Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(364)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: base/file_util_unittest.cc

Issue 12223014: Add path traversal protection to Move and CopyFile too. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « base/file_util_posix.cc ('k') | base/file_util_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "build/build_config.h" 5 #include "build/build_config.h"
6 6
7 #if defined(OS_WIN) 7 #if defined(OS_WIN)
8 #include <windows.h> 8 #include <windows.h>
9 #include <shellapi.h> 9 #include <shellapi.h>
10 #include <shlobj.h> 10 #include <shlobj.h>
(...skipping 1131 matching lines...) Expand 10 before | Expand all | Expand 10 after
1142 1142
1143 1143
1144 TEST_F(FileUtilTest, MoveNew) { 1144 TEST_F(FileUtilTest, MoveNew) {
1145 // Create a directory 1145 // Create a directory
1146 FilePath dir_name_from = 1146 FilePath dir_name_from =
1147 temp_dir_.path().Append(FILE_PATH_LITERAL("Move_From_Subdir")); 1147 temp_dir_.path().Append(FILE_PATH_LITERAL("Move_From_Subdir"));
1148 file_util::CreateDirectory(dir_name_from); 1148 file_util::CreateDirectory(dir_name_from);
1149 ASSERT_TRUE(file_util::PathExists(dir_name_from)); 1149 ASSERT_TRUE(file_util::PathExists(dir_name_from));
1150 1150
1151 // Create a file under the directory 1151 // Create a file under the directory
1152 FilePath file_name_from = 1152 FilePath txt_file_name(FILE_PATH_LITERAL("Move_Test_File.txt"));
1153 dir_name_from.Append(FILE_PATH_LITERAL("Move_Test_File.txt")); 1153 FilePath file_name_from = dir_name_from.Append(txt_file_name);
1154 CreateTextFile(file_name_from, L"Gooooooooooooooooooooogle"); 1154 CreateTextFile(file_name_from, L"Gooooooooooooooooooooogle");
1155 ASSERT_TRUE(file_util::PathExists(file_name_from)); 1155 ASSERT_TRUE(file_util::PathExists(file_name_from));
1156 1156
1157 // Move the directory. 1157 // Move the directory.
1158 FilePath dir_name_to = 1158 FilePath dir_name_to =
1159 temp_dir_.path().Append(FILE_PATH_LITERAL("Move_To_Subdir")); 1159 temp_dir_.path().Append(FILE_PATH_LITERAL("Move_To_Subdir"));
1160 FilePath file_name_to = 1160 FilePath file_name_to =
1161 dir_name_to.Append(FILE_PATH_LITERAL("Move_Test_File.txt")); 1161 dir_name_to.Append(FILE_PATH_LITERAL("Move_Test_File.txt"));
1162 1162
1163 ASSERT_FALSE(file_util::PathExists(dir_name_to)); 1163 ASSERT_FALSE(file_util::PathExists(dir_name_to));
1164 1164
1165 EXPECT_TRUE(file_util::Move(dir_name_from, dir_name_to)); 1165 EXPECT_TRUE(file_util::Move(dir_name_from, dir_name_to));
1166 1166
1167 // Check everything has been moved. 1167 // Check everything has been moved.
1168 EXPECT_FALSE(file_util::PathExists(dir_name_from)); 1168 EXPECT_FALSE(file_util::PathExists(dir_name_from));
1169 EXPECT_FALSE(file_util::PathExists(file_name_from)); 1169 EXPECT_FALSE(file_util::PathExists(file_name_from));
1170 EXPECT_TRUE(file_util::PathExists(dir_name_to)); 1170 EXPECT_TRUE(file_util::PathExists(dir_name_to));
1171 EXPECT_TRUE(file_util::PathExists(file_name_to)); 1171 EXPECT_TRUE(file_util::PathExists(file_name_to));
1172
1173 // Test path traversal.
