001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.commons.net.tftp;
018
019 import java.io.File;
020 import java.io.FileInputStream;
021 import java.io.FileOutputStream;
022 import java.io.IOException;
023
024 import org.apache.commons.net.tftp.TFTPServer.ServerMode;
025
026 import junit.framework.TestCase;
027
028 /**
029 * Some basic tests to ensure that the TFTP Server is honoring its read/write mode, and preventing
030 * files from being read or written from outside of the assigned roots.
031 *
032 * @author <A HREF="mailto:daniel.armbrust.list@gmail.com">Dan Armbrust</A>
033 *
034 */
035 public class TFTPServerPathTest extends TestCase
036 {
037 String filePrefix = "tftp-";
038 File serverDirectory = new File(System.getProperty("java.io.tmpdir"));
039
040 public void testReadOnly() throws IOException
041 {
042 // Start a read-only server
043 TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
044 ServerMode.GET_ONLY, null, null);
045
046 // Create our TFTP instance to handle the file transfer.
047 TFTPClient tftp = new TFTPClient();
048 tftp.open();
049 tftp.setSoTimeout(2000);
050
051 // make a file to work with.
052 File file = new File(serverDirectory, filePrefix + "source.txt");
053 file.createNewFile();
054
055 // Read the file from the tftp server.
056 File out = new File(serverDirectory, filePrefix + "out");
057
058 // cleanup old failed runs
059 out.delete();
060 assertTrue("Couldn't clear output location", !out.exists());
061
062 FileOutputStream output = new FileOutputStream(out);
063
064 tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900);
065 output.close();
066
067 assertTrue("file not created", out.exists());
068
069 out.delete();
070
071 FileInputStream fis = new FileInputStream(file);
072 try
073 {
074 tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900);
075 fail("Server allowed write");
076 }
077 catch (IOException e)
078 {
079 // expected path
080 }
081 fis.close();
082 file.delete();
083 tftpS.shutdown();
084 }
085
086 public void testWriteOnly() throws IOException
087 {
088 // Start a write-only server
089 TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
090 ServerMode.PUT_ONLY, null, null);
091
092 // Create our TFTP instance to handle the file transfer.
093 TFTPClient tftp = new TFTPClient();
094 tftp.open();
095 tftp.setSoTimeout(2000);
096
097 // make a file to work with.
098 File file = new File(serverDirectory, filePrefix + "source.txt");
099 file.createNewFile();
100
101 File out = new File(serverDirectory, filePrefix + "out");
102
103 // cleanup old failed runs
104 out.delete();
105 assertTrue("Couldn't clear output location", !out.exists());
106
107 FileOutputStream output = new FileOutputStream(out);
108
109 try
110 {
111 tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900);
112 fail("Server allowed read");
113 }
114 catch (IOException e)
115 {
116 // expected path
117 }
118 output.close();
119 out.delete();
120
121 FileInputStream fis = new FileInputStream(file);
122 tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900);
123
124 fis.close();
125
126 assertTrue("file not created", out.exists());
127
128 // cleanup
129 file.delete();
130 out.delete();
131 tftpS.shutdown();
132 }
133
134 public void testWriteOutsideHome() throws IOException
135 {
136 // Start a server
137 TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
138 ServerMode.GET_AND_PUT, null, null);
139
140 // Create our TFTP instance to handle the file transfer.
141 TFTPClient tftp = new TFTPClient();
142 tftp.open();
143
144 File file = new File(serverDirectory, filePrefix + "source.txt");
145 file.createNewFile();
146
147 assertFalse("test construction error", new File(serverDirectory, "../foo").exists());
148
149 FileInputStream fis = new FileInputStream(file);
150 try
151 {
152 tftp.sendFile("../foo", TFTP.BINARY_MODE, fis, "localhost", 6900);
153 fail("Server allowed write!");
154 }
155 catch (IOException e)
156 {
157 // expected path
158 }
159
160 fis.close();
161
162 assertFalse("file created when it should not have been",
163 new File(serverDirectory, "../foo").exists());
164
165 // cleanup
166 file.delete();
167
168 tftpS.shutdown();
169 }
170
171
172 }