2015-02-27 10:38:57 -05:00
|
|
|
should = require('chai').should()
|
|
|
|
SandboxedModule = require('sandboxed-module')
|
|
|
|
assert = require('assert')
|
|
|
|
path = require('path')
|
|
|
|
sinon = require('sinon')
|
|
|
|
modulePath = path.join __dirname, "../../../app/js/StaticServerForbidSymlinks"
|
|
|
|
expect = require("chai").expect
|
|
|
|
|
|
|
|
describe "StaticServerForbidSymlinks", ->
|
|
|
|
|
|
|
|
beforeEach ->
|
|
|
|
|
|
|
|
@settings =
|
|
|
|
path:
|
|
|
|
compilesDir: "/compiles/here"
|
|
|
|
|
|
|
|
@fs = {}
|
|
|
|
@ForbidSymlinks = SandboxedModule.require modulePath, requires:
|
|
|
|
"settings-sharelatex":@settings
|
|
|
|
"logger-sharelatex":
|
|
|
|
log:->
|
|
|
|
warn:->
|
2015-05-11 07:10:13 -04:00
|
|
|
error:->
|
2015-02-27 10:38:57 -05:00
|
|
|
"fs":@fs
|
|
|
|
|
|
|
|
@dummyStatic = (rootDir, options) ->
|
|
|
|
return (req, res, next) ->
|
|
|
|
# console.log "dummyStatic serving file", rootDir, "called with", req.url
|
|
|
|
# serve it
|
|
|
|
next()
|
|
|
|
|
|
|
|
@StaticServerForbidSymlinks = @ForbidSymlinks @dummyStatic, @settings.path.compilesDir
|
|
|
|
@req =
|
|
|
|
params:
|
|
|
|
project_id:"12345"
|
|
|
|
|
|
|
|
@res = {}
|
|
|
|
@req.url = "/12345/output.pdf"
|
|
|
|
|
|
|
|
|
|
|
|
describe "sending a normal file through", ->
|
|
|
|
beforeEach ->
|
|
|
|
@fs.realpath = sinon.stub().callsArgWith(1, null, "#{@settings.path.compilesDir}/#{@req.params.project_id}/output.pdf")
|
|
|
|
|
|
|
|
it "should call next", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 200
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res, done
|
|
|
|
|
|
|
|
|
|
|
|
describe "with a missing file", ->
|
|
|
|
beforeEach ->
|
|
|
|
@fs.realpath = sinon.stub().callsArgWith(1, {code: 'ENOENT'}, "#{@settings.path.compilesDir}/#{@req.params.project_id}/unknown.pdf")
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
|
|
|
|
|
|
|
describe "with a symlink file", ->
|
|
|
|
beforeEach ->
|
|
|
|
@fs.realpath = sinon.stub().callsArgWith(1, null, "/etc/#{@req.params.project_id}/output.pdf")
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
2015-05-11 07:10:13 -04:00
|
|
|
|
|
|
|
describe "with a relative file", ->
|
|
|
|
beforeEach ->
|
|
|
|
@req.url = "/12345/../67890/output.pdf"
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
|
|
|
|
|
|
|
describe "with a unnormalized file containing .", ->
|
|
|
|
beforeEach ->
|
|
|
|
@req.url = "/12345/foo/./output.pdf"
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
|
|
|
|
|
|
|
describe "with a file containing an empty path", ->
|
|
|
|
beforeEach ->
|
|
|
|
@req.url = "/12345/foo//output.pdf"
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
|
|
|
describe "with a non-project file", ->
|
|
|
|
beforeEach ->
|
|
|
|
@req.url = "/.foo/output.pdf"
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
|
|
|
describe "with a file outside the compiledir", ->
|
|
|
|
beforeEach ->
|
|
|
|
@req.url = "/../bar/output.pdf"
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
|
|
|
|
|
|
|
describe "with a file with no leading /", ->
|
|
|
|
beforeEach ->
|
|
|
|
@req.url = "./../bar/output.pdf"
|
|
|
|
|
|
|
|
it "should send a 404", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 404
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|
2015-05-12 10:17:18 -04:00
|
|
|
describe "with a github style path", ->
|
|
|
|
beforeEach ->
|
|
|
|
@req.url = "/henryoswald-latex_example/output/output.log"
|
|
|
|
@fs.realpath = sinon.stub().callsArgWith(1, null, "#{@settings.path.compilesDir}/henryoswald-latex_example/output/output.log")
|
|
|
|
|
|
|
|
it "should call next", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 200
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res, done
|
|
|
|
|
2015-02-27 10:38:57 -05:00
|
|
|
describe "with an error from fs.realpath", ->
|
|
|
|
|
|
|
|
beforeEach ->
|
|
|
|
@fs.realpath = sinon.stub().callsArgWith(1, "error")
|
|
|
|
|
|
|
|
it "should send a 500", (done)->
|
|
|
|
@res.sendStatus = (resCode)->
|
|
|
|
resCode.should.equal 500
|
|
|
|
done()
|
|
|
|
@StaticServerForbidSymlinks @req, @res
|
|
|
|
|