xref: /openbsd-src/gnu/usr.bin/perl/ext/File-Find/t/taint.t (revision 5486feefcc8cb79b19e014ab332cc5dfd05b3b33)

#!./perl -T

use strict;
use lib qw( ./t/lib );

BEGIN {
    require File::Spec;
    if ($ENV{PERL_CORE}) {
        # May be doing dynamic loading while @INC is all relative
        @INC = map { $_ = File::Spec->rel2abs($_); /(.*)/; $1 } @INC;
    }
    if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'VMS') {
        # This is a hack - at present File::Find does not produce native names
        # on Win32 or VMS, so force File::Spec to use Unix names.
        # must be set *before* importing File::Find
        require File::Spec::Unix;
        @File::Spec::ISA = 'File::Spec::Unix';
    }
}

use Test::More;
use File::Find;
use File::Spec;
use Cwd;
use Testing qw(
    create_file_ok
    mkdir_ok
    symlink_ok
    dir_path
    file_path
    _cleanup_start
);
use Errno ();
use Config;
use File::Temp qw(tempdir);

BEGIN {
    plan(
        ${^TAINT}
        ? (tests => 48)
        : (skip_all => "A perl without taint support")
    );
}

my %Expect_File = (); # what we expect for $_
my %Expect_Name = (); # what we expect for $File::Find::name/fullname
my %Expect_Dir  = (); # what we expect for $File::Find::dir
my ($cwd, $cwd_untainted);

BEGIN {
    if ($^O ne 'VMS') {
        for (keys %ENV) { # untaint ENV
            ($ENV{$_}) = $ENV{$_} =~ /(.*)/;
        }
    }

    # Remove insecure directories from PATH
    my @path;
    my $sep = $Config{path_sep};
    foreach my $dir (split(/\Q$sep/,$ENV{'PATH'}))
    {
        ##
        ## Match the directory taint tests in mg.c::Perl_magic_setenv()
        ##
        push(@path,$dir) unless (length($dir) >= 256
                                 or
                                 substr($dir,0,1) ne "/"
                                 or
                                 (stat $dir)[2] & 002);
    }
    $ENV{'PATH'} = join($sep,@path);
}

my $symlink_exists = eval { symlink("",""); 1 };

my $test_root_dir; # where we are when this test starts
my $test_root_dir_tainted = cwd();
if ($test_root_dir_tainted =~ /^(.*)$/) {
    $test_root_dir = $1;
} else {
    die "Failed to untaint root dir of test";
}
ok($test_root_dir,"test_root_dir is set up as expected");
my $test_temp_dir = tempdir("FF_taint_t_XXXXXX",CLEANUP=>1);
ok($test_temp_dir,"test_temp_dir is set up as expected");

my $found;
find({wanted => sub { ++$found if $_ eq 'taint.t' },
                untaint => 1, untaint_pattern => qr|^(.+)$|}, File::Spec->curdir);

is($found, 1, 'taint.t found once');
$found = 0;

finddepth({wanted => sub { ++$found if $_ eq 'taint.t'; },
           untaint => 1, untaint_pattern => qr|^(.+)$|}, File::Spec->curdir);

is($found, 1, 'taint.t found once again');

my $case = 2;
my $FastFileTests_OK = 0;

my $chdir_error = "";
chdir($test_temp_dir)
    or $chdir_error = "Failed to chdir to '$test_temp_dir': $!";
is($chdir_error,"","chdir to temp dir '$test_temp_dir' successful")
    or die $chdir_error;

sub cleanup {
    # the following chdirs into $test_root_dir/$test_temp_dir but
    # handles various possible edge case errors cleanly. If it returns
    # false then we bail out of the cleanup.
    _cleanup_start($test_root_dir, $test_temp_dir)
        or return;

    my $need_updir = 0;
    if (-d dir_path('for_find_taint')) {
        $need_updir = 1 if chdir(dir_path('for_find_taint'));
    }
    if (-d dir_path('fa_taint')) {
        unlink file_path('fa_taint', 'fa_ord'),
               file_path('fa_taint', 'fsl'),
               file_path('fa_taint', 'faa', 'faa_ord'),
               file_path('fa_taint', 'fab', 'fab_ord'),
               file_path('fa_taint', 'fab', 'faba', 'faba_ord'),
               file_path('fb_taint', 'fb_ord'),
               file_path('fb_taint', 'fba', 'fba_ord');
        rmdir dir_path('fa_taint', 'faa');
        rmdir dir_path('fa_taint', 'fab', 'faba');
        rmdir dir_path('fa_taint', 'fab');
        rmdir dir_path('fa_taint');
        rmdir dir_path('fb_taint', 'fba');
        rmdir dir_path('fb_taint');
    }
    if ($need_updir) {
        my $updir = $^O eq 'VMS' ? File::Spec::VMS->updir() : File::Spec->updir;
        chdir($updir);
    }
    if (-d dir_path('for_find_taint')) {
        rmdir dir_path('for_find_taint') or print "# Can't rmdir for_find_taint: $!\n";
    }
    chdir($test_root_dir) or die "Failed to chdir to '$test_root_dir': $!";
}

