TFTPServerPathTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.commons.net.tftp;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;

import org.apache.commons.net.tftp.TFTPServer.ServerMode;

import junit.framework.TestCase;

/**
 * Some basic tests to ensure that the TFTP Server is honoring its read/write mode, and preventing
 * files from being read or written from outside of the assigned roots.
 * 
 * @author <A HREF="mailto:daniel.armbrust.list@gmail.com">Dan Armbrust</A>
 * 
 */
public class TFTPServerPathTest extends TestCase
{
    String filePrefix = "tftp-";
    File serverDirectory = new File(System.getProperty("java.io.tmpdir"));

    public void testReadOnly() throws IOException
    {
        // Start a read-only server
        TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
                ServerMode.GET_ONLY, null, null);

        // Create our TFTP instance to handle the file transfer.
        TFTPClient tftp = new TFTPClient();
        tftp.open();
        tftp.setSoTimeout(2000);

        // make a file to work with.
        File file = new File(serverDirectory, filePrefix + "source.txt");
        file.createNewFile();

        // Read the file from the tftp server.
        File out = new File(serverDirectory, filePrefix + "out");

        // cleanup old failed runs
        out.delete();
        assertTrue("Couldn't clear output location", !out.exists());

        FileOutputStream output = new FileOutputStream(out);

        tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900);
        output.close();

        assertTrue("file not created", out.exists());

        out.delete();

        FileInputStream fis = new FileInputStream(file);
        try
        {
            tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900);
            fail("Server allowed write");
        }
        catch (IOException e)
        {
            // expected path
        }
        fis.close();
        file.delete();
        tftpS.shutdown();
    }

    public void testWriteOnly() throws IOException
    {
        // Start a write-only server
        TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
                ServerMode.PUT_ONLY, null, null);

        // Create our TFTP instance to handle the file transfer.
        TFTPClient tftp = new TFTPClient();
        tftp.open();
        tftp.setSoTimeout(2000);

        // make a file to work with.
        File file = new File(serverDirectory, filePrefix + "source.txt");
        file.createNewFile();

        File out = new File(serverDirectory, filePrefix + "out");

        // cleanup old failed runs
        out.delete();
        assertTrue("Couldn't clear output location", !out.exists());

        FileOutputStream output = new FileOutputStream(out);

        try
        {
            tftp.receiveFile(file.getName(), TFTP.BINARY_MODE, output, "localhost", 6900);
            fail("Server allowed read");
        }
        catch (IOException e)
        {
            // expected path
        }
        output.close();
        out.delete();

        FileInputStream fis = new FileInputStream(file);
        tftp.sendFile(out.getName(), TFTP.BINARY_MODE, fis, "localhost", 6900);

        fis.close();

        assertTrue("file not created", out.exists());

        // cleanup
        file.delete();
        out.delete();
        tftpS.shutdown();
    }

    public void testWriteOutsideHome() throws IOException
    {
        // Start a server
        TFTPServer tftpS = new TFTPServer(serverDirectory, serverDirectory, 6900,
                ServerMode.GET_AND_PUT, null, null);

        // Create our TFTP instance to handle the file transfer.
        TFTPClient tftp = new TFTPClient();
        tftp.open();

        File file = new File(serverDirectory, filePrefix + "source.txt");
        file.createNewFile();

        assertFalse("test construction error", new File(serverDirectory, "../foo").exists());

        FileInputStream fis = new FileInputStream(file);
        try
        {
            tftp.sendFile("../foo", TFTP.BINARY_MODE, fis, "localhost", 6900);
            fail("Server allowed write!");
        }
        catch (IOException e)
        {
            // expected path
        }

        fis.close();

        assertFalse("file created when it should not have been",
                new File(serverDirectory, "../foo").exists());

        // cleanup
        file.delete();

        tftpS.shutdown();
    }
    
    
}