mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
192 lines
4 KiB
Go
192 lines
4 KiB
Go
|
package archive
|
||
|
|
||
|
import (
|
||
|
"testing"
|
||
|
|
||
|
"github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
|
||
|
)
|
||
|
|
||
|
func TestApplyLayerInvalidFilenames(t *testing.T) {
|
||
|
for i, headers := range [][]*tar.Header{
|
||
|
{
|
||
|
{
|
||
|
Name: "../victim/dotdot",
|
||
|
Typeflag: tar.TypeReg,
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{
|
||
|
{
|
||
|
// Note the leading slash
|
||
|
Name: "/../victim/slash-dotdot",
|
||
|
Typeflag: tar.TypeReg,
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
} {
|
||
|
if err := testBreakout("applylayer", "docker-TestApplyLayerInvalidFilenames", headers); err != nil {
|
||
|
t.Fatalf("i=%d. %v", i, err)
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestApplyLayerInvalidHardlink(t *testing.T) {
|
||
|
for i, headers := range [][]*tar.Header{
|
||
|
{ // try reading victim/hello (../)
|
||
|
{
|
||
|
Name: "dotdot",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
Linkname: "../victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try reading victim/hello (/../)
|
||
|
{
|
||
|
Name: "slash-dotdot",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
// Note the leading slash
|
||
|
Linkname: "/../victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try writing victim/file
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "loophole-victim/file",
|
||
|
Typeflag: tar.TypeReg,
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try reading victim/hello (hardlink, symlink)
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "symlink",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
Linkname: "loophole-victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // Try reading victim/hello (hardlink, hardlink)
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "hardlink",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
Linkname: "loophole-victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // Try removing victim directory (hardlink)
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeReg,
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
} {
|
||
|
if err := testBreakout("applylayer", "docker-TestApplyLayerInvalidHardlink", headers); err != nil {
|
||
|
t.Fatalf("i=%d. %v", i, err)
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestApplyLayerInvalidSymlink(t *testing.T) {
|
||
|
for i, headers := range [][]*tar.Header{
|
||
|
{ // try reading victim/hello (../)
|
||
|
{
|
||
|
Name: "dotdot",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
Linkname: "../victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try reading victim/hello (/../)
|
||
|
{
|
||
|
Name: "slash-dotdot",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
// Note the leading slash
|
||
|
Linkname: "/../victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try writing victim/file
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "loophole-victim/file",
|
||
|
Typeflag: tar.TypeReg,
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try reading victim/hello (symlink, symlink)
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "symlink",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
Linkname: "loophole-victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try reading victim/hello (symlink, hardlink)
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "hardlink",
|
||
|
Typeflag: tar.TypeLink,
|
||
|
Linkname: "loophole-victim/hello",
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
{ // try removing victim directory (symlink)
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeSymlink,
|
||
|
Linkname: "../victim",
|
||
|
Mode: 0755,
|
||
|
},
|
||
|
{
|
||
|
Name: "loophole-victim",
|
||
|
Typeflag: tar.TypeReg,
|
||
|
Mode: 0644,
|
||
|
},
|
||
|
},
|
||
|
} {
|
||
|
if err := testBreakout("applylayer", "docker-TestApplyLayerInvalidSymlink", headers); err != nil {
|
||
|
t.Fatalf("i=%d. %v", i, err)
|
||
|
}
|
||
|
}
|
||
|
}
|