tinaselenge commented on code in PR #14995:
URL: https://github.com/apache/kafka/pull/14995#discussion_r1441077572
##########
clients/src/test/java/org/apache/kafka/common/config/provider/FileConfigProviderTest.java:
##########
@@ -98,8 +117,91 @@ public void testServiceLoaderDiscovery() {
public static class TestFileConfigProvider extends FileConfigProvider {
@Override
- protected Reader reader(String path) throws IOException {
+ protected Reader reader(Path path) throws IOException {
return new
StringReader("testKey=testResult\ntestKey2=testResult2");
}
}
+
+ @Test
+ public void testAllowedDirPath() {
+ Map<String, String> configs = new HashMap<>();
+ configs.put(ALLOWED_PATHS_CONFIG, dir);
+ configProvider.configure(configs);
+
+ ConfigData configData = configProvider.get(dirFile);
+ Map<String, String> result = new HashMap<>();
+ result.put("testKey", "testResult");
+ result.put("testKey2", "testResult2");
+ assertEquals(result, configData.data());
+ assertNull(configData.ttl());
+ }
+
+ @Test
+ public void testAllowedFilePath() {
+ Map<String, String> configs = new HashMap<>();
+ configs.put(ALLOWED_PATHS_CONFIG, dirFile);
+ configProvider.configure(configs);
+
+ ConfigData configData = configProvider.get(dirFile);
+ Map<String, String> result = new HashMap<>();
+ result.put("testKey", "testResult");
+ result.put("testKey2", "testResult2");
+ assertEquals(result, configData.data());
+ assertNull(configData.ttl());
+ }
+
+ @Test
+ public void testMultipleAllowedPaths() {
+ Map<String, String> configs = new HashMap<>();
+ configs.put(ALLOWED_PATHS_CONFIG, dir + "," + siblingDir);
+ configProvider.configure(configs);
+
+ Map<String, String> result = new HashMap<>();
+ result.put("testKey", "testResult");
+ result.put("testKey2", "testResult2");
+
+ ConfigData configData = configProvider.get(dirFile);
+ assertEquals(result, configData.data());
+ assertNull(configData.ttl());
+
+ configData = configProvider.get(siblingDirFile);
+ assertEquals(result, configData.data());
+ assertNull(configData.ttl());
+ }
+
+ @Test
+ public void testNotAllowedDirPath() {
+ Map<String, String> configs = new HashMap<>();
+ configs.put(ALLOWED_PATHS_CONFIG, dir);
+ configProvider.configure(configs);
+
+ ConfigData configData = configProvider.get(siblingDirFile);
+ assertTrue(configData.data().isEmpty());
+ assertNull(configData.ttl());
+ }
+
+ @Test
+ public void testNotAllowedFilePath() throws IOException {
+ Map<String, String> configs = new HashMap<>();
+ configs.put(ALLOWED_PATHS_CONFIG, dirFile);
+ configProvider.configure(configs);
+
+ //another file under the same directory
+ Path dirFile2 = Files.createFile(Paths.get(dir, "dirFile2"));
+ ConfigData configData = configProvider.get(dirFile2.toString());
+ assertTrue(configData.data().isEmpty());
+ assertNull(configData.ttl());
+ }
+
+ @Test
+ public void testNoTraversal() {
+ Map<String, String> configs = new HashMap<>();
+ configs.put(ALLOWED_PATHS_CONFIG, dirFile);
+ configProvider.configure(configs);
+
+ // Check we can't escape outside the path directory
+ ConfigData configData = configProvider.get(dirFile +
Paths.get("/../siblingdir/siblingdirFile"));
Review Comment:
I have also added tests for ConfigProviderUtils, so I guess we could remove
the duplicated traversal tests but wonder if we should still keep the allowed
paths tests in the these classes as they test the full flow. What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
