[bug] can't allow access to "/" (Closes #99)

When user set path to "/", the validation regex would become "//.*". This would then fail to allow the user accessing "/".
ghantoos · May 14, 2015 · 2645042 · 2645042
1 parent e7191fc
commit 2645042
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/lshell/checkconfig.py b/lshell/checkconfig.py
@@ -401,6 +401,8 @@ def get_config_sub(self, section):
                             for path in eval(stuff):
                                 for item in glob.glob(path):
                                     liste[0] += os.path.realpath(item) + '/.*|'
+                            # remove double slashes
+                            liste[0] = liste[0].replace("//","/")
                             self.conf_raw.update({key:str(liste)})
                         elif stuff and type(eval(stuff)) is list:
                             self.conf_raw.update({key:stuff})
@@ -412,6 +414,8 @@ def get_config_sub(self, section):
                     for path in self.myeval(value, 'path'):
                         for item in glob.glob(path):
                             liste[0] += os.path.realpath(item) + '/.*|'
+                    # remove double slashes
+                    liste[0] = liste[0].replace("//","/")
                     self.conf_raw.update({key:str(liste)})
                 else:
                     self.conf_raw.update(dict([item]))

diff --git a/test/test_functional.py b/test/test_functional.py
@@ -217,5 +217,20 @@ def test_17_exitcode_without_separator(self):
         result = self.child.before.split('\n')[1].strip()
         self.assertEqual(expected, result)
 
+    def test_18_allow_slash(self):
+        """ 18 - user should able to allow / access minus some directory (e.g. /var) """
+        self.child = pexpect.spawn('%s/bin/lshell '
+                                   '--config %s/etc/lshell.conf --path "[\'/\'] - [\'/var\']"'
+                                   % (TOPDIR, TOPDIR))
+        self.child.expect('%s:~\$' % self.user)
+
+        expected = "*** forbidden path: /var/"
+        self.child.sendline('cd /')
+        self.child.expect('%s:/\$' % self.user)
+        self.child.sendline('cd var')
+        self.child.expect('%s:/\$' % self.user)
+        result = self.child.before.split('\n')[1].strip()
+        self.assertEqual(expected, result)
+
 if __name__ == '__main__':
     unittest.main()