1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
//go:build !windows
// +build !windows
package pq
import (
"os"
"syscall"
"testing"
"time"
)
type stat_t_wrapper struct {
stat syscall.Stat_t
}
func (stat_t *stat_t_wrapper) Name() string {
return "pem.key"
}
func (stat_t *stat_t_wrapper) Size() int64 {
return int64(100)
}
func (stat_t *stat_t_wrapper) Mode() os.FileMode {
return os.FileMode(stat_t.stat.Mode)
}
func (stat_t *stat_t_wrapper) ModTime() time.Time {
return time.Now()
}
func (stat_t *stat_t_wrapper) IsDir() bool {
return true
}
func (stat_t *stat_t_wrapper) Sys() interface{} {
return &stat_t.stat
}
func TestHasCorrectRootGroupPermissions(t *testing.T) {
currentUID := uint32(os.Getuid())
currentGID := uint32(os.Getgid())
testData := []struct {
expectedError error
stat syscall.Stat_t
}{
{
expectedError: nil,
stat: syscall.Stat_t{
Mode: 0600,
Uid: currentUID,
Gid: currentGID,
},
},
{
expectedError: nil,
stat: syscall.Stat_t{
Mode: 0640,
Uid: 0,
Gid: currentGID,
},
},
{
expectedError: errSSLKeyHasUnacceptableUserPermissions,
stat: syscall.Stat_t{
Mode: 0666,
Uid: currentUID,
Gid: currentGID,
},
},
{
expectedError: errSSLKeyHasUnacceptableRootPermissions,
stat: syscall.Stat_t{
Mode: 0666,
Uid: 0,
Gid: currentGID,
},
},
}
for _, test := range testData {
wrapper := &stat_t_wrapper{
stat: test.stat,
}
if test.expectedError != hasCorrectPermissions(wrapper) {
if test.expectedError == nil {
t.Errorf(
"file owned by %d:%d with %s should not have failed check with error \"%s\"",
test.stat.Uid,
test.stat.Gid,
wrapper.Mode(),
hasCorrectPermissions(wrapper),
)
continue
}
t.Errorf(
"file owned by %d:%d with %s, expected \"%s\", got \"%s\"",
test.stat.Uid,
test.stat.Gid,
wrapper.Mode(),
test.expectedError,
hasCorrectPermissions(wrapper),
)
}
}
}
|
