Skip to content
Permalink
Browse files

service: Allow registering path prefixes with FileService.

e.g. service.register_prefix('/') disables all security checks.
  • Loading branch information
dw committed Dec 12, 2018
1 parent 0b162eb commit f20e0bbac19bdc1c77bb46e97849d0773f528687
Showing with 118 additions and 1 deletion.
  1. +37 −1 mitogen/service.py
  2. +81 −0 tests/file_service_test.py
@@ -756,6 +756,8 @@ def __init__(self, router):
super(FileService, self).__init__(router)
#: Set of registered paths.
self._paths = set()
#: Set of registered directory prefixes.
self._prefixes = set()
#: Mapping of Stream->FileStreamState.
self._state_by_stream = {}

@@ -781,6 +783,22 @@ def register(self, path):
LOG.debug('%r: registering %r', self, path)
self._paths.add(path)

@expose(policy=AllowParents())
@arg_spec({
'path': mitogen.core.FsPathTypes,
})
def register_prefix(self, path):
"""
Authorize a path and any subpaths for access by children. Repeat calls
with the same path has no effect.
:param str path:
File path.
"""
if path not in self._prefixes:
LOG.debug('%r: registering prefix %r', self, path)
self._prefixes.add(path)

def _generate_stat(self, path):
st = os.stat(path)
if not stat.S_ISREG(st.st_mode):
@@ -844,6 +862,24 @@ def _schedule_pending_unlocked(self, state):
fp.close()
state.jobs.pop(0)

def _prefix_is_authorized(self, path):
"""
Return the set of all possible directory prefixes for `path`.
:func:`os.path.abspath` is used to ensure the path is absolute.
:param str path:
The path.
:returns: Set of prefixes.
"""
path = os.path.abspath(path)
while True:
if path in self._prefixes:
return True
if path == '/':
break
path = os.path.dirname(path)
return False

@expose(policy=AllowAny())
@no_reply()
@arg_spec({
@@ -870,7 +906,7 @@ def fetch(self, path, sender, msg):
:raises Error:
Unregistered path, or Sender did not match requestee context.
"""
if path not in self._paths:
if path not in self._paths and not self._prefix_is_authorized(path):
raise Error(self.unregistered_msg)
if msg.src_id != sender.context.context_id:
raise Error(self.context_mismatch_msg)
@@ -0,0 +1,81 @@

import unittest2

import mitogen.service

import testlib


class FetchTest(testlib.RouterMixin, testlib.TestCase):
klass = mitogen.service.FileService

def test_unauthorized(self):
service = self.klass(self.router)
e = self.assertRaises(mitogen.service.Error,
lambda: service.fetch(
path='/etc/shadow',
sender=None,
msg=mitogen.core.Message(),
)
)

self.assertEquals(e.args[0], service.unregistered_msg)

def test_path_authorized(self):
recv = mitogen.core.Receiver(self.router)
service = self.klass(self.router)
service.register('/etc/passwd')
self.assertEquals(None, service.fetch(
path='/etc/passwd',
sender=recv.to_sender(),
msg=mitogen.core.Message(),
))

def test_root_authorized(self):
recv = mitogen.core.Receiver(self.router)
service = self.klass(self.router)
service.register_prefix('/')
self.assertEquals(None, service.fetch(
path='/etc/passwd',
sender=recv.to_sender(),
msg=mitogen.core.Message(),
))

def test_prefix_authorized(self):
recv = mitogen.core.Receiver(self.router)
service = self.klass(self.router)
service.register_prefix('/etc')
self.assertEquals(None, service.fetch(
path='/etc/passwd',
sender=recv.to_sender(),
msg=mitogen.core.Message(),
))

def test_prefix_authorized_abspath_bad(self):
recv = mitogen.core.Receiver(self.router)
service = self.klass(self.router)
service.register_prefix('/etc')
self.assertEquals(None, service.fetch(
path='/etc/foo/bar/../../../passwd',
sender=recv.to_sender(),
msg=mitogen.core.Message(),
))

def test_prefix_authorized_abspath_bad(self):
recv = mitogen.core.Receiver(self.router)
service = self.klass(self.router)
service.register_prefix('/etc')
e = self.assertRaises(mitogen.service.Error,
lambda: service.fetch(
path='/etc/../shadow',
sender=recv.to_sender(),
msg=mitogen.core.Message(),
)
)

self.assertEquals(e.args[0], service.unregistered_msg)



if __name__ == '__main__':
unittest2.main()

0 comments on commit f20e0bb

Please sign in to comment.