nextcloud/tests/lib/tempmanager.php

199 lines
5.5 KiB
PHP
Raw Normal View History

<?php
/**
* Copyright (c) 2014 Robin Appelman <icewind@owncloud.com>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace Test;
use OC\Log;
class NullLogger extends Log {
public function __construct($logger = null) {
//disable original constructor
}
public function log($level, $message, array $context = array()) {
//noop
}
}
class TempManager extends \Test\TestCase {
protected $baseDir = null;
protected function setUp() {
parent::setUp();
$this->baseDir = $this->getManager()->getTempBaseDir() . $this->getUniqueID('/oc_tmp_test');
if (!is_dir($this->baseDir)) {
mkdir($this->baseDir);
}
}
protected function tearDown() {
\OC_Helper::rmdirr($this->baseDir);
$this->baseDir = null;
parent::tearDown();
}
/**
* @param \OCP\ILogger $logger
* @param \OCP\IConfig $config
* @return \OC\TempManager
*/
protected function getManager($logger = null, $config = null) {
if (!$logger) {
$logger = new NullLogger();
}
if (!$config) {
$config = \OC::$server->getConfig();
}
$manager = new \OC\TempManager($logger, $config);
if ($this->baseDir) {
$manager->overrideTempBaseDir($this->baseDir);
}
return $manager;
}
public function testGetFile() {
$manager = $this->getManager();
$file = $manager->getTemporaryFile('txt');
$this->assertStringEndsWith('.txt', $file);
$this->assertTrue(is_file($file));
$this->assertTrue(is_writable($file));
file_put_contents($file, 'bar');
$this->assertEquals('bar', file_get_contents($file));
}
public function testGetFolder() {
$manager = $this->getManager();
$folder = $manager->getTemporaryFolder();
$this->assertStringEndsWith('/', $folder);
$this->assertTrue(is_dir($folder));
$this->assertTrue(is_writable($folder));
file_put_contents($folder . 'foo.txt', 'bar');
$this->assertEquals('bar', file_get_contents($folder . 'foo.txt'));
}
public function testCleanFiles() {
$manager = $this->getManager();
$file1 = $manager->getTemporaryFile('txt');
$file2 = $manager->getTemporaryFile('txt');
$this->assertTrue(file_exists($file1));
$this->assertTrue(file_exists($file2));
$manager->clean();
$this->assertFalse(file_exists($file1));
$this->assertFalse(file_exists($file2));
}
public function testCleanFolder() {
$manager = $this->getManager();
$folder1 = $manager->getTemporaryFolder();
$folder2 = $manager->getTemporaryFolder();
touch($folder1 . 'foo.txt');
touch($folder1 . 'bar.txt');
$this->assertTrue(file_exists($folder1));
$this->assertTrue(file_exists($folder2));
$this->assertTrue(file_exists($folder1 . 'foo.txt'));
$this->assertTrue(file_exists($folder1 . 'bar.txt'));
$manager->clean();
$this->assertFalse(file_exists($folder1));
$this->assertFalse(file_exists($folder2));
$this->assertFalse(file_exists($folder1 . 'foo.txt'));
$this->assertFalse(file_exists($folder1 . 'bar.txt'));
}
public function testCleanOld() {
$manager = $this->getManager();
$oldFile = $manager->getTemporaryFile('txt');
$newFile = $manager->getTemporaryFile('txt');
$folder = $manager->getTemporaryFolder();
$nonOcFile = $this->baseDir . '/foo.txt';
file_put_contents($nonOcFile, 'bar');
$past = time() - 2 * 3600;
touch($oldFile, $past);
touch($folder, $past);
touch($nonOcFile, $past);
$manager2 = $this->getManager();
$manager2->cleanOld();
$this->assertFalse(file_exists($oldFile));
$this->assertFalse(file_exists($folder));
$this->assertTrue(file_exists($nonOcFile));
$this->assertTrue(file_exists($newFile));
}
public function testLogCantCreateFile() {
if (\OC_Util::runningOnWindows()) {
$this->markTestSkipped('[Windows] chmod() does not work as intended on Windows.');
}
$logger = $this->getMock('\Test\NullLogger');
$manager = $this->getManager($logger);
chmod($this->baseDir, 0500);
$logger->expects($this->once())
->method('warning')
->with($this->stringContains('Can not create a temporary file in directory'));
$this->assertFalse($manager->getTemporaryFile('txt'));
}
public function testLogCantCreateFolder() {
if (\OC_Util::runningOnWindows()) {
$this->markTestSkipped('[Windows] chmod() does not work as intended on Windows.');
}
$logger = $this->getMock('\Test\NullLogger');
$manager = $this->getManager($logger);
chmod($this->baseDir, 0500);
$logger->expects($this->once())
->method('warning')
->with($this->stringContains('Can not create a temporary folder in directory'));
$this->assertFalse($manager->getTemporaryFolder());
}
Fix collision on temporary files + adjust permissions This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. **[CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html)** The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. **[CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)** Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. **[CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html)** Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes.
