import os
from django.core.exceptions import SuspiciousFileOperation
from django.core.files.base import ContentFile
from django.core.files.storage import FileSystemStorage, Storage
from django.db.models import FileField
from django.test import SimpleTestCase
class AWSS3Storage(Storage):
"""
Simulate an AWS S3 storage which uses Unix-like paths and allows anycharacters in file names but where there aren't actual folders but justkeys."""prefix = "mys3folder/"
def _save(self, name, content):
"""
This method is important to test that Storage.save() doesn't replace'\' with '/' (rather FileSystemStorage.save() does).
"""return name
def get_valid_name(self, name):
return name
def get_available_name(self, name, max_length=None):
return name
def generate_filename(self, filename):
"""
This is the method that's important to override when using S3 so thatos.path() isn't called, which would break S3 keys."""return self.prefix + self.get_valid_name(filename)
class GenerateFilenameStorageTests(SimpleTestCase):
def test_storage_dangerous_paths(self):
candidates = [("/tmp/..", ".."),
("/tmp/.", "."),
("", ""),]s = FileSystemStorage()
msg = "Could not derive file name from '%s'"
for file_name, base_name in candidates:
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg % base_name):
s.get_available_name(file_name)
with self.assertRaisesMessage(SuspiciousFileOperation, msg % base_name):
s.generate_filename(file_name)
def test_storage_dangerous_paths_dir_name(self):
candidates = [("tmp/../path", "tmp/.."),
("tmp\\..\\path", "tmp/.."),
("/tmp/../path", "/tmp/.."),
("\\tmp\\..\\path", "/tmp/.."),
]s = FileSystemStorage()
for file_name, path in candidates:
msg = "Detected path traversal attempt in '%s'" % path
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
s.get_available_name(file_name)
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
s.generate_filename(file_name)
def test_filefield_dangerous_filename(self):
candidates = [("..", "some/folder/.."),
(".", "some/folder/."),
("", "some/folder/"),
("???", "???"),
("$.$.$", "$.$.$"),
]f = FileField(upload_to="some/folder/")
for file_name, msg_file_name in candidates:
msg = f"Could not derive file name from '{msg_file_name}'"
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
f.generate_filename(None, file_name)
def test_filefield_dangerous_filename_dot_segments(self):
f = FileField(upload_to="some/folder/")
msg = "Detected path traversal attempt in 'some/folder/../path'"
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
f.generate_filename(None, "../path")
def test_filefield_generate_filename_absolute_path(self):
f = FileField(upload_to="some/folder/")
candidates = ["/tmp/path",
"/tmp/../path",
]for file_name in candidates:
msg = f"Detected path traversal attempt in '{file_name}'"
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
f.generate_filename(None, file_name)
def test_filefield_generate_filename(self):
f = FileField(upload_to="some/folder/")
self.assertEqual(
f.generate_filename(None, "test with space.txt"),
os.path.normpath("some/folder/test_with_space.txt"),
)def test_filefield_generate_filename_with_upload_to(self):
def upload_to(instance, filename):
return "some/folder/" + filename
f = FileField(upload_to=upload_to)
self.assertEqual(
f.generate_filename(None, "test with space.txt"),
os.path.normpath("some/folder/test_with_space.txt"),
)def test_filefield_generate_filename_upload_to_overrides_dangerous_filename(self):
def upload_to(instance, filename):
return "test.txt"
f = FileField(upload_to=upload_to)
candidates = ["/tmp/.",
"/tmp/..",
"/tmp/../path",
"/tmp/path",
"some/folder/",
"some/folder/.",
"some/folder/..",
"some/folder/???",
"some/folder/$.$.$",
"some/../test.txt",
"",]for file_name in candidates:
with self.subTest(file_name=file_name):
self.assertEqual(f.generate_filename(None, file_name), "test.txt")
def test_filefield_generate_filename_upload_to_absolute_path(self):
def upload_to(instance, filename):
return "/tmp/" + filename
f = FileField(upload_to=upload_to)
candidates = ["path",
"../path",
"???",
"$.$.$",
]for file_name in candidates:
msg = f"Detected path traversal attempt in '/tmp/{file_name}'"
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
f.generate_filename(None, file_name)
def test_filefield_generate_filename_upload_to_dangerous_filename(self):
def upload_to(instance, filename):
return "/tmp/" + filename
f = FileField(upload_to=upload_to)
candidates = ["..", ".", ""]
for file_name in candidates:
msg = f"Could not derive file name from '/tmp/{file_name}'"
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
f.generate_filename(None, file_name)
def test_filefield_awss3_storage(self):
"""
Simulate a FileField with an S3 storage which uses keys rather thanfolders and names. FileField and Storage shouldn't have any os.path()calls that break the key."""storage = AWSS3Storage()
folder = "not/a/folder/"
f = FileField(upload_to=folder, storage=storage)
key = "my-file-key\\with odd characters"
data = ContentFile("test")
expected_key = AWSS3Storage.prefix + folder + key# Simulate call to f.save()
result_key = f.generate_filename(None, key)
self.assertEqual(result_key, expected_key)
result_key = storage.save(result_key, data)
self.assertEqual(result_key, expected_key)
# Repeat test with a callable.
def upload_to(instance, filename):
# Return a non-normalized path on purpose.
return folder + filename
f = FileField(upload_to=upload_to, storage=storage)
# Simulate call to f.save()
result_key = f.generate_filename(None, key)
self.assertEqual(result_key, expected_key)
result_key = storage.save(result_key, data)
self.assertEqual(result_key, expected_key)