1174 file_name_from = dir_name_to.Append(txt_file_name);
1175 file_name_to = dir_name_to.Append(FILE_PATH_LITERAL(".."));
1176 file_name_to = file_name_to.Append(txt_file_name);
1177 EXPECT_FALSE(file_util::Move(file_name_from, file_name_to));
1178 EXPECT_TRUE(file_util::PathExists(file_name_from));
1179 EXPECT_FALSE(file_util::PathExists(file_name_to));
1180 EXPECT_TRUE(file_util::MoveUnsafe(file_name_from, file_name_to));
1181 EXPECT_FALSE(file_util::PathExists(file_name_from));
1182 EXPECT_TRUE(file_util::PathExists(file_name_to));
1172 } 1183 }
1173 1184
1174 TEST_F(FileUtilTest, MoveExist) { 1185 TEST_F(FileUtilTest, MoveExist) {
1175 // Create a directory 1186 // Create a directory
1176 FilePath dir_name_from = 1187 FilePath dir_name_from =
1177 temp_dir_.path().Append(FILE_PATH_LITERAL("Move_From_Subdir")); 1188 temp_dir_.path().Append(FILE_PATH_LITERAL("Move_From_Subdir"));
1178 file_util::CreateDirectory(dir_name_from); 1189 file_util::CreateDirectory(dir_name_from);
1179 ASSERT_TRUE(file_util::PathExists(dir_name_from)); 1190 ASSERT_TRUE(file_util::PathExists(dir_name_from));
1180 1191
1181 // Create a file under the directory 1192 // Create a file under the directory
(...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after
1518 ASSERT_TRUE(file_util::PathExists(file_name_from)); 1529 ASSERT_TRUE(file_util::PathExists(file_name_from));
1519 1530
1520 // Copy the file. 1531 // Copy the file.
1521 FilePath dest_file = dir_name_from.Append(FILE_PATH_LITERAL("DestFile.txt")); 1532 FilePath dest_file = dir_name_from.Append(FILE_PATH_LITERAL("DestFile.txt"));
1522 ASSERT_TRUE(file_util::CopyFile(file_name_from, dest_file)); 1533 ASSERT_TRUE(file_util::CopyFile(file_name_from, dest_file));
1523 1534
1524 // Copy the file to another location using '..' in the path. 1535 // Copy the file to another location using '..' in the path.
1525 FilePath dest_file2(dir_name_from); 1536 FilePath dest_file2(dir_name_from);
1526 dest_file2 = dest_file2.AppendASCII(".."); 1537 dest_file2 = dest_file2.AppendASCII("..");
1527 dest_file2 = dest_file2.AppendASCII("DestFile.txt"); 1538 dest_file2 = dest_file2.AppendASCII("DestFile.txt");
1528 ASSERT_TRUE(file_util::CopyFile(file_name_from, dest_file2)); 1539 ASSERT_FALSE(file_util::CopyFile(file_name_from, dest_file2));
1540 ASSERT_TRUE(file_util::CopyFileUnsafe(file_name_from, dest_file2));
1529 1541
1530 FilePath dest_file2_test(dir_name_from); 1542 FilePath dest_file2_test(dir_name_from);
1531 dest_file2_test = dest_file2_test.DirName(); 1543 dest_file2_test = dest_file2_test.DirName();
1532 dest_file2_test = dest_file2_test.AppendASCII("DestFile.txt"); 1544 dest_file2_test = dest_file2_test.AppendASCII("DestFile.txt");
1533 1545
1534 // Check everything has been copied. 1546 // Check everything has been copied.
1535 EXPECT_TRUE(file_util::PathExists(file_name_from)); 1547 EXPECT_TRUE(file_util::PathExists(file_name_from));
1536 EXPECT_TRUE(file_util::PathExists(dest_file)); 1548 EXPECT_TRUE(file_util::PathExists(dest_file));
1537 const std::wstring read_contents = ReadTextFile(dest_file); 1549 const std::wstring read_contents = ReadTextFile(dest_file);
1538 EXPECT_EQ(file_contents, read_contents); 1550 EXPECT_EQ(file_contents, read_contents);
(...skipping 903 matching lines...) Expand 10 before | Expand all | Expand 10 after
2442 file_util::VerifyPathControlledByUser( 2454 file_util::VerifyPathControlledByUser(
2443 base_dir_, text_file_, uid_, ok_gids_)); 2455 base_dir_, text_file_, uid_, ok_gids_));
2444 EXPECT_TRUE( 2456 EXPECT_TRUE(
2445 file_util::VerifyPathControlledByUser( 2457 file_util::VerifyPathControlledByUser(
2446 sub_dir_, text_file_, uid_, ok_gids_)); 2458 sub_dir_, text_file_, uid_, ok_gids_));
2447 } 2459 }
2448 2460
2449 #endif // defined(OS_POSIX) 2461 #endif // defined(OS_POSIX)
2450 2462
2451 } // namespace 2463 } // namespace
OLDNEW
« no previous file with comments | « base/file_util_posix.cc ('k') | base/file_util_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698