1
=== modified file 'license_protected_downloads/tests/test_views.py'
2
--- license_protected_downloads/tests/test_views.py	2012-08-20 15:41:26 +0000
3
+++ license_protected_downloads/tests/test_views.py	2012-08-22 13:54:30 +0000
4
@@ -411,5 +411,24 @@
5
411
        # If a build-info file is invalid, we don't allow access
411
        # If a build-info file is invalid, we don't allow access
6
412
        self.assertEqual(response.status_code, 403)
412
        self.assertEqual(response.status_code, 403)
7
413
413
8
414
    def test_unable_to_download_hidden_files(self):
9
415
        target_file = '~linaro-android/staging-vexpress-a9/OPEN-EULA.txt'
10
416
        url = urlparse.urljoin("http://testserver/", target_file)
11
417
        response = self.client.get(url, follow=True)
12
418
13
419
        # This file exists, but isn't listed so we shouldn't be able to
14
420
        # download it.
15
421
        self.assertEqual(response.status_code, 404)
16
422
17
423
    def test_dot_files_are_hidden(self):
18
424
        target_file = 'open'
19
425
        url = urlparse.urljoin("http://testserver/", target_file)
20
426
        response = self.client.get(url, follow=True)
21
427
22
428
        # the directory open contains .hidden.txt - we shouldn't be able to
23
429
        # see it in the listing.
24
430
        self.assertNotContains(response, ".hidden.txt")
25
431
26
432
27
414
if __name__ == '__main__':
433
if __name__ == '__main__':
28
415
    unittest.main()
434
    unittest.main()
29
416
435
30
=== added directory 'license_protected_downloads/tests/testserver_root/open'
31
=== added file 'license_protected_downloads/tests/testserver_root/open/.hidden.txt'
32
=== added file 'license_protected_downloads/tests/testserver_root/open/OPEN-EULA.txt'
33
=== modified file 'license_protected_downloads/views.py'
34
--- license_protected_downloads/views.py	2012-08-20 15:41:26 +0000
35
+++ license_protected_downloads/views.py	2012-08-22 13:54:30 +0000
36
@@ -26,7 +26,7 @@
37
26
26
38
27
27
39
28
def _hidden_file(file_name):
28
def _hidden_file(file_name):
41
29
    hidden_files = ["BUILD-INFO.txt", "EULA.txt", ".htaccess", "HEADER.html"]
29
    hidden_files = ["BUILD-INFO.txt", "EULA.txt", r"^\.", "HEADER.html"]
42
30
    for pattern in hidden_files:
30
    for pattern in hidden_files:
43
31
        if re.search(pattern, file_name):
31
        if re.search(pattern, file_name):
44
32
            return True
32
            return True
45
@@ -34,7 +34,7 @@
46
34
34
47
35
35
48
36
def _hidden_dir(file_name):
36
def _hidden_dir(file_name):
50
37
    hidden_files = [".*openid.*", ".*restricted.*", ".*private.*"]
37
    hidden_files = [".*openid.*", ".*restricted.*", ".*private.*", r"^\."]
51
38
    for pattern in hidden_files:
38
    for pattern in hidden_files:
52
39
        if re.search(pattern, file_name):
39
        if re.search(pattern, file_name):
53
40
            return True
40
            return True
54
@@ -246,6 +246,20 @@
55
246
    return redirect('/')
246
    return redirect('/')
56
247
247
57
248
248
58
249
def file_listed(path, url):
59
250
    """Boolean response to "does this files show up in a directory listing."""
60
251
    file_name = os.path.basename(path)
61
252
    dir_name = os.path.dirname(path)
62
253
63
254
    found = False
64
255
    file_list = dir_list(url, dir_name)
65
256
    for file in file_list:
66
257
        if file["name"] == file_name:
67
258
            found = True
68
259
69
260
    return found
70
261
71
262
72
249
def file_server(request, path):
263
def file_server(request, path):
73
250
    url = path
264
    url = path
74
251
    result = test_path(path)
265
    result = test_path(path)
75
@@ -293,6 +307,12 @@
76
293
307
77
294
    file_name = os.path.basename(path)
308
    file_name = os.path.basename(path)
