From f35b6d0b0081dc38a91f5d54b7332536ce8ce46a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20S=C3=B8rensen?= Date: Mon, 5 Oct 2020 15:14:09 +0200 Subject: [PATCH] Set permissions on JSON files (#2093) * Set 600 premissions on json files * Add test * Fix local tar tests * Fix tar test in action * Use pytest fixture for tmp_path in tests * remove not needed things --- supervisor/utils/json.py | 1 + tests/test_core_state.py | 9 +-- tests/utils/test_json.py | 20 +++++++ tests/utils/test_tarfile.py | 116 +++++++++++++++++++----------------- 4 files changed, 84 insertions(+), 62 deletions(-) create mode 100644 tests/utils/test_json.py diff --git a/supervisor/utils/json.py b/supervisor/utils/json.py index 6f8f00629..704e59e47 100644 --- a/supervisor/utils/json.py +++ b/supervisor/utils/json.py @@ -18,6 +18,7 @@ def write_json_file(jsonfile: Path, data: Any) -> None: """Write a JSON file.""" try: jsonfile.write_text(json.dumps(data, indent=2)) + jsonfile.chmod(0o600) except (OSError, ValueError, TypeError) as err: _LOGGER.error("Can't write %s: %s", jsonfile, err) raise JsonFileError() from err diff --git a/tests/test_core_state.py b/tests/test_core_state.py index d678226a9..98d97232b 100644 --- a/tests/test_core_state.py +++ b/tests/test_core_state.py @@ -1,6 +1,5 @@ """Testing handling with CoreState.""" from pathlib import Path -from tempfile import TemporaryDirectory from unittest.mock import patch import pytest @@ -11,12 +10,10 @@ from supervisor.const import CoreState @pytest.fixture -def run_dir(): +def run_dir(tmp_path): """Fixture to inject hassio env.""" - with patch( - "supervisor.core.RUN_SUPERVISOR_STATE" - ) as mock_run, TemporaryDirectory() as tmp_run: - tmp_state = Path(tmp_run, "supervisor") + with patch("supervisor.core.RUN_SUPERVISOR_STATE") as mock_run: + tmp_state = Path(tmp_path, "supervisor") mock_run.write_text = tmp_state.write_text yield tmp_state diff --git a/tests/utils/test_json.py b/tests/utils/test_json.py new file mode 100644 index 000000000..c2668aa06 --- /dev/null +++ b/tests/utils/test_json.py @@ -0,0 +1,20 @@ +"""test json.""" +from supervisor.utils.json import write_json_file + + +def test_file_permissions(tmp_path): + """Test file permissions.""" + tempfile = tmp_path / "test.json" + write_json_file(tempfile, {"test": "data"}) + assert tempfile.is_file() + assert oct(tempfile.stat().st_mode)[-3:] == "600" + + +def test_new_file_permissions(tmp_path): + """Test file permissions.""" + tempfile = tmp_path / "test.json" + tempfile.write_text("test") + assert oct(tempfile.stat().st_mode)[-3:] != "600" + + write_json_file(tempfile, {"test": "data"}) + assert oct(tempfile.stat().st_mode)[-3:] == "600" diff --git a/tests/utils/test_tarfile.py b/tests/utils/test_tarfile.py index c81386963..aaf5d2151 100644 --- a/tests/utils/test_tarfile.py +++ b/tests/utils/test_tarfile.py @@ -2,7 +2,6 @@ import os from pathlib import Path, PurePath import shutil -from tempfile import TemporaryDirectory import attr @@ -70,72 +69,77 @@ def test_is_exclude_by_filter_bad(): assert _is_excluded_by_filter(path_object, filter_list) is True -def test_create_pure_tar(): +def test_create_pure_tar(tmp_path): """Test to create a tar file without encryption.""" - with TemporaryDirectory() as temp_dir: - temp = Path(temp_dir) + # Prepair test folder + temp_orig = tmp_path.joinpath("orig") + fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data") + shutil.copytree(fixture_data, temp_orig, symlinks=True) - # Prepair test folder - temp_orig = temp.joinpath("orig") - fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data") - shutil.copytree(fixture_data, temp_orig, symlinks=True) + # Create