[Zodb-checkins] SVN: ZODB/branches/3.8/ Fixed bug in blob
filesystem helper: the `isSecure` check was inversed.
Christian Theune
ct at gocept.com
Tue Jan 29 10:07:52 EST 2008
Log message for revision 83298:
Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
(backport from trunk)
Changed:
U ZODB/branches/3.8/NEWS.txt
U ZODB/branches/3.8/src/ZODB/blob.py
U ZODB/branches/3.8/src/ZODB/tests/testblob.py
-=-
Modified: ZODB/branches/3.8/NEWS.txt
===================================================================
--- ZODB/branches/3.8/NEWS.txt 2008-01-29 14:40:06 UTC (rev 83297)
+++ ZODB/branches/3.8/NEWS.txt 2008-01-29 15:07:52 UTC (rev 83298)
@@ -33,6 +33,8 @@
ZEO
---
+- (???) Fixed bug in blob filesystem helper: the `isSecure` check was inversed.
+
- (3.8.0b6) Bug #98275: Made ZEO cache more tolerant when invalidating current
versions of objects.
Modified: ZODB/branches/3.8/src/ZODB/blob.py
===================================================================
--- ZODB/branches/3.8/src/ZODB/blob.py 2008-01-29 14:40:06 UTC (rev 83297)
+++ ZODB/branches/3.8/src/ZODB/blob.py 2008-01-29 15:07:52 UTC (rev 83298)
@@ -310,7 +310,7 @@
def isSecure(self, path):
"""Ensure that (POSIX) path mode bits are 0700."""
- return (os.stat(path).st_mode & 077) != 0
+ return (os.stat(path).st_mode & 077) == 0
def checkSecure(self):
if not self.isSecure(self.base_dir):
Modified: ZODB/branches/3.8/src/ZODB/tests/testblob.py
===================================================================
--- ZODB/branches/3.8/src/ZODB/tests/testblob.py 2008-01-29 14:40:06 UTC (rev 83297)
+++ ZODB/branches/3.8/src/ZODB/tests/testblob.py 2008-01-29 15:07:52 UTC (rev 83298)
@@ -389,6 +389,60 @@
"""
+def secure_blob_directory():
+ """
+ This is a test for secure creation and verification of secure settings of
+ blob directories.
+
+ >>> from ZODB.FileStorage.FileStorage import FileStorage
+ >>> from ZODB.blob import BlobStorage
+ >>> from tempfile import mkdtemp
+ >>> import os.path
+
+ >>> working_directory = mkdtemp()
+ >>> base_storage = FileStorage(os.path.join(working_directory, 'Data.fs'))
+ >>> blob_storage = BlobStorage(os.path.join(working_directory, 'blobs'),
+ ... base_storage)
+
+ Two directories are created:
+
+ >>> blob_dir = os.path.join(working_directory, 'blobs')
+ >>> os.path.isdir(blob_dir)
+ True
+ >>> tmp_dir = os.path.join(blob_dir, 'tmp')
+ >>> os.path.isdir(tmp_dir)
+ True
+
+ They are only accessible by the owner:
+
+ >>> oct(os.stat(blob_dir).st_mode)
+ '040700'
+ >>> oct(os.stat(tmp_dir).st_mode)
+ '040700'
+
+ These settings are recognized as secure:
+
+ >>> blob_storage.fshelper.isSecure(blob_dir)
+ True
+ >>> blob_storage.fshelper.isSecure(tmp_dir)
+ True
+
+ After making the permissions of tmp_dir more liberal, the directory is
+ recognized as insecure:
+
+ >>> os.chmod(tmp_dir, 040711)
+ >>> blob_storage.fshelper.isSecure(tmp_dir)
+ False
+
+ Clean up:
+
+ >>> blob_storage.close()
+ >>> import shutil
+ >>> shutil.rmtree(working_directory)
+
+ """
+
+
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(ZODBBlobConfigTest))
More information about the Zodb-checkins
mailing list