ssl_permissions_test.go

Documentation: github.com/lib/pq

     1  //go:build !windows
     2  // +build !windows
     3  
     4  package pq
     5  
     6  import (
     7  	"os"
     8  	"syscall"
     9  	"testing"
    10  	"time"
    11  )
    12  
    13  type stat_t_wrapper struct {
    14  	stat syscall.Stat_t
    15  }
    16  
    17  func (stat_t *stat_t_wrapper) Name() string {
    18  	return "pem.key"
    19  }
    20  
    21  func (stat_t *stat_t_wrapper) Size() int64 {
    22  	return int64(100)
    23  }
    24  
    25  func (stat_t *stat_t_wrapper) Mode() os.FileMode {
    26  	return os.FileMode(stat_t.stat.Mode)
    27  }
    28  
    29  func (stat_t *stat_t_wrapper) ModTime() time.Time {
    30  	return time.Now()
    31  }
    32  
    33  func (stat_t *stat_t_wrapper) IsDir() bool {
    34  	return true
    35  }
    36  
    37  func (stat_t *stat_t_wrapper) Sys() interface{} {
    38  	return &stat_t.stat
    39  }
    40  
    41  func TestHasCorrectRootGroupPermissions(t *testing.T) {
    42  	currentUID := uint32(os.Getuid())
    43  	currentGID := uint32(os.Getgid())
    44  
    45  	testData := []struct {
    46  		expectedError error
    47  		stat          syscall.Stat_t
    48  	}{
    49  		{
    50  			expectedError: nil,
    51  			stat: syscall.Stat_t{
    52  				Mode: 0600,
    53  				Uid:  currentUID,
    54  				Gid:  currentGID,
    55  			},
    56  		},
    57  		{
    58  			expectedError: nil,
    59  			stat: syscall.Stat_t{
    60  				Mode: 0640,
    61  				Uid:  0,
    62  				Gid:  currentGID,
    63  			},
    64  		},
    65  		{
    66  			expectedError: errSSLKeyHasUnacceptableUserPermissions,
    67  			stat: syscall.Stat_t{
    68  				Mode: 0666,
    69  				Uid:  currentUID,
    70  				Gid:  currentGID,
    71  			},
    72  		},
    73  		{
    74  			expectedError: errSSLKeyHasUnacceptableRootPermissions,
    75  			stat: syscall.Stat_t{
    76  				Mode: 0666,
    77  				Uid:  0,
    78  				Gid:  currentGID,
    79  			},
    80  		},
    81  	}
    82  
    83  	for _, test := range testData {
    84  		wrapper := &stat_t_wrapper{
    85  			stat: test.stat,
    86  		}
    87  
    88  		if test.expectedError != hasCorrectPermissions(wrapper) {
    89  			if test.expectedError == nil {
    90  				t.Errorf(
    91  					"file owned by %d:%d with %s should not have failed check with error \"%s\"",
    92  					test.stat.Uid,
    93  					test.stat.Gid,
    94  					wrapper.Mode(),
    95  					hasCorrectPermissions(wrapper),
    96  				)
    97  				continue
    98  			}
    99  			t.Errorf(
   100  				"file owned by %d:%d with %s, expected \"%s\", got \"%s\"",
   101  				test.stat.Uid,
   102  				test.stat.Gid,
   103  				wrapper.Mode(),
   104  				test.expectedError,
   105  				hasCorrectPermissions(wrapper),
   106  			)
   107  		}
   108  	}
   109  }
   110
View as plain text