Tarfile + temp_tar = tmp_path.joinpath("backup.tar") + with SecureTarFile(temp_tar, "w") as tar_file: + atomic_contents_add( + tar_file, + temp_orig, + excludes=[], + arcname=".", + ) - # Create Tarfile - temp_tar = temp.joinpath("backup.tar") - with SecureTarFile(temp_tar, "w") as tar_file: - atomic_contents_add( - tar_file, - temp_orig, - excludes=[], - arcname=".", - ) + assert temp_tar.exists() - assert temp_tar.exists() + # Restore + temp_new = tmp_path.joinpath("new") + with SecureTarFile(temp_tar, "r") as tar_file: + tar_file.extractall(path=temp_new, members=tar_file) - # Restore - temp_new = temp.joinpath("new") - with SecureTarFile(temp_tar, "r") as tar_file: - tar_file.extractall(path=temp_new, members=tar_file) + assert temp_new.is_dir() + assert temp_new.joinpath("test_symlink").is_symlink() + assert temp_new.joinpath("test1").is_dir() + assert temp_new.joinpath("test1/script.sh").is_file() - assert temp_new.is_dir() - assert temp_new.joinpath("test_symlink").is_symlink() - assert temp_new.joinpath("test1").is_dir() - assert temp_new.joinpath("test1/script.sh").is_file() - assert temp_new.joinpath("test1/script.sh").stat().st_mode == 33261 - assert temp_new.joinpath("README.md").is_file() + # 775 is correct for local, but in GitHub action it's 755, both is fine + assert oct(temp_new.joinpath("test1/script.sh").stat().st_mode)[-3:] in [ + "755", + "775", + ] + assert temp_new.joinpath("README.md").is_file() -def test_create_ecrypted_tar(): +def test_create_ecrypted_tar(tmp_path): """Test to create a tar file with encryption.""" - with TemporaryDirectory() as temp_dir: - temp = Path(temp_dir) - key = os.urandom(16) + key = os.urandom(16) - # Prepair test folder - temp_orig = temp.joinpath("orig") - fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data") - shutil.copytree(fixture_data, temp_orig, symlinks=True) + # Prepair test folder + temp_orig = tmp_path.joinpath("orig") + fixture_data = Path(__file__).parents[1].joinpath("fixtures/tar_data") + shutil.copytree(fixture_data, temp_orig, symlinks=True) - # Create Tarfile - temp_tar = temp.joinpath("backup.tar") - with SecureTarFile(temp_tar, "w", key=key) as tar_file: - atomic_contents_add( - tar_file, - temp_orig, - excludes=[], - arcname=".", - ) + # Create Tarfile + temp_tar = tmp_path.joinpath("backup.tar") + with SecureTarFile(temp_tar, "w", key=key) as tar_file: + atomic_contents_add( + tar_file, + temp_orig, + excludes=[], + arcname=".", + ) - assert temp_tar.exists() + assert temp_tar.exists() - # Restore - temp_new = temp.joinpath("new") - with SecureTarFile(temp_tar, "r", key=key) as tar_file: - tar_file.extractall(path=temp_new, members=tar_file) + # Restore + temp_new = tmp_path.joinpath("new") + with SecureTarFile(temp_tar, "r", key=key) as tar_file: + tar_file.extractall(path=temp_new, members=tar_file) - assert temp_new.is_dir() - assert temp_new.joinpath("test_symlink").is_symlink() - assert temp_new.joinpath("test1").is_dir() - assert temp_new.joinpath("test1/script.sh").is_file() - assert temp_new.joinpath("test1/script.sh").stat().st_mode == 33261 - assert temp_new.joinpath("README.md").is_file() + assert temp_new.is_dir() + assert temp_new.joinpath("test_symlink").is_symlink() + assert temp_new.joinpath("test1").is_dir() + assert temp_new.joinpath("test1/script.sh").is_file() + + # 775 is correct for local, but in GitHub action it's 755, both is fine + assert oct(temp_new.joinpath("test1/script.sh").stat().st_mode)[-3:] in [ + "755", + "775", + ] + assert temp_new.joinpath("README.md").is_file()