Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libchrome / 007dbe24b2e768b9f6b7b9d8a5739f136ff59fc1^! / . / base / file_util_unittest.cc
commit007dbe24b2e768b9f6b7b9d8a5739f136ff59fc1[log] [tgz]
authorcevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>Thu Feb 07 05:38:07 2013 +0900
committerQijiang Fan <fqj@google.com>Thu Jun 04 14:02:50 2020 +0900
treed90ca387fb3a39bec36bacb11a335735b7dab8b2
parent7d4a0ec892218f7a3cf989f05558622ee30659a6 [diff] [blame]
Add path traversal protection to Move and CopyFile too.
These functions are used a lot in IPC receivers to manage storage.
See http://src.chromium.org/viewvc/chrome?view=rev&revision=175642
Review URL: https://codereview.chromium.org/12223014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@181045 0039d316-1c4b-4281-b951-d872f2087c98


CrOS-Libchrome-Original-Commit: 3cd2c1c88d2646a3338cfa7888f06fe321061053

diff --git a/base/file_util_unittest.cc b/base/file_util_unittest.cc
index d4ce43c..612f6cf 100644
--- a/base/file_util_unittest.cc
+++ b/base/file_util_unittest.cc

@@ -1149,8 +1149,8 @@
   ASSERT_TRUE(file_util::PathExists(dir_name_from));
 
   // Create a file under the directory
-  FilePath file_name_from =
-      dir_name_from.Append(FILE_PATH_LITERAL("Move_Test_File.txt"));
+  FilePath txt_file_name(FILE_PATH_LITERAL("Move_Test_File.txt"));
+  FilePath file_name_from = dir_name_from.Append(txt_file_name);
   CreateTextFile(file_name_from, L"Gooooooooooooooooooooogle");
   ASSERT_TRUE(file_util::PathExists(file_name_from));
 
@@ -1169,6 +1169,17 @@
   EXPECT_FALSE(file_util::PathExists(file_name_from));
   EXPECT_TRUE(file_util::PathExists(dir_name_to));
   EXPECT_TRUE(file_util::PathExists(file_name_to));
+
+  // Test path traversal.
+  file_name_from = dir_name_to.Append(txt_file_name);
+  file_name_to = dir_name_to.Append(FILE_PATH_LITERAL(".."));
+  file_name_to = file_name_to.Append(txt_file_name);
+  EXPECT_FALSE(file_util::Move(file_name_from, file_name_to));
+  EXPECT_TRUE(file_util::PathExists(file_name_from));
+  EXPECT_FALSE(file_util::PathExists(file_name_to));
+  EXPECT_TRUE(file_util::MoveUnsafe(file_name_from, file_name_to));
+  EXPECT_FALSE(file_util::PathExists(file_name_from));
+  EXPECT_TRUE(file_util::PathExists(file_name_to));
 }
 
 TEST_F(FileUtilTest, MoveExist) {
@@ -1525,7 +1536,8 @@
   FilePath dest_file2(dir_name_from);
   dest_file2 = dest_file2.AppendASCII("..");
   dest_file2 = dest_file2.AppendASCII("DestFile.txt");
-  ASSERT_TRUE(file_util::CopyFile(file_name_from, dest_file2));
+  ASSERT_FALSE(file_util::CopyFile(file_name_from, dest_file2));
+  ASSERT_TRUE(file_util::CopyFileUnsafe(file_name_from, dest_file2));
 
   FilePath dest_file2_test(dir_name_from);
   dest_file2_test = dest_file2_test.DirName();