123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595 |
- # Copyright 2021 The Matrix.org Foundation C.I.C.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- import inspect
- import os
- from typing import Iterable
- from synapse.rest.media.v1.filepath import MediaFilePaths, _wrap_with_jail_check
- from tests import unittest
- class MediaFilePathsTestCase(unittest.TestCase):
- def setUp(self) -> None:
- super().setUp()
- self.filepaths = MediaFilePaths("/media_store")
- def test_local_media_filepath(self) -> None:
- """Test local media paths"""
- self.assertEqual(
- self.filepaths.local_media_filepath_rel("GerZNDnDZVjsOtardLuwfIBg"),
- "local_content/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- self.assertEqual(
- self.filepaths.local_media_filepath("GerZNDnDZVjsOtardLuwfIBg"),
- "/media_store/local_content/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- def test_local_media_thumbnail(self) -> None:
- """Test local media thumbnail paths"""
- self.assertEqual(
- self.filepaths.local_media_thumbnail_rel(
- "GerZNDnDZVjsOtardLuwfIBg", 800, 600, "image/jpeg", "scale"
- ),
- "local_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg/800-600-image-jpeg-scale",
- )
- self.assertEqual(
- self.filepaths.local_media_thumbnail(
- "GerZNDnDZVjsOtardLuwfIBg", 800, 600, "image/jpeg", "scale"
- ),
- "/media_store/local_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg/800-600-image-jpeg-scale",
- )
- def test_local_media_thumbnail_dir(self) -> None:
- """Test local media thumbnail directory paths"""
- self.assertEqual(
- self.filepaths.local_media_thumbnail_dir("GerZNDnDZVjsOtardLuwfIBg"),
- "/media_store/local_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- def test_remote_media_filepath(self) -> None:
- """Test remote media paths"""
- self.assertEqual(
- self.filepaths.remote_media_filepath_rel(
- "example.com", "GerZNDnDZVjsOtardLuwfIBg"
- ),
- "remote_content/example.com/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- self.assertEqual(
- self.filepaths.remote_media_filepath(
- "example.com", "GerZNDnDZVjsOtardLuwfIBg"
- ),
- "/media_store/remote_content/example.com/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- def test_remote_media_thumbnail(self) -> None:
- """Test remote media thumbnail paths"""
- self.assertEqual(
- self.filepaths.remote_media_thumbnail_rel(
- "example.com",
- "GerZNDnDZVjsOtardLuwfIBg",
- 800,
- 600,
- "image/jpeg",
- "scale",
- ),
- "remote_thumbnail/example.com/Ge/rZ/NDnDZVjsOtardLuwfIBg/800-600-image-jpeg-scale",
- )
- self.assertEqual(
- self.filepaths.remote_media_thumbnail(
- "example.com",
- "GerZNDnDZVjsOtardLuwfIBg",
- 800,
- 600,
- "image/jpeg",
- "scale",
- ),
- "/media_store/remote_thumbnail/example.com/Ge/rZ/NDnDZVjsOtardLuwfIBg/800-600-image-jpeg-scale",
- )
- def test_remote_media_thumbnail_legacy(self) -> None:
- """Test old-style remote media thumbnail paths"""
- self.assertEqual(
- self.filepaths.remote_media_thumbnail_rel_legacy(
- "example.com", "GerZNDnDZVjsOtardLuwfIBg", 800, 600, "image/jpeg"
- ),
- "remote_thumbnail/example.com/Ge/rZ/NDnDZVjsOtardLuwfIBg/800-600-image-jpeg",
- )
- def test_remote_media_thumbnail_dir(self) -> None:
- """Test remote media thumbnail directory paths"""
- self.assertEqual(
- self.filepaths.remote_media_thumbnail_dir(
- "example.com", "GerZNDnDZVjsOtardLuwfIBg"
- ),
- "/media_store/remote_thumbnail/example.com/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- def test_url_cache_filepath(self) -> None:
- """Test URL cache paths"""
- self.assertEqual(
- self.filepaths.url_cache_filepath_rel("2020-01-02_GerZNDnDZVjsOtar"),
- "url_cache/2020-01-02/GerZNDnDZVjsOtar",
- )
- self.assertEqual(
- self.filepaths.url_cache_filepath("2020-01-02_GerZNDnDZVjsOtar"),
- "/media_store/url_cache/2020-01-02/GerZNDnDZVjsOtar",
- )
- def test_url_cache_filepath_legacy(self) -> None:
- """Test old-style URL cache paths"""
- self.assertEqual(
- self.filepaths.url_cache_filepath_rel("GerZNDnDZVjsOtardLuwfIBg"),
- "url_cache/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- self.assertEqual(
- self.filepaths.url_cache_filepath("GerZNDnDZVjsOtardLuwfIBg"),
- "/media_store/url_cache/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- def test_url_cache_filepath_dirs_to_delete(self) -> None:
- """Test URL cache cleanup paths"""
- self.assertEqual(
- self.filepaths.url_cache_filepath_dirs_to_delete(
- "2020-01-02_GerZNDnDZVjsOtar"
- ),
- ["/media_store/url_cache/2020-01-02"],
- )
- def test_url_cache_filepath_dirs_to_delete_legacy(self) -> None:
- """Test old-style URL cache cleanup paths"""
- self.assertEqual(
- self.filepaths.url_cache_filepath_dirs_to_delete(
- "GerZNDnDZVjsOtardLuwfIBg"
- ),
- [
- "/media_store/url_cache/Ge/rZ",
- "/media_store/url_cache/Ge",
- ],
- )
- def test_url_cache_thumbnail(self) -> None:
- """Test URL cache thumbnail paths"""
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_rel(
- "2020-01-02_GerZNDnDZVjsOtar", 800, 600, "image/jpeg", "scale"
- ),
- "url_cache_thumbnails/2020-01-02/GerZNDnDZVjsOtar/800-600-image-jpeg-scale",
- )
- self.assertEqual(
- self.filepaths.url_cache_thumbnail(
- "2020-01-02_GerZNDnDZVjsOtar", 800, 600, "image/jpeg", "scale"
- ),
- "/media_store/url_cache_thumbnails/2020-01-02/GerZNDnDZVjsOtar/800-600-image-jpeg-scale",
- )
- def test_url_cache_thumbnail_legacy(self) -> None:
- """Test old-style URL cache thumbnail paths"""
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_rel(
- "GerZNDnDZVjsOtardLuwfIBg", 800, 600, "image/jpeg", "scale"
- ),
- "url_cache_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg/800-600-image-jpeg-scale",
- )
- self.assertEqual(
- self.filepaths.url_cache_thumbnail(
- "GerZNDnDZVjsOtardLuwfIBg", 800, 600, "image/jpeg", "scale"
- ),
- "/media_store/url_cache_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg/800-600-image-jpeg-scale",
- )
- def test_url_cache_thumbnail_directory(self) -> None:
- """Test URL cache thumbnail directory paths"""
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_directory_rel(
- "2020-01-02_GerZNDnDZVjsOtar"
- ),
- "url_cache_thumbnails/2020-01-02/GerZNDnDZVjsOtar",
- )
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_directory("2020-01-02_GerZNDnDZVjsOtar"),
- "/media_store/url_cache_thumbnails/2020-01-02/GerZNDnDZVjsOtar",
- )
- def test_url_cache_thumbnail_directory_legacy(self) -> None:
- """Test old-style URL cache thumbnail directory paths"""
