mirror of
https://github.com/arcan1s/ahriman.git
synced 2025-04-26 08:17:17 +00:00
Evgenii Alekseev
69f0966ff1
It has been found that previous system didn't allow to configure specific cases (e.g. a whitelisted directory inside /usr/lib/cmake). The current solution replaces two options to single one, which also allows a regular expressions Also PackageArchive class has been moved to core package, because it is more about service rather than model
33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
from pathlib import Path
|
|
|
|
from ahriman.models.scan_paths import ScanPaths
|
|
|
|
|
|
def test_is_allowed() -> None:
|
|
"""
|
|
must check if path is subpath of one in allowed list
|
|
"""
|
|
assert ScanPaths(["usr"]).is_allowed(Path("usr"))
|
|
assert ScanPaths(["usr"]).is_allowed(Path("usr") / "lib")
|
|
assert not ScanPaths(["usr"]).is_allowed(Path("var"))
|
|
|
|
assert ScanPaths(["usr(?!/lib)"]).is_allowed(Path("usr"))
|
|
assert ScanPaths(["usr(?!/lib)", "var"]).is_allowed(Path("var"))
|
|
assert not ScanPaths(["usr(?!/lib)"]).is_allowed(Path("usr") / "lib")
|
|
|
|
|
|
def test_is_allowed_default(scan_paths: ScanPaths) -> None:
|
|
"""
|
|
must provide expected default configuration
|
|
"""
|
|
assert not scan_paths.is_allowed(Path("usr"))
|
|
assert not scan_paths.is_allowed(Path("var"))
|
|
|
|
assert scan_paths.is_allowed(Path("usr") / "lib")
|
|
assert scan_paths.is_allowed(Path("usr") / "lib" / "libm.so")
|
|
|
|
# cmake case
|
|
assert scan_paths.is_allowed(Path("usr") / "lib" / "libcmake.so")
|
|
assert not scan_paths.is_allowed(Path("usr") / "lib" / "cmake")
|
|
assert not scan_paths.is_allowed(Path("usr") / "lib" / "cmake" / "file.cmake")
|