END {
    cleanup();
}

sub wanted_File_Dir {
    print "# \$File::Find::dir => '$File::Find::dir'\t\$_ => '$_'\n";
    s#\.$## if ($^O eq 'VMS' && $_ ne '.'); #
    s/(.dir)?$//i if ($^O eq 'VMS' && -d _);
    ok( $Expect_File{$_}, "found $_ for \$_, as expected" );
    if ( $FastFileTests_OK ) {
        delete $Expect_File{$_}
          unless ( $Expect_Dir{$_} && ! -d _ );
    }
    else {
        delete $Expect_File{$_}
          unless ( $Expect_Dir{$_} && ! -d $_ );
    }
}

sub wanted_File_Dir_prune {
    &wanted_File_Dir;
    $File::Find::prune=1 if  $_ eq 'faba';
}

sub simple_wanted {
    print "# \$File::Find::dir => '$File::Find::dir'\n";
    print "# \$_ => '$_'\n";
}

# Use topdir() to specify a directory path that you want to pass to
# find/finddepth. Historically topdir() differed on Mac OS classic.

*topdir = \&dir_path;

# Use file_path_name() to specify a file path that's expected for
# $File::Find::Name (%Expect_Name). Note: When the no_chdir => 1
# option is in effect, $_ is the same as $File::Find::Name. In that
# case, also use this function to specify a file path that's expected
# for $_.
#
# Historically file_path_name differed on Mac OS classic.

*file_path_name = \&file_path;

##### Create directories, files and symlinks used in testing #####
mkdir_ok( dir_path('for_find_taint'), 0770 );
ok( chdir( dir_path('for_find_taint')), 'successful chdir() to for_find_taint' );

$cwd = cwd(); # save cwd
( $cwd_untainted ) = $cwd =~ m|^(.+)$|; # untaint it

mkdir_ok( dir_path('fa_taint'), 0770 );
mkdir_ok( dir_path('fb_taint'), 0770  );
create_file_ok( file_path('fb_taint', 'fb_ord') );
mkdir_ok( dir_path('fb_taint', 'fba'), 0770  );
create_file_ok( file_path('fb_taint', 'fba', 'fba_ord') );
SKIP: {
    skip "Creating symlink", 1, unless $symlink_exists;
    if (symlink('../fb_taint','fa_taint/fsl')) {
        pass('Created symbolic link' );
    }
    else {
        my $error = 0 + $!;
        if ($^O eq "MSWin32" &&
            ($error == &Errno::ENOSYS || $error == &Errno::EPERM)) {
            $symlink_exists = 0;
            skip "symbolic links not available", 1;
        }
        else {
            fail('Created symbolic link');
        }
    }
}
create_file_ok( file_path('fa_taint', 'fa_ord') );

mkdir_ok( dir_path('fa_taint', 'faa'), 0770  );
create_file_ok( file_path('fa_taint', 'faa', 'faa_ord') );
mkdir_ok( dir_path('fa_taint', 'fab'), 0770  );
create_file_ok( file_path('fa_taint', 'fab', 'fab_ord') );
mkdir_ok( dir_path('fa_taint', 'fab', 'faba'), 0770  );
create_file_ok( file_path('fa_taint', 'fab', 'faba', 'faba_ord') );

print "# check untainting (no follow)\n";

# untainting here should work correctly

%Expect_File = (File::Spec->curdir => 1, file_path('fsl') =>
                1,file_path('fa_ord') => 1, file_path('fab') => 1,
                file_path('fab_ord') => 1, file_path('faba') => 1,
                file_path('faa') => 1, file_path('faa_ord') => 1);
delete $Expect_File{ file_path('fsl') } unless $symlink_exists;
%Expect_Name = ();

%Expect_Dir = ( dir_path('fa_taint') => 1, dir_path('faa') => 1,
                dir_path('fab') => 1, dir_path('faba') => 1,
                dir_path('fb_taint') => 1, dir_path('fba') => 1);

delete @Expect_Dir{ dir_path('fb_taint'), dir_path('fba') } unless $symlink_exists;

File::Find::find( {wanted => \&wanted_File_Dir_prune, untaint => 1,
                   untaint_pattern => qr|^(.+)$|}, topdir('fa_taint') );

is(scalar keys %Expect_File, 0, 'Found all expected files')
    or diag "Not found " . join(" ", sort keys %Expect_File);

# don't untaint at all, should die
%Expect_File = ();
%Expect_Name = ();
%Expect_Dir  = ();
undef $@;
eval {File::Find::find( {wanted => \&simple_wanted}, topdir('fa_taint') );};
like( $@, qr|Insecure dependency|, 'Tainted directory causes death (good)' );
chdir($cwd_untainted);


# untaint pattern doesn't match, should die
undef $@;

eval {File::Find::find( {wanted => \&simple_wanted, untaint => 1,
                         untaint_pattern => qr|^(NO_MATCH)$|},
                         topdir('fa_taint') );};

like( $@, qr|is still tainted|, 'Bad untaint pattern causes death (good)' );
chdir($cwd_untainted);


# untaint pattern doesn't match, should die when we chdir to cwd
print "# check untaint_skip (No follow)\n";
undef $@;

eval {File::Find::find( {wanted => \&simple_wanted, untaint => 1,
                         untaint_skip => 1, untaint_pattern =>
                         qr|^(NO_MATCH)$|}, topdir('fa_taint') );};

print "# $@" if $@;
#$^D = 8;
like( $@, qr|insecure cwd|, 'Bad untaint pattern causes death in cwd (good)' );

chdir($cwd_untainted);


SKIP: {
    skip "Symbolic link tests", 17, unless $symlink_exists;
    print "# --- symbolic link tests --- \n";
    $FastFileTests_OK= 1;

    print "# check untainting (follow)\n";

    # untainting here should work correctly
    # no_chdir is in effect, hence we use file_path_name to specify the expected paths for %Expect_File

    %Expect_File = (file_path_name('fa_taint') => 1,
                    file_path_name('fa_taint','fa_ord') => 1,
                    file_path_name('fa_taint', 'fsl') => 1,
                    file_path_name('fa_taint', 'fsl', 'fb_ord') => 1,
                    file_path_name('fa_taint', 'fsl', 'fba') => 1,
                    file_path_name('fa_taint', 'fsl', 'fba', 'fba_ord') => 1,
                    file_path_name('fa_taint', 'fab') => 1,
                    file_path_name('fa_taint', 'fab', 'fab_ord') => 1,
                    file_path_name('fa_taint', 'fab', 'faba') => 1,
                    file_path_name('fa_taint', 'fab', 'faba', 'faba_ord') => 1,
                    file_path_name('fa_taint', 'faa') => 1,
                    file_path_name('fa_taint', 'faa', 'faa_ord') => 1);

    %Expect_Name = ();

    %Expect_Dir = (dir_path('fa_taint') => 1,
                   dir_path('fa_taint', 'faa') => 1,
                   dir_path('fa_taint', 'fab') => 1,
                   dir_path('fa_taint', 'fab', 'faba') => 1,
                   dir_path('fb_taint') => 1,
                   dir_path('fb_taint', 'fba') => 1);

    File::Find::find( {wanted => \&wanted_File_Dir, follow_fast => 1,
                       no_chdir => 1, untaint => 1, untaint_pattern =>
                       qr|^(.+)$| }, topdir('fa_taint') );

    is( scalar(keys %Expect_File), 0, 'Found all files in symlink test' );


    # don't untaint at all, should die
    undef $@;

    eval {File::Find::find( {wanted => \&simple_wanted, follow => 1},
                            topdir('fa_taint') );};

    like( $@, qr|Insecure dependency|, 'Not untainting causes death (good)' );
    chdir($cwd_untainted);

    # untaint pattern doesn't match, should die
    undef $@;

    eval {File::Find::find( {wanted => \&simple_wanted, follow => 1,
                             untaint => 1, untaint_pattern =>
                             qr|^(NO_MATCH)$|}, topdir('fa_taint') );};

    like( $@, qr|is still tainted|, 'Bat untaint pattern causes death (good)' );
    chdir($cwd_untainted);

    # untaint pattern doesn't match, should die when we chdir to cwd
    print "# check untaint_skip (Follow)\n";
    undef $@;

    eval {File::Find::find( {wanted => \&simple_wanted, untaint => 1,
                             untaint_skip => 1, untaint_pattern =>
                             qr|^(NO_MATCH)$|}, topdir('fa_taint') );};
    like( $@, qr|insecure cwd|, 'Cwd not untainted with bad pattern (good)' );

    chdir($cwd_untainted);
}