[Zodb-checkins] SVN: ZODB/trunk/src/ Fixed bug in blob filesystem helper: the check was inversed.

Thomas Lotze tl at gocept.com
Tue Jan 29 08:34:38 EST 2008 

Log message for revision 83292:
  Fixed bug in blob filesystem helper: the  check was inversed.

Changed:
  U   ZODB/trunk/src/CHANGES.txt
  U   ZODB/trunk/src/ZODB/blob.py
  U   ZODB/trunk/src/ZODB/tests/testblob.py

-=-
Modified: ZODB/trunk/src/CHANGES.txt
===================================================================
--- ZODB/trunk/src/CHANGES.txt	2008-01-29 12:25:44 UTC (rev 83291)
+++ ZODB/trunk/src/CHANGES.txt	2008-01-29 13:34:38 UTC (rev 83292)
@@ -35,6 +35,8 @@
 Bugs Fixed
 ----------
 
+- Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
+
 - Fixed bug in transaction buffer: a tuple was unpacked incorrectly in
   `clear`.
 

Modified: ZODB/trunk/src/ZODB/blob.py
===================================================================
--- ZODB/trunk/src/ZODB/blob.py	2008-01-29 12:25:44 UTC (rev 83291)
+++ ZODB/trunk/src/ZODB/blob.py	2008-01-29 13:34:38 UTC (rev 83292)
@@ -310,7 +310,7 @@
 
     def isSecure(self, path):
         """Ensure that (POSIX) path mode bits are 0700."""
-        return (os.stat(path).st_mode & 077) != 0
+        return (os.stat(path).st_mode & 077) == 0
 
     def checkSecure(self):
         if not self.isSecure(self.base_dir):

Modified: ZODB/trunk/src/ZODB/tests/testblob.py
===================================================================
--- ZODB/trunk/src/ZODB/tests/testblob.py	2008-01-29 12:25:44 UTC (rev 83291)
+++ ZODB/trunk/src/ZODB/tests/testblob.py	2008-01-29 13:34:38 UTC (rev 83292)
@@ -389,6 +389,60 @@
     """
 
 
+def secure_blob_directory():
+    """
+    This is a test for secure creation and verification of secure settings of
+    blob directories.
+
+    >>> from ZODB.FileStorage.FileStorage import FileStorage
+    >>> from ZODB.blob import BlobStorage
+    >>> from tempfile import mkdtemp
+    >>> import os.path
+
+    >>> working_directory = mkdtemp()
+    >>> base_storage = FileStorage(os.path.join(working_directory, 'Data.fs'))
+    >>> blob_storage = BlobStorage(os.path.join(working_directory, 'blobs'),
+    ...                            base_storage)
+
+    Two directories are created:
+
+    >>> blob_dir = os.path.join(working_directory, 'blobs')
+    >>> os.path.isdir(blob_dir)
+    True
+    >>> tmp_dir = os.path.join(blob_dir, 'tmp')
+    >>> os.path.isdir(tmp_dir)
+    True
+
+    They are only accessible by the owner:
+
+    >>> oct(os.stat(blob_dir).st_mode)
+    '040700'
+    >>> oct(os.stat(tmp_dir).st_mode)
+    '040700'
+
+    These settings are recognized as secure:
+
+    >>> blob_storage.fshelper.isSecure(blob_dir)
+    True
+    >>> blob_storage.fshelper.isSecure(tmp_dir)
+    True
+
+    After making the permissions of tmp_dir more liberal, the directory is
+    recognized as insecure:
+
+    >>> os.chmod(tmp_dir, 040711)
+    >>> blob_storage.fshelper.isSecure(tmp_dir)
+    False
+
+    Clean up:
+
+    >>> blob_storage.close()
+    >>> import shutil
+    >>> shutil.rmtree(working_directory)
+
+    """
+
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest(unittest.makeSuite(ZODBBlobConfigTest))

More information about the Zodb-checkins mailing list