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_directory_rel(
- "GerZNDnDZVjsOtardLuwfIBg"
- ),
- "url_cache_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_directory("GerZNDnDZVjsOtardLuwfIBg"),
- "/media_store/url_cache_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- )
- def test_url_cache_thumbnail_dirs_to_delete(self) -> None:
- """Test URL cache thumbnail cleanup paths"""
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_dirs_to_delete(
- "2020-01-02_GerZNDnDZVjsOtar"
- ),
- [
- "/media_store/url_cache_thumbnails/2020-01-02/GerZNDnDZVjsOtar",
- "/media_store/url_cache_thumbnails/2020-01-02",
- ],
- )
- def test_url_cache_thumbnail_dirs_to_delete_legacy(self) -> None:
- """Test old-style URL cache thumbnail cleanup paths"""
- self.assertEqual(
- self.filepaths.url_cache_thumbnail_dirs_to_delete(
- "GerZNDnDZVjsOtardLuwfIBg"
- ),
- [
- "/media_store/url_cache_thumbnails/Ge/rZ/NDnDZVjsOtardLuwfIBg",
- "/media_store/url_cache_thumbnails/Ge/rZ",
- "/media_store/url_cache_thumbnails/Ge",
- ],
- )
- def test_server_name_validation(self) -> None:
- """Test validation of server names"""
- self._test_path_validation(
- [
- "remote_media_filepath_rel",
- "remote_media_filepath",
- "remote_media_thumbnail_rel",
- "remote_media_thumbnail",
- "remote_media_thumbnail_rel_legacy",
- "remote_media_thumbnail_dir",
- ],
- parameter="server_name",
- valid_values=[
- "matrix.org",
- "matrix.org:8448",
- "matrix-federation.matrix.org",
- "matrix-federation.matrix.org:8448",
- "10.1.12.123",
- "10.1.12.123:8448",
- "[fd00:abcd::ffff]",
- "[fd00:abcd::ffff]:8448",
- ],
- invalid_values=[
- "/matrix.org",
- "matrix.org/..",
- "matrix.org\x00",
- "",
- ".",
- "..",
- "/",
- ],
- )
- def test_file_id_validation(self) -> None:
- """Test validation of local, remote and legacy URL cache file / media IDs"""
- # File / media IDs get split into three parts to form paths, consisting of the
- # first two characters, next two characters and rest of the ID.
- valid_file_ids = [
- "GerZNDnDZVjsOtardLuwfIBg",
- # Unexpected, but produces an acceptable path:
- "GerZN", # "N" becomes the last directory
- ]
- invalid_file_ids = [
- "/erZNDnDZVjsOtardLuwfIBg",
- "Ge/ZNDnDZVjsOtardLuwfIBg",
- "GerZ/DnDZVjsOtardLuwfIBg",
- "GerZ/..",
- "G\x00rZNDnDZVjsOtardLuwfIBg",
- "Ger\x00NDnDZVjsOtardLuwfIBg",
- "GerZNDnDZVjsOtardLuwfIBg\x00",
- "",
- "Ge",
- "GerZ",
- "GerZ.",
- "..rZNDnDZVjsOtardLuwfIBg",
- "Ge..NDnDZVjsOtardLuwfIBg",
- "GerZ..",
- "GerZ/",
- ]
- self._test_path_validation(
- [
- "local_media_filepath_rel",
- "local_media_filepath",
- "local_media_thumbnail_rel",
- "local_media_thumbnail",
- "local_media_thumbnail_dir",
- # Legacy URL cache media IDs
- "url_cache_filepath_rel",
- "url_cache_filepath",
- # `url_cache_filepath_dirs_to_delete` is tested below.
- "url_cache_thumbnail_rel",
- "url_cache_thumbnail",
- "url_cache_thumbnail_directory_rel",
- "url_cache_thumbnail_directory",
- "url_cache_thumbnail_dirs_to_delete",
- ],
- parameter="media_id",
- valid_values=valid_file_ids,
- invalid_values=invalid_file_ids,
- )
- # `url_cache_filepath_dirs_to_delete` ignores what would be the last path
- # component, so only the first 4 characters matter.
