Add security layer to send file output things (#8189)

* Add security layer to send file output things * Make telegram secure * fix lint * fix handling * invert check * resolve relative paths * add test for relative paths * fix lint * fix tests * Address paulus comments * fix style * fix tests * Add more tests * fix tests * fix tests * fix test p2 * fix lint * fix tests * Make it available for windows * Change name / address comments * fix set * fix test * fix tests * fix test * fix lint
2017-06-26 00:10:30 +02:00 · 2017-06-26 00:10:30 +02:00 · 2dd7f0616e
commit 2dd7f0616e
parent 2f2952e0ec
8 changed files with 86 additions and 6 deletions
--- a/tests/test_core.py
+++ b/tests/test_core.py
@ -1,11 +1,13 @@
 """Test to verify that Home Assistant core works."""
 # pylint: disable=protected-access
 import asyncio
+import logging
+import os
 import unittest
 from unittest.mock import patch, MagicMock, sentinel
 from datetime import datetime, timedelta
+from tempfile import TemporaryDirectory

-import logging
 import pytz
 import pytest

@ -796,11 +798,41 @@ class TestConfig(unittest.TestCase):
            'time_zone': 'UTC',
            'components': set(),
            'config_dir': '/tmp/ha-config',
+            'whitelist_external_dirs': set(),
            'version': __version__,
        }

        self.assertEqual(expected, self.config.as_dict())

+    def test_is_allowed_path(self):
+        """Test is_allowed_path method."""
+        with TemporaryDirectory() as tmp_dir:
+            self.config.whitelist_external_dirs = set((
+                tmp_dir,
+            ))
+
+            test_file = os.path.join(tmp_dir, "test.jpg")
+            with open(test_file, "w") as tmp_file:
+                tmp_file.write("test")
+
+            valid = [
+                test_file,
+            ]
+            for path in valid:
+                assert self.config.is_allowed_path(path)
+
+            self.config.whitelist_external_dirs = set(('/home',))
+
+            unvalid = [
+                "/hass/config/secure",
+                "/etc/passwd",
+                "/root/secure_file",
+                "/hass/config/test/../../../etc/passwd",
+                test_file,
+            ]
+            for path in unvalid:
+                assert not self.config.is_allowed_path(path)
+

@patch('homeassistant.core.monotonic')
 def test_create_timer(mock_monotonic, loop):