From 76ec6a2f93097a48899bd7ac3d2ca4bbc844daaf Mon Sep 17 00:00:00 2001
From: Jaime Martinez <jmartinez@gitlab.com>
Date: Wed, 27 Jan 2021 17:03:49 +1100
Subject: Add jail test for linux

---
 internal/jail/jail.go            | 12 +++++++++++-
 internal/jail/jail_linux_test.go | 33 +++++++++++++++++++++++++++++++++
 internal/jail/jail_test.go       | 17 +++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 internal/jail/jail_linux_test.go

diff --git a/internal/jail/jail.go b/internal/jail/jail.go
index 13c6c76d..096702ce 100644
--- a/internal/jail/jail.go
+++ b/internal/jail/jail.go
@@ -78,7 +78,17 @@ func (j *Jail) Build() error {
 	}
 
 	for _, dir := range j.directories {
-		if err := os.MkdirAll(dir.path, dir.mode); err != nil {
+		// create all subdirectories when jail.Create is called as all sub dirs will
+		// be removed on removal
+		if j.deleteRoot {
+			if err := os.MkdirAll(dir.path, dir.mode); err != nil {
+				j.removeAll()
+				return fmt.Errorf("can't create directory %q. %s", dir.path, err)
+			}
+			continue
+		}
+
+		if err := os.Mkdir(dir.path, dir.mode); err != nil {
 			j.removeAll()
 			return fmt.Errorf("can't create directory %q. %s", dir.path, err)
 		}
diff --git a/internal/jail/jail_linux_test.go b/internal/jail/jail_linux_test.go
new file mode 100644
index 00000000..8c439d53
--- /dev/null
+++ b/internal/jail/jail_linux_test.go
@@ -0,0 +1,33 @@
+package jail_test
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"gitlab.com/gitlab-org/gitlab-pages/internal/jail"
+)
+
+func TestJailCreateAndCleanSubPaths(t *testing.T) {
+	jailPath := tmpJailPath()
+	subPath := "/pages/sub/path"
+
+	require.NoError(t, os.MkdirAll(jailPath+subPath, 0755))
+	defer os.RemoveAll(jailPath)
+
+	cage := jail.CreateTimestamped("gitlab-pages", 0755)
+
+	// Bind mount shared folder
+	cage.MkDir(subPath, 0755)
+	cage.Bind(subPath, subPath)
+
+	require.NoError(t, cage.Build())
+	require.NoError(t, cage.Dispose())
+
+	_, err := os.Stat(path.Join(jailPath, subPath))
+	require.True(t, os.IsNotExist(err), "%s in jail was not removed", subPath)
+	_, err = os.Stat(jailPath)
+	require.NoError(t, err, "/ in jail (corresponding to external directory) was removed")
+}
diff --git a/internal/jail/jail_test.go b/internal/jail/jail_test.go
index ed52c39b..2e505803 100644
--- a/internal/jail/jail_test.go
+++ b/internal/jail/jail_test.go
@@ -295,3 +295,20 @@ func TestJailIntoCleansNestedDirs(t *testing.T) {
 	_, err := os.Stat(jailPath)
 	require.NoError(t, err, "/ in jail (corresponding to external directory) was removed")
 }
+
+func TestJailIntoSubpathsFails(t *testing.T) {
+	jailPath := tmpJailPath()
+	require.NoError(t, os.MkdirAll(jailPath, 0755))
+	defer os.RemoveAll(jailPath)
+
+	pagesRoot := "/pages/sub/path"
+
+	chroot := jail.Into(jailPath)
+	chroot.MkDir(pagesRoot, 0755)
+	err := chroot.Build()
+	require.Error(t, err, "err")
+	require.Contains(t, err.Error(), "no such file or directory")
+
+	_, err = os.Stat(path.Join(jailPath, pagesRoot))
+	require.True(t, os.IsNotExist(err), "%s in jail was not removed", pagesRoot)
+}
-- 
cgit v1.2.3