- self._test_path_validation(
- [
- "url_cache_filepath_dirs_to_delete",
- ],
- parameter="media_id",
- valid_values=valid_file_ids,
- invalid_values=[
- "/erZNDnDZVjsOtardLuwfIBg",
- "Ge/ZNDnDZVjsOtardLuwfIBg",
- "G\x00rZNDnDZVjsOtardLuwfIBg",
- "Ger\x00NDnDZVjsOtardLuwfIBg",
- "",
- "Ge",
- "..rZNDnDZVjsOtardLuwfIBg",
- "Ge..NDnDZVjsOtardLuwfIBg",
- ],
- )
- self._test_path_validation(
- [
- "remote_media_filepath_rel",
- "remote_media_filepath",
- "remote_media_thumbnail_rel",
- "remote_media_thumbnail",
- "remote_media_thumbnail_rel_legacy",
- "remote_media_thumbnail_dir",
- ],
- parameter="file_id",
- valid_values=valid_file_ids,
- invalid_values=invalid_file_ids,
- )
- def test_url_cache_media_id_validation(self) -> None:
- """Test validation of URL cache media IDs"""
- self._test_path_validation(
- [
- "url_cache_filepath_rel",
- "url_cache_filepath",
- # `url_cache_filepath_dirs_to_delete` only cares about the date prefix
- "url_cache_thumbnail_rel",
- "url_cache_thumbnail",
- "url_cache_thumbnail_directory_rel",
- "url_cache_thumbnail_directory",
- "url_cache_thumbnail_dirs_to_delete",
- ],
- parameter="media_id",
- valid_values=[
- "2020-01-02_GerZNDnDZVjsOtar",
- "2020-01-02_G", # Unexpected, but produces an acceptable path
- ],
- invalid_values=[
- "2020-01-02",
- "2020-01-02-",
- "2020-01-02-.",
- "2020-01-02-..",
- "2020-01-02-/",
- "2020-01-02-/GerZNDnDZVjsOtar",
- "2020-01-02-GerZNDnDZVjsOtar/..",
- "2020-01-02-GerZNDnDZVjsOtar\x00",
- ],
- )
- def test_content_type_validation(self) -> None:
- """Test validation of thumbnail content types"""
- self._test_path_validation(
- [
- "local_media_thumbnail_rel",
- "local_media_thumbnail",
- "remote_media_thumbnail_rel",
- "remote_media_thumbnail",
- "remote_media_thumbnail_rel_legacy",
- "url_cache_thumbnail_rel",
- "url_cache_thumbnail",
- ],
- parameter="content_type",
- valid_values=[
- "image/jpeg",
- ],
- invalid_values=[
- "", # ValueError: not enough values to unpack
- "image/jpeg/abc", # ValueError: too many values to unpack
- "image/jpeg\x00",
- ],
- )
- def test_thumbnail_method_validation(self) -> None:
- """Test validation of thumbnail methods"""
- self._test_path_validation(
- [
- "local_media_thumbnail_rel",
- "local_media_thumbnail",
- "remote_media_thumbnail_rel",
- "remote_media_thumbnail",
- "url_cache_thumbnail_rel",
- "url_cache_thumbnail",
- ],
- parameter="method",
- valid_values=[
- "crop",
- "scale",
- ],
- invalid_values=[
- "/scale",
- "scale/..",
- "scale\x00",
- "/",
- ],
- )
- def _test_path_validation(
- self,
- methods: Iterable[str],
- parameter: str,
- valid_values: Iterable[str],
- invalid_values: Iterable[str],
- ) -> None:
- """Test that the specified methods validate the named parameter as expected
- Args:
- methods: The names of `MediaFilePaths` methods to test
- parameter: The name of the parameter to test
- valid_values: A list of parameter values that are expected to be accepted
- invalid_values: A list of parameter values that are expected to be rejected
- Raises:
- AssertionError: If a value was accepted when it should have failed
- validation.
- ValueError: If a value failed validation when it should have been accepted.
- """
- for method in methods:
- get_path = getattr(self.filepaths, method)
- parameters = inspect.signature(get_path).parameters
- kwargs = {
- "server_name": "matrix.org",
- "media_id": "GerZNDnDZVjsOtardLuwfIBg",
- "file_id": "GerZNDnDZVjsOtardLuwfIBg",
- "width": 800,
- "height": 600,
- "content_type": "image/jpeg",
- "method": "scale",
- }
- if get_path.__name__.startswith("url_"):
- kwargs["media_id"] = "2020-01-02_GerZNDnDZVjsOtar"
- kwargs = {k: v for k, v in kwargs.items() if k in parameters}
- kwargs.pop(parameter)
- for value in valid_values:
- kwargs[parameter] = value
- get_path(**kwargs)
- # No exception should be raised
- for value in invalid_values:
- with self.assertRaises(ValueError):
- kwargs[parameter] = value
- path_or_list = get_path(**kwargs)
- self.fail(
- f"{value!r} unexpectedly passed validation: "
- f"{method} returned {path_or_list!r}"
- )
- class MediaFilePathsJailTestCase(unittest.TestCase):
- def _check_relative_path(self, filepaths: MediaFilePaths, path: str) -> None:
- """Passes a relative path through the jail check.
