File: test_security_flags.py

package info (click to toggle)
python-libarchive-c 5.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 908 kB
  • sloc: python: 1,552; makefile: 7
file content (36 lines) | stat: -rw-r--r-- 917 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
"""Test security-related extraction flags."""

import pytest
import os

from libarchive import extract_file, file_reader
from libarchive.extract import (
    EXTRACT_SECURE_NOABSOLUTEPATHS, EXTRACT_SECURE_NODOTDOT,
)
from libarchive.exception import ArchiveError
from . import data_dir


def run_test(flags):
    archive_path = os.path.join(data_dir, 'flags.tar')
    try:
        extract_file(archive_path, 0)
        with pytest.raises(ArchiveError):
            extract_file(archive_path, flags)
    finally:
        with file_reader(archive_path) as archive:
            for entry in archive:
                if os.path.exists(entry.pathname):
                    os.remove(entry.pathname)


def test_extraction_is_secure_by_default():
    run_test(None)


def test_explicit_no_dot_dot():
    run_test(EXTRACT_SECURE_NODOTDOT)


def test_explicit_no_absolute_paths():
    run_test(EXTRACT_SECURE_NOABSOLUTEPATHS)