File: paths_test.go

package info (click to toggle)
golang-github-opencontainers-cgroups 0.0.4-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 844 kB
  • sloc: makefile: 2
file content (104 lines) | stat: -rw-r--r-- 2,646 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
package fs

import (
	"path/filepath"
	"strings"
	"testing"

	"github.com/opencontainers/cgroups"
	"github.com/opencontainers/cgroups/internal/path"
)

func TestInvalidCgroupPath(t *testing.T) {
	if cgroups.IsCgroup2UnifiedMode() {
		t.Skip("cgroup v2 is not supported")
	}

	root, err := rootPath()
	if err != nil {
		t.Fatalf("couldn't get cgroup root: %v", err)
	}

	testCases := []struct {
		test               string
		path, name, parent string
	}{
		{
			test: "invalid cgroup path",
			path: "../../../../../../../../../../some/path",
		},
		{
			test: "invalid absolute cgroup path",
			path: "/../../../../../../../../../../some/path",
		},
		{
			test:   "invalid cgroup parent",
			parent: "../../../../../../../../../../some/path",
			name:   "name",
		},
		{
			test:   "invalid absolute cgroup parent",
			parent: "/../../../../../../../../../../some/path",
			name:   "name",
		},
		{
			test:   "invalid cgroup name",
			parent: "parent",
			name:   "../../../../../../../../../../some/path",
		},
		{
			test:   "invalid absolute cgroup name",
			parent: "parent",
			name:   "/../../../../../../../../../../some/path",
		},
		{
			test:   "invalid cgroup name and parent",
			parent: "../../../../../../../../../../some/path",
			name:   "../../../../../../../../../../some/path",
		},
		{
			test:   "invalid absolute cgroup name and parent",
			parent: "/../../../../../../../../../../some/path",
			name:   "/../../../../../../../../../../some/path",
		},
	}

	for _, tc := range testCases {
		t.Run(tc.test, func(t *testing.T) {
			config := &cgroups.Cgroup{Path: tc.path, Name: tc.name, Parent: tc.parent}

			inner, err := path.Inner(config)
			if err != nil {
				t.Fatalf("couldn't get cgroup data: %v", err)
			}

			// Make sure the final inner path doesn't go outside the cgroup mountpoint.
			if strings.HasPrefix(inner, "..") {
				t.Errorf("SECURITY: cgroup innerPath is outside cgroup mountpoint!")
			}

			// Double-check, using an actual cgroup.
			deviceRoot := filepath.Join(root, "devices")
			devicePath, err := subsysPath(root, inner, "devices")
			if err != nil {
				t.Fatalf("couldn't get cgroup path: %v", err)
			}
			if !strings.HasPrefix(devicePath, deviceRoot) {
				t.Errorf("SECURITY: cgroup path() is outside cgroup mountpoint!")
			}
		})
	}
}

func TestTryDefaultCgroupRoot(t *testing.T) {
	res := tryDefaultCgroupRoot()
	exp := defaultCgroupRoot
	if cgroups.IsCgroup2UnifiedMode() {
		// checking that tryDefaultCgroupRoot does return ""
		// in case /sys/fs/cgroup is not cgroup v1 root dir.
		exp = ""
	}
	if res != exp {
		t.Errorf("tryDefaultCgroupRoot: want %q, got %q", exp, res)
	}
}