Set permissions on JSON files (#2093)

* Set 600 premissions on json files

* Add test

* Fix local tar tests

* Fix tar test in action

* Use pytest fixture for tmp_path in tests

* remove not needed things
This commit is contained in:
Joakim Sørensen 2020-10-05 15:14:09 +02:00 committed by GitHub
parent 8d75583a07
commit f35b6d0b00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 84 additions and 62 deletions

View File

@ -18,6 +18,7 @@ def write_json_file(jsonfile: Path, data: Any) -> None:
"""Write a JSON file."""
try:
jsonfile.write_text(json.dumps(data, indent=2))
jsonfile.chmod(0o600)
except (OSError, ValueError, TypeError) as err:
_LOGGER.error("Can't write %s: %s", jsonfile, err)
raise JsonFileError() from err

View File

@ -1,6 +1,5 @@
"""Testing handling with CoreState."""
from pathlib import Path
from tempfile import TemporaryDirectory
from unittest.mock import patch
import pytest
@ -11,12 +10,10 @@ from supervisor.const import CoreState
@pytest.fixture
def run_dir():
def run_dir(tmp_path):
"""Fixture to inject hassio env."""
with patch(
"supervisor.core.RUN_SUPERVISOR_STATE"
) as mock_run, TemporaryDirectory() as tmp_run:
tmp_state = Path(tmp_run, "supervisor")
with patch("supervisor.core.RUN_SUPERVISOR_STATE") as mock_run:
tmp_state = Path(tmp_path, "supervisor")
mock_run.write_text = tmp_state.write_text
yield tmp_state

20
tests/utils/test_json.py Normal file
View File

@ -0,0 +1,20 @@
"""test json."""
from supervisor.utils.json import write_json_file
def test_file_permissions(tmp_path):
"""Test file permissions."""
tempfile = tmp_path / "test.json"
write_json_file(tempfile, {"test": "data"})
assert tempfile.is_file()
assert oct(tempfile.stat().st_mode)[-3:] == "600"
def test_new_file_permissions(tmp_path):
"""Test file permissions."""
tempfile = tmp_path / "test.json"
tempfile.write_text("test")
assert oct(tempfile.stat().st_mode)[-3:] != "600"
write_json_file(tempfile, {"test": "data"})
assert oct(tempfile.stat().st_mode)[-3:] == "600"

View File

@ -2,7 +2,6 @@
import os
from pathlib import Path, PurePath
import shutil
from tempfile import TemporaryDirectory
import attr
@ -70,72 +69,77 @@ def test_is_exclude_by_filter_bad():
assert _is_excluded_by_filter(path_object, filter_list) is True
def test_create_pure_tar():
def test_create_pure_tar(tmp_path):
"""Test to create a tar file without encryption."""
with TemporaryDirectory() as temp_dir:
temp = Path(temp_dir)
# Prepair test folder
temp_orig = tmp_path.joinpath("orig")
fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data")
shutil.copytree(fixture_data, temp_orig, symlinks=True)
# Prepair test folder
temp_orig = temp.joinpath("orig")
fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data")
shutil.copytree(fixture_data, temp_orig, symlinks=True)
# Create Tarfile
temp_tar = tmp_path.joinpath("backup.tar")
with SecureTarFile(temp_tar, "w") as tar_file:
atomic_contents_add(
tar_file,
temp_orig,
excludes=[],
arcname=".",
)
# Create Tarfile
temp_tar = temp.joinpath("backup.tar")
with SecureTarFile(temp_tar, "w") as tar_file:
atomic_contents_add(
tar_file,
temp_orig,
excludes=[],
arcname=".",
)
assert temp_tar.exists()
assert temp_tar.exists()
# Restore
temp_new = tmp_path.joinpath("new")
with SecureTarFile(temp_tar, "r") as tar_file:
tar_file.extractall(path=temp_new, members=tar_file)
# Restore
temp_new = temp.joinpath("new")
with SecureTarFile(temp_tar, "r") as tar_file:
tar_file.extractall(path=temp_new, members=tar_file)
assert temp_new.is_dir()
assert temp_new.joinpath("test_symlink").is_symlink()
assert temp_new.joinpath("test1").is_dir()
assert temp_new.joinpath("test1/script.sh").is_file()
assert temp_new.is_dir()
assert temp_new.joinpath("test_symlink").is_symlink()
assert temp_new.joinpath("test1").is_dir()
assert temp_new.joinpath("test1/script.sh").is_file()
assert temp_new.joinpath("test1/script.sh").stat().st_mode == 33261
assert temp_new.joinpath("README.md").is_file()
# 775 is correct for local, but in GitHub action it's 755, both is fine
assert oct(temp_new.joinpath("test1/script.sh").stat().st_mode)[-3:] in [
"755",
"775",
]
assert temp_new.joinpath("README.md").is_file()
def test_create_ecrypted_tar():
def test_create_ecrypted_tar(tmp_path):
"""Test to create a tar file with encryption."""
with TemporaryDirectory() as temp_dir:
temp = Path(temp_dir)
key = os.urandom(16)
key = os.urandom(16)
# Prepair test folder
temp_orig = temp.joinpath("orig")
fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data")
shutil.copytree(fixture_data, temp_orig, symlinks=True)
# Prepair test folder
temp_orig = tmp_path.joinpath("orig")
fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data")
shutil.copytree(fixture_data, temp_orig, symlinks=True)
# Create Tarfile
temp_tar = temp.joinpath("backup.tar")
with SecureTarFile(temp_tar, "w", key=key) as tar_file:
atomic_contents_add(
tar_file,
temp_orig,
excludes=[],
arcname=".",
)
# Create Tarfile
temp_tar = tmp_path.joinpath("backup.tar")
with SecureTarFile(temp_tar, "w", key=key) as tar_file:
atomic_contents_add(
tar_file,
temp_orig,
excludes=[],
arcname=".",
)
assert temp_tar.exists()
assert temp_tar.exists()
# Restore
temp_new = temp.joinpath("new")
with SecureTarFile(temp_tar, "r", key=key) as tar_file:
tar_file.extractall(path=temp_new, members=tar_file)
# Restore
temp_new = tmp_path.joinpath("new")
with SecureTarFile(temp_tar, "r", key=key) as tar_file:
tar_file.extractall(path=temp_new, members=tar_file)
assert temp_new.is_dir()
assert temp_new.joinpath("test_symlink").is_symlink()
assert temp_new.joinpath("test1").is_dir()
assert temp_new.joinpath("test1/script.sh").is_file()
assert temp_new.joinpath("test1/script.sh").stat().st_mode == 33261
assert temp_new.joinpath("README.md").is_file()
assert temp_new.is_dir()
assert temp_new.joinpath("test_symlink").is_symlink()
assert temp_new.joinpath("test1").is_dir()
assert temp_new.joinpath("test1/script.sh").is_file()
# 775 is correct for local, but in GitHub action it's 755, both is fine
assert oct(temp_new.joinpath("test1/script.sh").stat().st_mode)[-3:] in [
"755",
"775",
]
assert temp_new.joinpath("README.md").is_file()