From 912537dbb728a9624c5e38400d9fabec7c9c0194 Mon Sep 17 00:00:00 2001
From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Mon, 15 Aug 2022 18:22:32 -0700
Subject: [PATCH] add a test case for #2257

---
 tests/2257.dot           |  1 +
 tests/test_regression.py | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 tests/2257.dot

diff --git a/tests/2257.dot b/tests/2257.dot
new file mode 100644
index 000000000..1de37a52d
--- /dev/null
+++ b/tests/2257.dot
@@ -0,0 +1 @@
+graph { a -- b; }
diff --git a/tests/test_regression.py b/tests/test_regression.py
index ae0c31530..8941595c8 100644
--- a/tests/test_regression.py
+++ b/tests/test_regression.py
@@ -1902,6 +1902,33 @@ def test_2225():
 
   p.check_returncode()
 
+@pytest.mark.xfail(strict=True)
+def test_2257():
+  """
+  `$GV_FILE_PATH` being set should prevent Graphviz from running
+
+  `$GV_FILE_PATH` was an environment variable formerly used to implement a file
+  system sandboxing policy when Graphviz was exposed to the internet via a web
+  server. These days, there are safer and more robust techniques to sandbox
+  Graphviz and so `$GV_FILE_PATH` usage has been removed. But if someone
+  attempts to use this legacy mechanism, we do not want Graphviz to
+  “fail-open,” starting anyway and silently ignoring `$GV_FILE_PATH` giving
+  the user the false impression the sandboxing is in force.
+
+  https://gitlab.com/graphviz/graphviz/-/issues/2257
+  """
+
+  # locate our associated test case in this directory
+  input = Path(__file__).parent / "2257.dot"
+  assert input.exists(), "unexpectedly missing test case"
+
+  env = os.environ.copy()
+  env["GV_FILE_PATH"] = "/tmp"
+
+  # Graphviz should refuse to process an input file
+  with pytest.raises(subprocess.CalledProcessError):
+    subprocess.check_call(["dot", "-Tsvg", input, "-o", os.devnull], env=env)
+
 @pytest.mark.xfail(strict=True)
 def test_2258():
   """
-- 
2.40.0