78
295
309
79
310
    # If the file listing doesn't contain the file requested for download,
80
311
    # return a 404. This prevents the download of BUILD-INFO.txt and other
81
312
    # hidden files.
82
313
    if not file_listed(path, url):
83
314
        raise Http404
84
315
85
296
    response = None
316
    response = None
86
297
    if get_client_ip(request) in config.INTERNAL_HOSTS:
317
    if get_client_ip(request) in config.INTERNAL_HOSTS:
87
298
        digests = 'OPEN'
318
        digests = 'OPEN'
88
299
319
89
=== added directory 'sampleroot/open'
90
=== added file 'sampleroot/open/.hidden.txt'
91
=== added file 'sampleroot/open/OPEN-EULA.txt'
Status:	Merged
Approved by:	Stevan Radaković on 2012-08-22
Approved revision:	109
Merged at revision:	108
Proposed branch:	lp:~dooferlad/linaro-license-protection/protect_hidden_files
Merge into:	lp:~linaro-automation/linaro-license-protection/trunk
Diff against target:	91 lines (+41/-2) 2 files modified license_protected_downloads/tests/test_views.py (+19/-0) license_protected_downloads/views.py (+22/-2)
To merge this branch:	bzr merge lp:~dooferlad/linaro-license-protection/protect_hidden_files
Related bugs:	Link a bug report
Reviewer	Review Type	Date Requested	Status
Stevan Radaković		2012-08-22	Approve on 2012-08-22
Review via email: mp+120753@code.launchpad.net
1	=== modified file 'license_protected_downloads/tests/test_views.py'
2	--- license_protected_downloads/tests/test_views.py 2012-08-20 15:41:26 +0000
3	+++ license_protected_downloads/tests/test_views.py 2012-08-22 13:54:30 +0000
4	@@ -411,5 +411,24 @@
5	411	# If a build-info file is invalid, we don't allow access	411	# If a build-info file is invalid, we don't allow access
6	412	self.assertEqual(response.status_code, 403)	412	self.assertEqual(response.status_code, 403)
7	413		413
8			414	def test_unable_to_download_hidden_files(self):
9			415	target_file = '~linaro-android/staging-vexpress-a9/OPEN-EULA.txt'
10			416	url = urlparse.urljoin("http://testserver/", target_file)
11			417	response = self.client.get(url, follow=True)
12			418
13			419	# This file exists, but isn't listed so we shouldn't be able to
14			420	# download it.
15			421	self.assertEqual(response.status_code, 404)
16			422
17			423	def test_dot_files_are_hidden(self):
18			424	target_file = 'open'
19			425	url = urlparse.urljoin("http://testserver/", target_file)
20			426	response = self.client.get(url, follow=True)
21			427
22			428	# the directory open contains .hidden.txt - we shouldn't be able to
23			429	# see it in the listing.
24			430	self.assertNotContains(response, ".hidden.txt")
25			431
26			432
27	414	if __name__ == '__main__':	433	if __name__ == '__main__':
28	415	unittest.main()	434	unittest.main()
29	416		435
30	=== added directory 'license_protected_downloads/tests/testserver_root/open'
31	=== added file 'license_protected_downloads/tests/testserver_root/open/.hidden.txt'
32	=== added file 'license_protected_downloads/tests/testserver_root/open/OPEN-EULA.txt'
33	=== modified file 'license_protected_downloads/views.py'
34	--- license_protected_downloads/views.py 2012-08-20 15:41:26 +0000
35	+++ license_protected_downloads/views.py 2012-08-22 13:54:30 +0000
36	@@ -26,7 +26,7 @@
37	26		26
38	27		27
39	28	def _hidden_file(file_name):	28	def _hidden_file(file_name):
41	29	hidden_files = ["BUILD-INFO.txt", "EULA.txt", ".htaccess", "HEADER.html"]	29	hidden_files = ["BUILD-INFO.txt", "EULA.txt", r"^\.", "HEADER.html"]
42	30	for pattern in hidden_files:	30	for pattern in hidden_files:
43	31	if re.search(pattern, file_name):	31	if re.search(pattern, file_name):
44	32	return True	32	return True
45	@@ -34,7 +34,7 @@
46	34		34
47	35		35
48	36	def _hidden_dir(file_name):	36	def _hidden_dir(file_name):
50	37	hidden_files = [".openid.", ".restricted.", ".private."]	37	hidden_files = [".openid.", ".restricted.", ".private.", r"^\."]
51	38	for pattern in hidden_files:	38	for pattern in hidden_files:
52	39	if re.search(pattern, file_name):	39	if re.search(pattern, file_name):
53	40	return True	40	return True
54	@@ -246,6 +246,20 @@
55	246	return redirect('/')	246	return redirect('/')
56	247		247
57	248		248
58			249	def file_listed(path, url):
59			250	"""Boolean response to "does this files show up in a directory listing."""
60			251	file_name = os.path.basename(path)
61			252	dir_name = os.path.dirname(path)
62			253
63			254	found = False
64			255	file_list = dir_list(url, dir_name)
65			256	for file in file_list:
66			257	if file["name"] == file_name:
67			258	found = True
68			259
69			260	return found
70			261
71			262
72	249	def file_server(request, path):	263	def file_server(request, path):
73	250	url = path	264	url = path
74	251	result = test_path(path)	265	result = test_path(path)
75	@@ -293,6 +307,12 @@
76	293		307
77	294	file_name = os.path.basename(path)	308	file_name = os.path.basename(path)
78	295		309
79			310	# If the file listing doesn't contain the file requested for download,
80			311	# return a 404. This prevents the download of BUILD-INFO.txt and other
81			312	# hidden files.
82			313	if not file_listed(path, url):
83			314	raise Http404
84			315
85	296	response = None	316	response = None
86	297	if get_client_ip(request) in config.INTERNAL_HOSTS:	317	if get_client_ip(request) in config.INTERNAL_HOSTS:
87	298	digests = 'OPEN'	318	digests = 'OPEN'
88	299		319
89	=== added directory 'sampleroot/open'
90	=== added file 'sampleroot/open/.hidden.txt'
91	=== added file 'sampleroot/open/OPEN-EULA.txt'