Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 06:40:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

pattern filters: don't allow files in hidden dirs

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2022-01-15 19:06:02 +01:00
parent c3831de94e
commit a6ed6fc721
2 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
common/protocol_test.go
View File

@@ -496,15 +496,19 @@ func TestHiddenPatternFilter(t *testing.T) {
assert.NoError(t, err)
dirName := "beta"
subDirName := "testDir"
testFile := filepath.Join(u.GetHomeDir(), deniedDir, "file.txt")
testFile1 := filepath.Join(u.GetHomeDir(), deniedDir, "beta.txt")
testHiddenFile := filepath.Join(u.GetHomeDir(), deniedDir, dirName, subDirName, "hidden.jpg")
err = os.MkdirAll(filepath.Join(u.GetHomeDir(), deniedDir), os.ModePerm)
assert.NoError(t, err)
err = os.WriteFile(testFile, testFileContent, os.ModePerm)
assert.NoError(t, err)
err = os.WriteFile(testFile1, testFileContent, os.ModePerm)
assert.NoError(t, err)
err = os.MkdirAll(filepath.Join(u.GetHomeDir(), deniedDir, dirName), os.ModePerm)
err = os.MkdirAll(filepath.Join(u.GetHomeDir(), deniedDir, dirName, subDirName), os.ModePerm)
assert.NoError(t, err)
err = os.WriteFile(testHiddenFile, testFileContent, os.ModePerm)
assert.NoError(t, err)
conn, client, err := getSftpClient(user)
@@ -529,6 +533,10 @@ func TestHiddenPatternFilter(t *testing.T) {
assert.ErrorIs(t, err, os.ErrPermission)
err = writeSFTPFile(path.Join(deniedDir, "afile.txt"), 1024, client)
assert.ErrorIs(t, err, os.ErrPermission)
err = writeSFTPFile(path.Join(deniedDir, dirName, subDirName, "afile.jpg"), 1024, client)
assert.ErrorIs(t, err, os.ErrPermission)
_, err = client.Open(path.Join(deniedDir, dirName, subDirName, filepath.Base(testHiddenFile)))
assert.ErrorIs(t, err, os.ErrNotExist)
err = client.Symlink(path.Join(deniedDir, dirName), dirName)
assert.ErrorIs(t, err, os.ErrNotExist)
err = writeSFTPFile(path.Join(deniedDir, testFileName), 1024, client)
@@ -568,6 +576,12 @@ func TestHiddenPatternFilter(t *testing.T) {
assert.ErrorIs(t, err, os.ErrPermission)
err = client.Symlink(path.Join(deniedDir, testFileName), path.Join(deniedDir, "link.txt"))
assert.ErrorIs(t, err, os.ErrPermission)
err = writeSFTPFile(path.Join(deniedDir, dirName, subDirName, "afile.jpg"), 1024, client)
assert.NoError(t, err)
f, err := client.Open(path.Join(deniedDir, dirName, subDirName, filepath.Base(testHiddenFile)))
assert.NoError(t, err)
err = f.Close()
assert.NoError(t, err)
}
_, err = httpdtest.RemoveUser(user, http.StatusOK)