"] == 1024
--- a/tests/modules/iou/test_iou_vm.py
+++ b/tests/modules/iou/test_iou_vm.py
@ -58,7 +58,7 @@ def vm(project, manager, tmpdir, fake_iou_bin, iourc_file):
    config["iourc_path"] = iourc_file
    manager.config.set_section_config("IOU", config)
-    vm.path = fake_iou_bin
+    vm.path = "iou.bin"
    return vm
@ -101,7 +101,7 @@ def test_vm_startup_config_content(project, manager):
 def test_vm_invalid_iouyap_path(project, manager, loop, fake_iou_bin):
    with pytest.raises(IOUError):
        vm = IOUVM("test", "00010203-0405-0607-0809-0a0b0c0d0e0e", project, manager)
-        vm.path = fake_iou_bin
+        vm.path = "iou.bin"
        loop.run_until_complete(asyncio.async(vm.start()))
@ -207,9 +207,9 @@ def test_close(vm, port_manager, loop):
 def test_path(vm, fake_iou_bin):
-
+    with patch("gns3server.config.Config.get_section_config", return_value={"local": True}):
-    vm.path = fake_iou_bin
+        vm.path = fake_iou_bin
-    assert vm.path == fake_iou_bin
+        assert vm.path == fake_iou_bin
 def test_path_12_location(vm, fake_iou_bin):
@ -217,8 +217,9 @@ def test_path_12_location(vm, fake_iou_bin):
    # In 1.2 users uploaded images to the images roots
    # after the migration their images are inside images/IOU
    # but old topologies use old path
-    vm.path = fake_iou_bin.replace("/IOU", "")
+    with patch("gns3server.config.Config.get_section_config", return_value={"local": True}):
-    assert vm.path == fake_iou_bin
+        vm.path = fake_iou_bin.replace("/IOU", "")
        assert vm.path == fake_iou_bin
 def test_path_relative(vm, fake_iou_bin, tmpdir):
@ -231,17 +232,18 @@ def test_path_relative(vm, fake_iou_bin, tmpdir):
 def test_path_invalid_bin(vm, tmpdir):
-    path = str(tmpdir / "test.bin")
+    with patch("gns3server.config.Config.get_section_config", return_value={"local": True}):
-    with pytest.raises(IOUError):
+        path = str(tmpdir / "test.bin")
-        vm.path = path
+        with pytest.raises(IOUError):
-        vm._check_requirements()
+            vm.path = path
            vm._check_requirements()
-    with open(path, "w+") as f:
+        with open(path, "w+") as f:
-        f.write("BUG")
+            f.write("BUG")
-    with pytest.raises(IOUError):
+        with pytest.raises(IOUError):
-        vm.path = path
+            vm.path = path
-        vm._check_requirements()
+            vm._check_requirements()
 def test_create_netmap_config(vm):
--- a/tests/modules/qemu/test_qemu_vm.py
+++ b/tests/modules/qemu/test_qemu_vm.py
@ -387,8 +387,8 @@ def test_hda_disk_image(vm, tmpdir):
    vm.manager.config.set("Server", "images_path", str(tmpdir))
-    vm.hda_disk_image = "/tmp/test"
+    vm.hda_disk_image = str(tmpdir / "test")
-    assert vm.hda_disk_image == "/tmp/test"
+    assert vm.hda_disk_image == str(tmpdir / "test")
    vm.hda_disk_image = "test"
    assert vm.hda_disk_image == str(tmpdir / "QEMU" / "test")
@ -405,8 +405,8 @@ def test_hdb_disk_image(vm, tmpdir):
    vm.manager.config.set("Server", "images_path", str(tmpdir))
-    vm.hdb_disk_image = "/tmp/test"
+    vm.hdb_disk_image = str(tmpdir / "test")
-    assert vm.hdb_disk_image == "/tmp/test"
+    assert vm.hdb_disk_image == str(tmpdir / "test")
    vm.hdb_disk_image = "test"
    assert vm.hdb_disk_image == str(tmpdir / "QEMU" / "test")
@ -415,8 +415,8 @@ def test_hdc_disk_image(vm, tmpdir):
    vm.manager.config.set("Server", "images_path", str(tmpdir))
-    vm.hdc_disk_image = "/tmp/test"
+    vm.hdc_disk_image = str(tmpdir / "test")
-    assert vm.hdc_disk_image == "/tmp/test"
+    assert vm.hdc_disk_image == str(tmpdir / "test")
    vm.hdc_disk_image = "test"
    assert vm.hdc_disk_image == str(tmpdir / "QEMU" / "test")
@ -425,8 +425,8 @@ def test_hdd_disk_image(vm, tmpdir):
    vm.manager.config.set("Server", "images_path", str(tmpdir))
-    vm.hdd_disk_image = "/tmp/test"
+    vm.hdd_disk_image = str(tmpdir / "test")
-    assert vm.hdd_disk_image == "/tmp/test"
+    assert vm.hdd_disk_image == str(tmpdir / "test")
    vm.hdd_disk_image = "test"
    assert vm.hdd_disk_image == str(tmpdir / "QEMU" / "test")