throw new IllegalAccessException("Tried to access a symlink - this is not permitted!"); if(!isFileLocatedInDirectory(baseFolder, relativeFile)){ throw new IllegalAccessException("The requested file is not part of the given directory!");
@Test public void testLoadFileFromFileSystem() throws IOException, IllegalAccessException{ String s = "Hello"+System.lineSeparator()+"World"+System.lineSeparator()+"How are you?"; Files.write(f, Arrays.asList(s.split(System.lineSeparator())), StandardCharsets.UTF_8); String result = fileLoader.loadFileFromFileSystem(dir.toString(), f.toString()); Assert.assertEquals(s, result); }
@Test public void testIsFileLocatedInDirectoryInexistentFile() throws IOException { Assert.assertFalse(fileLoader.isFileLocatedInDirectory(dir, Paths.get(dir.toString(), "something"))); }
@Test public void testLoadFileFromFileSystemNotExisting() throws IOException, IllegalAccessException{ String result = fileLoader.loadFileFromFileSystem(dir.toString(), Paths.get(dir.toString(), "something").toString()); Assert.assertNull(result); }
@Test public void testIsFileLocatedInDirectoryWithManipulatedPath() throws IOException { Assert.assertTrue(fileLoader.isFileLocatedInDirectory(dir, Paths.get(dir.toString(), "../foo/test.txt"))); }
@Test public void testLoadFileFromFileSystemEmpty() throws IOException, IllegalAccessException{ String result = fileLoader.loadFileFromFileSystem(dir.toString(), f.toString()); Assert.assertEquals("", result); }
@Test public void testIsFileLocatedInDirectoryParentDirNok() throws IOException { Assert.assertFalse(fileLoader.isFileLocatedInDirectory(dir, Paths.get("../test.txt"))); }
@Test public void testIsFileLocatedInDirectoryHomeAlthoughExistsNok() throws IOException { Path f2 = Paths.get(FileUtils.getTempDirectoryPath(), "test.txt"); try { Files.createFile(f2); } catch (FileAlreadyExistsException e) { //Only thrown on Windows } Assert.assertFalse(fileLoader.isFileLocatedInDirectory(dir, f2)); Files.delete(f2); }
@Test public void testIsFileLocatedInDirectoryHomeNok() throws IOException { Assert.assertFalse(fileLoader.isFileLocatedInDirectory(dir, Paths.get("~/test.txt"))); }
@Test public void testIsFileLocatedInDirectoryAbsoluteNok() throws IOException { Assert.assertFalse(fileLoader.isFileLocatedInDirectory(dir, Paths.get("/test.txt"))); }
@Test public void testIsFileLocatedInDirectory() throws IOException { Assert.assertTrue(fileLoader.isFileLocatedInDirectory(dir, f)); }
@Test public void testIsFileLocatedInDirectorySymbolicLinkNok() throws IOException { //symlinks work only on unix Assume.assumeTrue (isUnix()); Path f2 = Paths.get(FileUtils.getTempDirectoryPath(), "test.txt"); Files.createFile(f2); Path symlink = Paths.get(dir.toString(), "symlink.txt"); //We create a symbolic link inside of the permitted folder pointing to a file outside of the permitted folder. This should be failing. Files.createSymbolicLink(symlink, f2); Assert.assertFalse(fileLoader.isFileLocatedInDirectory(dir, symlink)); Files.delete(symlink); Files.delete(f2); }
@Test public void testIsFileLocatedInDirectorySymbolicLinkOk() throws IOException { //symlinks work only on unix Assume.assumeTrue (isUnix()); Path symlink = Paths.get(dir.toString(), "symlink.txt"); //We create a symbolic link inside of the permitted folder pointing to a file inside of the permitted folder. This should be ok. Files.createSymbolicLink(symlink, f); Assert.assertTrue(fileLoader.isFileLocatedInDirectory(dir, symlink)); Files.delete(symlink); }
@Test public void testIsFileLocatedInDirectorySymbolicLinkFromOutsideOk() throws IOException { //symlinks work only on unix Assume.assumeTrue (isUnix()); Path symlink = Paths.get(FileUtils.getTempDirectoryPath(), "symlink.txt"); //TODO check: is this statement true? I can't think of any harm this could do... //We create a symbolic link outside of the permitted folder pointing to a file inside of the permitted folder. This should be ok as well. Files.createSymbolicLink(symlink, f); Assert.assertTrue(fileLoader.isFileLocatedInDirectory(dir, symlink)); Files.delete(symlink); }