2015-04-23 15:29:15 +03:00
public function testBuildFileNameWithPostfix() {
$logger = $this->getMock('\Test\NullLogger');
$tmpManager = self::invokePrivate(
$this->getManager($logger),
Fix collision on temporary files + adjust permissions This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. **[CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html)** The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. **[CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)** Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. **[CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html)** Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes.
2015-04-23 15:29:15 +03:00
'buildFileNameWithSuffix',
['/tmp/myTemporaryFile', 'postfix']
);
$this->assertEquals('/tmp/myTemporaryFile-.postfix', $tmpManager);
}
public function testBuildFileNameWithoutPostfix() {
$logger = $this->getMock('\Test\NullLogger');
$tmpManager = self::invokePrivate(
Fix collision on temporary files + adjust permissions This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. **[CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html)** The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. **[CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)** Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. **[CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html)** Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes.
2015-04-23 15:29:15 +03:00
$this->getManager($logger),
'buildFileNameWithSuffix',
['/tmp/myTemporaryFile', '']
);
$this->assertEquals('/tmp/myTemporaryFile', $tmpManager);
}
public function testBuildFileNameWithSuffixPathTraversal() {
$logger = $this->getMock('\Test\NullLogger');
$tmpManager = self::invokePrivate(
Fix collision on temporary files + adjust permissions This changeset hardens the temporary file and directory creation to address multiple problems that may lead to exposure of files to other users, data loss or other unexpected behaviour that is impossible to debug. **[CWE-668: Exposure of Resource to Wrong Sphere](https://cwe.mitre.org/data/definitions/668.html)** The temporary file and folder handling as implemented in ownCloud is performed using a MD5 hash over `time()` concatenated with `rand()`. This is insufficiently and leads to the following security problems: The generated filename could already be used by another user. It is not verified whether the file is already used and thus temporary files might be used for another user as well resulting in all possible stuff such as "user has file of other user". Effectively this leaves us with: 1. A timestamp based on seconds (no entropy at all) 2. `rand()` which returns usually a number between 0 and 2,147,483,647 Considering the birthday paradox and that we use this method quite often (especially when handling external storage) this is quite error prone and needs to get addressed. This behaviour has been fixed by using `tempnam` instead for single temporary files. For creating temporary directories an additional postfix will be appended, the solution is for directories still not absolutely bulletproof but the best I can think about at the moment. Improvement suggestions are welcome. **[CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)** Files were created using `touch()` which defaults to a permission of 0644. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0600. **[CWE-379: Creation of Temporary File in Directory with Incorrect Permissions](https://cwe.mitre.org/data/definitions/379.html)** Files were created using `mkdir()` which defaults to a permission of 0777. Thus other users on the machine may read potentially sensitive information as `/tmp/` is world-readable. However, ownCloud always encourages users to use a dedicated machine to run the ownCloud instance and thus this is no a high severe issue. Permissions have been adjusted to 0700.Please enter the commit message for your changes.
2015-04-23 15:29:15 +03:00
$this->getManager($logger),
'buildFileNameWithSuffix',
['foo', '../Traversal\\../FileName']
);
$this->assertStringEndsNotWith('./Traversal\\../FileName', $tmpManager);
$this->assertStringEndsWith('.Traversal..FileName', $tmpManager);
}
}