001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.commons.net.tftp;
018    
019    import java.io.File;
020    import java.io.FileInputStream;
021    import java.io.FileOutputStream;
022    import java.io.IOException;
023    
024    import org.apache.commons.net.tftp.TFTPServer.ServerMode;
025    
026    import junit.framework.TestCase;
027    
028    /**
029     * Some basic tests to ensure that the TFTP Server is honoring its read/write mode, and preventing
030     * files from being read or written from outside of the assigned roots.
031     * 
032     * @author <A HREF="mailto:daniel.armbrust.list@gmail.com">Dan Armbrust</A>
033     * 
034     */
035    public class TFTPServerPathTest extends TestCase
036    {
037        String filePrefix = "tftp-";
038        File serverDirectory = new File(System.getProperty("java.io.tmpdir"));
039    
040        public void testReadOnly() throws IOException
041        {
042            // Start a read-only server
043            TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
044                    ServerMode.GET_ONLY, null, null);
045    
046            // Create our TFTP instance to handle the file transfer.
047            TFTPClient tftp = new TFTPClient();
048            tftp.open();
049            tftp.setSoTimeout(2000);
050    
051            // make a file to work with.
052            File file = new File(serverDirectory, filePrefix + "source.txt");
053            file.createNewFile();
054    
055            // Read the file from the tftp server.
056            File out = new File(serverDirectory, filePrefix + "out");
057    
058            // cleanup old failed runs
059            out.delete();
060            assertTrue("Couldn't clear output location", !out.exists());
061    
062            FileOutputStream output = new FileOutputStream(out);
063    
064            tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900);
065            output.close();
066    
067            assertTrue("file not created", out.exists());
068    
069            out.delete();
070    
071            FileInputStream fis = new FileInputStream(file);
072            try
073            {
074                tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900);
075                fail("Server allowed write");
076            }
077            catch (IOException e)
078            {
079                // expected path
080            }
081            fis.close();
082            file.delete();
083            tftpS.shutdown();
084        }
085    
086        public void testWriteOnly() throws IOException
087        {
088            // Start a write-only server
089            TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
090                    ServerMode.PUT_ONLY, null, null);
091    
092            // Create our TFTP instance to handle the file transfer.
093            TFTPClient tftp = new TFTPClient();
094            tftp.open();
095            tftp.setSoTimeout(2000);
096    
097            // make a file to work with.
098            File file = new File(serverDirectory, filePrefix + "source.txt");
099            file.createNewFile();
100    
101            File out = new File(serverDirectory, filePrefix + "out");
102    
103            // cleanup old failed runs
104            out.delete();
105            assertTrue("Couldn't clear output location", !out.exists());
106    
107            FileOutputStream output = new FileOutputStream(out);
108    
109            try
110            {
111                tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900);
112                fail("Server allowed read");
113            }
114            catch (IOException e)
115            {
116                // expected path
117            }
118            output.close();
119            out.delete();
120    
121            FileInputStream fis = new FileInputStream(file);
122            tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900);
123    
124            fis.close();
125    
126            assertTrue("file not created", out.exists());
127    
128            // cleanup
129            file.delete();
130            out.delete();
131            tftpS.shutdown();
132        }
133    
134        public void testWriteOutsideHome() throws IOException
135        {
136            // Start a server
137            TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
138                    ServerMode.GET_AND_PUT, null, null);
139    
140            // Create our TFTP instance to handle the file transfer.
141            TFTPClient tftp = new TFTPClient();
142            tftp.open();
143    
144            File file = new File(serverDirectory, filePrefix + "source.txt");
145            file.createNewFile();
146    
147            assertFalse("test construction error", new File(serverDirectory, "../foo").exists());
148    
149            FileInputStream fis = new FileInputStream(file);
150            try
151            {
152                tftp.sendFile("../foo", TFTP.BINARY_MODE, fis, "localhost", 6900);
153                fail("Server allowed write!");
154            }
155            catch (IOException e)
156            {
157                // expected path
158            }
159    
160            fis.close();
161    
162            assertFalse("file created when it should not have been",
163                    new File(serverDirectory, "../foo").exists());
164    
165            // cleanup
166            file.delete();
167    
168            tftpS.shutdown();
169        }
170        
171        
172    }