From 770acc77652fe07593e8034f2212c732e319f72b Mon Sep 17 00:00:00 2001 From: Paul Van Eck Date: Tue, 23 May 2017 18:17:38 -0700 Subject: [PATCH] Check conf file permission Since SafeConfigParser.read doesn't thrown an exception when a file can not be opened, we must explicitly check first. Change-Id: Ifa5c58e5c30323956a401beae9396ffb0b97dbd9 Closes-Bug: #1692587 --- refstack_client/refstack_client.py | 5 +++++ refstack_client/tests/unit/test_client.py | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/refstack_client/refstack_client.py b/refstack_client/refstack_client.py index 2f9da92..d96e0d3 100755 --- a/refstack_client/refstack_client.py +++ b/refstack_client/refstack_client.py @@ -93,6 +93,11 @@ class RefstackClient: self.logger.error("Conf file not valid: %s" % self.args.conf_file) exit(1) + if not os.access(self.args.conf_file, os.R_OK): + self.logger.error("You do not have read access to: %s" + % self.args.conf_file) + exit(1) + # Initialize environment variables with config file info os.environ["TEMPEST_CONFIG_DIR"] = os.path.abspath( os.path.dirname(self.args.conf_file)) diff --git a/refstack_client/tests/unit/test_client.py b/refstack_client/tests/unit/test_client.py index f932f00..aa43667 100755 --- a/refstack_client/tests/unit/test_client.py +++ b/refstack_client/tests/unit/test_client.py @@ -686,6 +686,18 @@ class TestRefstackClient(unittest.TestCase): client = rc.RefstackClient(args) self.assertRaises(SystemExit, client.test) + def test_forbidden_conf_file(self): + """ + Test when the user passes in a file that the user does not have + read access to. + """ + file = tempfile.NamedTemporaryFile() + # Remove read access + os.chmod(file.name, 0o220) + args = rc.parse_cli_args(self.mock_argv(conf_file_name=file.name)) + client = rc.RefstackClient(args) + self.assertRaises(SystemExit, client.test) + def test_run_tempest_nonexisting_directory(self): """ Test when the Tempest directory does not exist.