From: Matthew Fernandez Date: Tue, 16 Aug 2022 01:22:32 +0000 (-0700) Subject: add a test case for #2257 X-Git-Tag: 6.0.1~35^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=912537dbb728a9624c5e38400d9fabec7c9c0194;p=graphviz add a test case for #2257 --- diff --git a/tests/2257.dot b/tests/2257.dot new file mode 100644 index 000000000..1de37a52d --- /dev/null +++ b/tests/2257.dot @@ -0,0 +1 @@ +graph { a -- b; } diff --git a/tests/test_regression.py b/tests/test_regression.py index ae0c31530..8941595c8 100644 --- a/tests/test_regression.py +++ b/tests/test_regression.py @@ -1902,6 +1902,33 @@ def test_2225(): p.check_returncode() +@pytest.mark.xfail(strict=True) +def test_2257(): + """ + `$GV_FILE_PATH` being set should prevent Graphviz from running + + `$GV_FILE_PATH` was an environment variable formerly used to implement a file + system sandboxing policy when Graphviz was exposed to the internet via a web + server. These days, there are safer and more robust techniques to sandbox + Graphviz and so `$GV_FILE_PATH` usage has been removed. But if someone + attempts to use this legacy mechanism, we do not want Graphviz to + “fail-open,” starting anyway and silently ignoring `$GV_FILE_PATH` giving + the user the false impression the sandboxing is in force. + + https://gitlab.com/graphviz/graphviz/-/issues/2257 + """ + + # locate our associated test case in this directory + input = Path(__file__).parent / "2257.dot" + assert input.exists(), "unexpectedly missing test case" + + env = os.environ.copy() + env["GV_FILE_PATH"] = "/tmp" + + # Graphviz should refuse to process an input file + with pytest.raises(subprocess.CalledProcessError): + subprocess.check_call(["dot", "-Tsvg", input, "-o", os.devnull], env=env) + @pytest.mark.xfail(strict=True) def test_2258(): """