001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.commons.net.tftp; 018 019 import java.io.File; 020 import java.io.FileInputStream; 021 import java.io.FileOutputStream; 022 import java.io.IOException; 023 024 import org.apache.commons.net.tftp.TFTPServer.ServerMode; 025 026 import junit.framework.TestCase; 027 028 /** 029 * Some basic tests to ensure that the TFTP Server is honoring its read/write mode, and preventing 030 * files from being read or written from outside of the assigned roots. 031 * 032 * @author <A HREF="mailto:daniel.armbrust.list@gmail.com">Dan Armbrust</A> 033 * 034 */ 035 public class TFTPServerPathTest extends TestCase 036 { 037 String filePrefix = "tftp-"; 038 File serverDirectory = new File(System.getProperty("java.io.tmpdir")); 039 040 public void testReadOnly() throws IOException 041 { 042 // Start a read-only server 043 TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900, 044 ServerMode.GET_ONLY, null, null); 045 046 // Create our TFTP instance to handle the file transfer. 047 TFTPClient tftp = new TFTPClient(); 048 tftp.open(); 049 tftp.setSoTimeout(2000); 050 051 // make a file to work with. 052 File file = new File(serverDirectory, filePrefix + "source.txt"); 053 file.createNewFile(); 054 055 // Read the file from the tftp server. 056 File out = new File(serverDirectory, filePrefix + "out"); 057 058 // cleanup old failed runs 059 out.delete(); 060 assertTrue("Couldn't clear output location", !out.exists()); 061 062 FileOutputStream output = new FileOutputStream(out); 063 064 tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900); 065 output.close(); 066 067 assertTrue("file not created", out.exists()); 068 069 out.delete(); 070 071 FileInputStream fis = new FileInputStream(file); 072 try 073 { 074 tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900); 075 fail("Server allowed write"); 076 } 077 catch (IOException e) 078 { 079 // expected path 080 } 081 fis.close(); 082 file.delete(); 083 tftpS.shutdown(); 084 } 085 086 public void testWriteOnly() throws IOException 087 { 088 // Start a write-only server 089 TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900, 090 ServerMode.PUT_ONLY, null, null); 091 092 // Create our TFTP instance to handle the file transfer. 093 TFTPClient tftp = new TFTPClient(); 094 tftp.open(); 095 tftp.setSoTimeout(2000); 096 097 // make a file to work with. 098 File file = new File(serverDirectory, filePrefix + "source.txt"); 099 file.createNewFile(); 100 101 File out = new File(serverDirectory, filePrefix + "out"); 102 103 // cleanup old failed runs 104 out.delete(); 105 assertTrue("Couldn't clear output location", !out.exists()); 106 107 FileOutputStream output = new FileOutputStream(out); 108 109 try 110 { 111 tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900); 112 fail("Server allowed read"); 113 } 114 catch (IOException e) 115 { 116 // expected path 117 } 118 output.close(); 119 out.delete(); 120 121 FileInputStream fis = new FileInputStream(file); 122 tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900); 123 124 fis.close(); 125 126 assertTrue("file not created", out.exists()); 127 128 // cleanup 129 file.delete(); 130 out.delete(); 131 tftpS.shutdown(); 132 } 133 134 public void testWriteOutsideHome() throws IOException 135 { 136 // Start a server 137 TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900, 138 ServerMode.GET_AND_PUT, null, null); 139 140 // Create our TFTP instance to handle the file transfer. 141 TFTPClient tftp = new TFTPClient(); 142 tftp.open(); 143 144 File file = new File(serverDirectory, filePrefix + "source.txt"); 145 file.createNewFile(); 146 147 assertFalse("test construction error", new File(serverDirectory, "../foo").exists()); 148 149 FileInputStream fis = new FileInputStream(file); 150 try 151 { 152 tftp.sendFile("../foo", TFTP.BINARY_MODE, fis, "localhost", 6900); 153 fail("Server allowed write!"); 154 } 155 catch (IOException e) 156 { 157 // expected path 158 } 159 160 fis.close(); 161 162 assertFalse("file created when it should not have been", 163 new File(serverDirectory, "../foo").exists()); 164 165 // cleanup 166 file.delete(); 167 168 tftpS.shutdown(); 169 } 170 171 172 }