diff options
author | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-26 10:47:12 +0300 |
---|---|---|
committer | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-26 10:47:12 +0300 |
commit | aedbb005ce81270238e21699aa66ed46081ee94d (patch) | |
tree | 6a1e14e0c798ea0cd85e0866738f6e5bc9026357 /internal/domain/domain_test.go | |
parent | 5cffa83537890540d74664a43e828cd81a164980 (diff) | |
parent | d4586dad212c0048d2c535392ec4a53ebdf0c51c (diff) |
Merge branch 'security-1-1-fix-toctou-race' into '1-1-stable'v1.1.11-1-stable
[1.1] Fix TOCTOU race condition when serving files
See merge request gitlab/gitlab-pages!5
Diffstat (limited to 'internal/domain/domain_test.go')
-rw-r--r-- | internal/domain/domain_test.go | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/internal/domain/domain_test.go b/internal/domain/domain_test.go index 39976bfe..df4a7fee 100644 --- a/internal/domain/domain_test.go +++ b/internal/domain/domain_test.go @@ -361,6 +361,29 @@ func TestCacheControlHeaders(t *testing.T) { assert.WithinDuration(t, now.UTC().Add(10*time.Minute), expiresTime.UTC(), time.Minute) } +func TestOpenNoFollow(t *testing.T) { + tmpfile, err := ioutil.TempFile("", "link-test") + require.NoError(t, err) + defer tmpfile.Close() + + orig := tmpfile.Name() + softLink := orig + ".link" + defer os.Remove(orig) + + source, err := openNoFollow(orig) + require.NoError(t, err) + require.NotNil(t, source) + defer source.Close() + + err = os.Symlink(orig, softLink) + require.NoError(t, err) + defer os.Remove(softLink) + + link, err := openNoFollow(softLink) + require.Error(t, err) + require.Nil(t, link) +} + var chdirSet = false func setUpTests() { |