-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
testing/fstest: cannot test no permission on folder #50787
Comments
note |
Didn't find that in the docs. But I found a Go tutorial explaining 0000 as no permissions https://schadokar.dev/to-the-point/how-to-read-and-write-a-file-in-golang/ Does this make sense? How do I give equivalent to chmod 0000 or 000? |
CC @bcmills I think? |
(Not really my area, but I've been looking at Looks like the fast-path for files is here: It indeed does not check parent permissions at all, although note that the |
@mknyszek can I help with something else? I am new to Golang, maybe would need some guidance to have a fix PR if that is the case. |
I came across this same issue in the wild. This github issue is marked as "needs investigation", so I wrote up a simple reproducible test case based upon the initial bug report: package x
import (
"io/fs"
"os"
"testing"
"testing/fstest"
)
func TestFileValidPermissionDenied(t *testing.T) {
fakeFS := fstest.MapFS{
"secret-folder": {Mode: 0o200},
"secret-folder/readme.md": {Data: []byte("this content should be unread"), Mode: 0o100},
}
out, err := fs.ReadFile(fakeFS, "secret-folder/readme.md")
if !os.IsPermission(err) {
t.Errorf("Expected a permission error but received %q", err)
}
if string(out) != "" {
t.Errorf("want %q, got %q, %v", "", out, err)
}
} |
@seankhliao @mknyszek @bcmills I'd like to take a swipe at fixing this issue. The Contribution Guide says "NeedsInvestigation: The issue is not fully understood and requires analysis to understand the root cause." The issue here looks like what bcmills noted above: the fstest.MapFS is just a map under the hood and has no explicit checking of the pseudo-file-system's permissions. I think the root of this issue would be fixed if we add a function to verify these permissions, something similar to: func (fsys MapFS) checkPermissions(file *MapFile, requiredPerm fs.FileMode) bool {
// Mock current user ID and group ID (in a real scenario, fetch this from the environment)
currentUID := 1000 // Example: replace with actual user ID
currentGID := 1000 // Example: replace with actual group ID
// Check owner permissions
if file.OwnerUID == currentUID {
return file.Mode&fs.ModePerm&requiredPerm != 0
}
// Check group permissions
if file.OwnerGID == currentGID {
return (file.Mode>>3)&fs.ModePerm&requiredPerm != 0
}
// Check others permissions
return (file.Mode>>6)&fs.ModePerm&requiredPerm != 0
} My bitshifting isn't super great, but I think that gets us an appropriate check. Then it's a matter of wiring it in to the package. Is there any chance I could have someone help me design the solution here and help me get this in? Thanks |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes. Not totally sure if it is related to #46776
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
tested.go
tested_test.go
What did you expect to see?
This test should pass, returning "", and error that permission is denied.
What did you see instead?
It can Stat the file, even with no permission to the folder.
The text was updated successfully, but these errors were encountered: