xref: /openbsd-src/gnu/usr.bin/perl/cpan/File-Temp/t/security.t (revision f3efcd0145415b7d44d9da97e0ad5c21b186ac61) 
1b39c5158Smillert#!/usr/bin/perl -w
2b39c5158Smillert# Test for File::Temp - Security levels
3b39c5158Smillert
4b39c5158Smillert# Some of the security checking will not work on all platforms
5b39c5158Smillert# Test a simple open in the cwd and tmpdir foreach of the
6b39c5158Smillert# security levels
7b39c5158Smillert
891f110e0Safresh1use Test::More tests => 12;
9b39c5158Smillert
10b39c5158Smillertuse strict;
11b39c5158Smillertuse File::Spec;
12b39c5158Smillert
13b39c5158Smillert# Set up END block - this needs to happen before we load
14b39c5158Smillert# File::Temp since this END block must be evaluated after the
15b39c5158Smillert# END block configured by File::Temp
16b39c5158Smillertmy @files; # list of files to remove
17b39c5158SmillertEND { foreach (@files) { ok( !(-e $_) )} }
18b39c5158Smillert
19b39c5158Smillertuse File::Temp qw/ tempfile unlink0 /;
20b39c5158Smillert
21b39c5158Smillert# The high security tests must currently be skipped on some platforms
22b39c5158Smillertmy $skipplat = ( (
23b39c5158Smillert		  # No sticky bits.
24b39c5158Smillert		  $^O eq 'MSWin32' || $^O eq 'NetWare' || $^O eq 'os2' || $^O eq 'dos' || $^O eq 'mpeix' || $^O eq 'MacOS'
25b39c5158Smillert		  ) ? 1 : 0 );
26b39c5158Smillert
27b39c5158Smillert# Can not run high security tests in perls before 5.6.0
28b39c5158Smillertmy $skipperl  = ($] < 5.006 ? 1 : 0 );
29b39c5158Smillert
30b39c5158Smillert# Determine whether we need to skip things and why
31b39c5158Smillertmy $skip = 0;
32b39c5158Smillertif ($skipplat) {
3391f110e0Safresh1  $skip = "Not supported on this platform";
34b39c5158Smillert} elsif ($skipperl) {
3591f110e0Safresh1  $skip = "Perl version must be v5.6.0 for these tests";
36b39c5158Smillert
37b39c5158Smillert}
38b39c5158Smillert
39b39c5158Smillertprint "# We will be skipping some tests : $skip\n" if $skip;
40b39c5158Smillert
41b39c5158Smillert# start off with basic checking
42b39c5158Smillert
43b39c5158SmillertFile::Temp->safe_level( File::Temp::STANDARD );
44b39c5158Smillert
45b39c5158Smillertprint "# Testing with STANDARD security...\n";
46b39c5158Smillert
4791f110e0Safresh1test_security();
4891f110e0Safresh1
4991f110e0Safresh1SKIP: {
5091f110e0Safresh1  skip $skip, 8 if $skip;
51b39c5158Smillert
52b39c5158Smillert  # Try medium
53b39c5158Smillert
5491f110e0Safresh1  File::Temp->safe_level( File::Temp::MEDIUM );
55b39c5158Smillert
56b39c5158Smillert  print "# Testing with MEDIUM security...\n";
57b39c5158Smillert
58b39c5158Smillert  # Now we need to start skipping tests
5991f110e0Safresh1  test_security();
60b39c5158Smillert
61b39c5158Smillert  # Try HIGH
62b39c5158Smillert
6391f110e0Safresh1  File::Temp->safe_level( File::Temp::HIGH );
64b39c5158Smillert
65b39c5158Smillert  print "# Testing with HIGH security...\n";
66b39c5158Smillert
6791f110e0Safresh1  test_security();
6891f110e0Safresh1}
69b39c5158Smillert
70b39c5158Smillertexit;
71b39c5158Smillert
72b39c5158Smillert# Subroutine to open two temporary files.
73b39c5158Smillert# one is opened in the current dir and the other in the temp dir
74b39c5158Smillert
75b39c5158Smillertsub test_security {
76b39c5158Smillert
77b39c5158Smillert  # Create the tempfile
78b39c5158Smillert  my $template = "tmpXXXXX";
79b39c5158Smillert  my ($fh1, $fname1) = eval { tempfile ( $template,
80*f3efcd01Safresh1				  DIR => File::Temp::_wrap_file_spec_tmpdir(),
81b39c5158Smillert				  UNLINK => 1,
82b39c5158Smillert				);
83b39c5158Smillert			    };
84b39c5158Smillert
8591f110e0Safresh1  SKIP: {
86b39c5158Smillert    if (defined $fname1) {
87b39c5158Smillert        print "# fname1 = $fname1\n";
88b39c5158Smillert        ok( (-e $fname1) );
89b39c5158Smillert        push(@files, $fname1); # store for end block
90b39c5158Smillert    } elsif (File::Temp->safe_level() != File::Temp::STANDARD) {
91b39c5158Smillert        chomp($@);
92*f3efcd01Safresh1        my $msg = File::Temp::_wrap_file_spec_tmpdir() . " possibly insecure: $@";
9391f110e0Safresh1        skip $msg, 2; # one here and one in END
94b39c5158Smillert    } else {
95b39c5158Smillert        ok(0);
96b39c5158Smillert    }
9791f110e0Safresh1  }
98b39c5158Smillert
9991f110e0Safresh1  SKIP: {
100b39c5158Smillert    # Explicitly
101b39c5158Smillert    if ( $< < File::Temp->top_system_uid() ){
10291f110e0Safresh1        skip("Skip Test inappropriate for root", 2);
103b39c5158Smillert        return;
104b39c5158Smillert    }
105b39c5158Smillert    my ($fh2, $fname2) = eval { tempfile ($template,  UNLINK => 1 ); };
106b39c5158Smillert    if (defined $fname2) {
107b39c5158Smillert        print "# fname2 = $fname2\n";
108b39c5158Smillert        ok( (-e $fname2) );
109b39c5158Smillert        push(@files, $fname2); # store for end block
110b39c5158Smillert        close($fh2);
111b39c5158Smillert    } elsif (File::Temp->safe_level() != File::Temp::STANDARD) {
112b39c5158Smillert        chomp($@);
11391f110e0Safresh1        my $msg = "current directory possibly insecure: $@";
11491f110e0Safresh1        skip $msg, 2; # one here and one in END
115b39c5158Smillert    } else {
116b39c5158Smillert        ok(0);
117b39c5158Smillert    }
118b39c5158Smillert  }
11991f110e0Safresh1}
12091f110e0Safresh1
12191f110e0Safresh1# vim: ts=2 sts=2 sw=2 et:
122