- Args:
- filepaths: The `MediaFilePaths` instance.
- path: A path relative to the media store directory.
- Raises:
- ValueError: If the jail check fails.
- """
- @_wrap_with_jail_check(relative=True)
- def _make_relative_path(self: MediaFilePaths, path: str) -> str:
- return path
- _make_relative_path(filepaths, path)
- def _check_absolute_path(self, filepaths: MediaFilePaths, path: str) -> None:
- """Passes an absolute path through the jail check.
- Args:
- filepaths: The `MediaFilePaths` instance.
- path: A path relative to the media store directory.
- Raises:
- ValueError: If the jail check fails.
- """
- @_wrap_with_jail_check(relative=False)
- def _make_absolute_path(self: MediaFilePaths, path: str) -> str:
- return os.path.join(self.base_path, path)
- _make_absolute_path(filepaths, path)
- def test_traversal_inside(self) -> None:
- """Test the jail check for paths that stay within the media directory."""
- # Despite the `../`s, these paths still lie within the media directory and it's
- # expected for the jail check to allow them through.
- # These paths ought to trip the other checks in place and should never be
- # returned.
- filepaths = MediaFilePaths("/media_store")
- path = "url_cache/2020-01-02/../../GerZNDnDZVjsOtar"
- self._check_relative_path(filepaths, path)
- self._check_absolute_path(filepaths, path)
- def test_traversal_outside(self) -> None:
- """Test that the jail check fails for paths that escape the media directory."""
- filepaths = MediaFilePaths("/media_store")
- path = "url_cache/2020-01-02/../../../GerZNDnDZVjsOtar"
- with self.assertRaises(ValueError):
- self._check_relative_path(filepaths, path)
- with self.assertRaises(ValueError):
- self._check_absolute_path(filepaths, path)
- def test_traversal_reentry(self) -> None:
- """Test the jail check for paths that exit and re-enter the media directory."""
- # These paths lie outside the media directory if it is a symlink, and inside
- # otherwise. Ideally the check should fail, but this proves difficult.
- # This test documents the behaviour for this edge case.
- # These paths ought to trip the other checks in place and should never be
- # returned.
- filepaths = MediaFilePaths("/media_store")
- path = "url_cache/2020-01-02/../../../media_store/GerZNDnDZVjsOtar"
- self._check_relative_path(filepaths, path)
- self._check_absolute_path(filepaths, path)
- def test_symlink(self) -> None:
- """Test that a symlink does not cause the jail check to fail."""
- media_store_path = self.mktemp()
- # symlink the media store directory
- os.symlink("/mnt/synapse/media_store", media_store_path)
- # Test that relative and absolute paths don't trip the check
- # NB: `media_store_path` is a relative path
- filepaths = MediaFilePaths(media_store_path)
- self._check_relative_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
- self._check_absolute_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
- filepaths = MediaFilePaths(os.path.abspath(media_store_path))
- self._check_relative_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
- self._check_absolute_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
- def test_symlink_subdirectory(self) -> None:
- """Test that a symlinked subdirectory does not cause the jail check to fail."""
- media_store_path = self.mktemp()
- os.mkdir(media_store_path)
- # symlink `url_cache/`
- os.symlink(
- "/mnt/synapse/media_store_url_cache",
- os.path.join(media_store_path, "url_cache"),
- )
- # Test that relative and absolute paths don't trip the check
- # NB: `media_store_path` is a relative path
- filepaths = MediaFilePaths(media_store_path)
- self._check_relative_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
- self._check_absolute_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
- filepaths = MediaFilePaths(os.path.abspath(media_store_path))
- self._check_relative_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
- self._check_absolute_path(filepaths, "url_cache/2020-01-02/GerZNDnDZVjsOtar")
|