From a784d7887e793e50a7a55c398557cf010c2a065c Mon Sep 17 00:00:00 2001 From: Chris Lovering Date: Tue, 10 Oct 2023 15:25:35 +0100 Subject: [PATCH] Add additional tests to ensure invalid binary paths are not ran --- tests/test_integration.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/test_integration.py b/tests/test_integration.py index 4ea9b65f..ce01bb89 100644 --- a/tests/test_integration.py +++ b/tests/test_integration.py @@ -81,6 +81,25 @@ def test_multi_binary_support(self): self.assertEqual(status, 200) self.assertEqual(json.loads(response)["stdout"], expected) + def invalid_binary_paths(self): + """Test that passing invalid binary paths result in no code execution.""" + with run_gunicorn(): + cases = [ + ("/bin/bash", "test files outside of /lang cannot be ran"), + ( + "/lang/../bin/bash", + "test path traversal still stops files outside /lang from running", + ), + ("/foo/bar", "test non-existant files are not ran"), + ] + for path, msg in cases: + with self.subTest(msg=msg, path=path): + body = {"args": ["-c", "echo", "hi"], "binary_path": path} + response, status = snekbox_request(body) + self.assertEqual(status, 400) + expected = {"title": "binary_path file is invalid"} + self.assertEqual(json.loads(response)["stdout"], expected) + def test_eval(self): """Test normal eval requests without files.""" with run_gunicorn():