Blame t/security.t

Packit a89ea5
#!/usr/bin/perl -w
Packit a89ea5
# Test for File::Temp - Security levels
Packit a89ea5
Packit a89ea5
# Some of the security checking will not work on all platforms
Packit a89ea5
# Test a simple open in the cwd and tmpdir foreach of the
Packit a89ea5
# security levels
Packit a89ea5
Packit a89ea5
use Test::More tests => 12;
Packit a89ea5
Packit a89ea5
use strict;
Packit a89ea5
use File::Spec;
Packit a89ea5
Packit a89ea5
# Set up END block - this needs to happen before we load
Packit a89ea5
# File::Temp since this END block must be evaluated after the
Packit a89ea5
# END block configured by File::Temp
Packit a89ea5
my @files; # list of files to remove
Packit a89ea5
END { foreach (@files) { ok( !(-e $_) )} }
Packit a89ea5
Packit a89ea5
use File::Temp qw/ tempfile unlink0 /;
Packit a89ea5
Packit a89ea5
# The high security tests must currently be skipped on some platforms
Packit a89ea5
my $skipplat = ( (
Packit a89ea5
		  # No sticky bits.
Packit a89ea5
		  $^O eq 'MSWin32' || $^O eq 'NetWare' || $^O eq 'os2' || $^O eq 'dos' || $^O eq 'mpeix' || $^O eq 'MacOS'
Packit a89ea5
		  ) ? 1 : 0 );
Packit a89ea5
Packit a89ea5
# Can not run high security tests in perls before 5.6.0
Packit a89ea5
my $skipperl  = ($] < 5.006 ? 1 : 0 );
Packit a89ea5
Packit a89ea5
# Determine whether we need to skip things and why
Packit a89ea5
my $skip = 0;
Packit a89ea5
if ($skipplat) {
Packit a89ea5
  $skip = "Not supported on this platform";
Packit a89ea5
} elsif ($skipperl) {
Packit a89ea5
  $skip = "Perl version must be v5.6.0 for these tests";
Packit a89ea5
Packit a89ea5
}
Packit a89ea5
Packit a89ea5
print "# We will be skipping some tests : $skip\n" if $skip;
Packit a89ea5
Packit a89ea5
# start off with basic checking
Packit a89ea5
Packit a89ea5
File::Temp->safe_level( File::Temp::STANDARD );
Packit a89ea5
Packit a89ea5
print "# Testing with STANDARD security...\n";
Packit a89ea5
Packit a89ea5
test_security();
Packit a89ea5
Packit a89ea5
SKIP: {
Packit a89ea5
  skip $skip, 8 if $skip;
Packit a89ea5
Packit a89ea5
  # Try medium
Packit a89ea5
Packit a89ea5
  File::Temp->safe_level( File::Temp::MEDIUM );
Packit a89ea5
Packit a89ea5
  print "# Testing with MEDIUM security...\n";
Packit a89ea5
Packit a89ea5
  # Now we need to start skipping tests
Packit a89ea5
  test_security();
Packit a89ea5
Packit a89ea5
  # Try HIGH
Packit a89ea5
Packit a89ea5
  File::Temp->safe_level( File::Temp::HIGH );
Packit a89ea5
Packit a89ea5
  print "# Testing with HIGH security...\n";
Packit a89ea5
Packit a89ea5
  test_security();
Packit a89ea5
}
Packit a89ea5
Packit a89ea5
exit;
Packit a89ea5
Packit a89ea5
# Subroutine to open two temporary files.
Packit a89ea5
# one is opened in the current dir and the other in the temp dir
Packit a89ea5
Packit a89ea5
sub test_security {
Packit a89ea5
Packit a89ea5
  # Create the tempfile
Packit a89ea5
  my $template = "tmpXXXXX";
Packit a89ea5
  my ($fh1, $fname1) = eval { tempfile ( $template, 
Packit a89ea5
				  DIR => File::Temp::_wrap_file_spec_tmpdir(),
Packit a89ea5
				  UNLINK => 1,
Packit a89ea5
				);
Packit a89ea5
			    };
Packit a89ea5
Packit a89ea5
  SKIP: {
Packit a89ea5
    if (defined $fname1) {
Packit a89ea5
        print "# fname1 = $fname1\n";
Packit a89ea5
        ok( (-e $fname1) );
Packit a89ea5
        push(@files, $fname1); # store for end block
Packit a89ea5
    } elsif (File::Temp->safe_level() != File::Temp::STANDARD) {
Packit a89ea5
        chomp($@);
Packit a89ea5
        my $msg = File::Temp::_wrap_file_spec_tmpdir() . " possibly insecure: $@";
Packit a89ea5
        skip $msg, 2; # one here and one in END
Packit a89ea5
    } else {
Packit a89ea5
        ok(0);
Packit a89ea5
    }
Packit a89ea5
  }
Packit a89ea5
Packit a89ea5
  SKIP: {
Packit a89ea5
    # Explicitly 
Packit a89ea5
    if ( $< < File::Temp->top_system_uid() ){
Packit a89ea5
        skip("Skip Test inappropriate for root", 2);
Packit a89ea5
        return;
Packit a89ea5
    }
Packit a89ea5
    my ($fh2, $fname2) = eval { tempfile ($template,  UNLINK => 1 ); };
Packit a89ea5
    if (defined $fname2) {
Packit a89ea5
        print "# fname2 = $fname2\n";
Packit a89ea5
        ok( (-e $fname2) );
Packit a89ea5
        push(@files, $fname2); # store for end block
Packit a89ea5
        close($fh2);
Packit a89ea5
    } elsif (File::Temp->safe_level() != File::Temp::STANDARD) {
Packit a89ea5
        chomp($@);
Packit a89ea5
        my $msg = "current directory possibly insecure: $@";
Packit a89ea5
        skip $msg, 2; # one here and one in END
Packit a89ea5
    } else {
Packit a89ea5
        ok(0);
Packit a89ea5
    }
Packit a89ea5
  }
Packit a89ea5
}
Packit a89ea5
Packit a89ea5
# vim: ts=2 sts=2 sw=2 et: