diff options
| author | R David Murray <rdmurray@bitdance.com> | 2013-09-18 00:30:02 (GMT) |
|---|---|---|
| committer | R David Murray <rdmurray@bitdance.com> | 2013-09-18 00:30:02 (GMT) |
| commit | 104aab956f6de4131cab800f742cc108f9f92edf (patch) | |
| tree | 2d651d492a76a00270e0c86bf9c1a2a289e12219 /Lib/test/test_netrc.py | |
| parent | c17a8dfaca76016202c49b2150c946f5ba70db29 (diff) | |
| download | cpython-104aab956f6de4131cab800f742cc108f9f92edf.zip cpython-104aab956f6de4131cab800f742cc108f9f92edf.tar.gz cpython-104aab956f6de4131cab800f742cc108f9f92edf.tar.bz2 | |
#14984: On POSIX, enforce permissions when reading default .netrc.
Initial patch by Bruno Piguet.
This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it. Fixing that issue will be an enhancement.
Diffstat (limited to 'Lib/test/test_netrc.py')
| -rw-r--r-- | Lib/test/test_netrc.py | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/Lib/test/test_netrc.py b/Lib/test/test_netrc.py index ef70e37..60a3ec9 100644 --- a/Lib/test/test_netrc.py +++ b/Lib/test/test_netrc.py @@ -5,9 +5,6 @@ temp_filename = support.TESTFN class NetrcTestCase(unittest.TestCase): - def tearDown(self): - os.unlink(temp_filename) - def make_nrc(self, test_data): test_data = textwrap.dedent(test_data) mode = 'w' @@ -15,6 +12,7 @@ class NetrcTestCase(unittest.TestCase): mode += 't' with open(temp_filename, mode) as fp: fp.write(test_data) + self.addCleanup(os.unlink, temp_filename) return netrc.netrc(temp_filename) def test_default(self): @@ -103,6 +101,28 @@ class NetrcTestCase(unittest.TestCase): """, '#pass') + @unittest.skipUnless(os.name == 'posix', 'POSIX only test') + def test_security(self): + # This test is incomplete since we are normally not run as root and + # therefore can't test the file ownership being wrong. + d = support.TESTFN + os.mkdir(d) + self.addCleanup(support.rmtree, d) + fn = os.path.join(d, '.netrc') + with open(fn, 'wt') as f: + f.write("""\ + machine foo.domain.com login bar password pass + default login foo password pass + """) + with support.EnvironmentVarGuard() as environ: + environ.set('HOME', d) + os.chmod(fn, 0o600) + nrc = netrc.netrc() + self.assertEqual(nrc.hosts['foo.domain.com'], + ('bar', None, 'pass')) + os.chmod(fn, 0o622) + self.assertRaises(netrc.NetrcParseError, netrc.netrc) + def test_main(): support.run_unittest(NetrcTestCase) |