From 912537dbb728a9624c5e38400d9fabec7c9c0194 Mon Sep 17 00:00:00 2001 From: Matthew Fernandez <matthew.fernandez@gmail.com> Date: Mon, 15 Aug 2022 18:22:32 -0700 Subject: [PATCH] add a test case for #2257 --- tests/2257.dot | 1 + tests/test_regression.py | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 tests/2257.dot diff --git a/tests/2257.dot b/tests/2257.dot new file mode 100644 index 000000000..1de37a52d --- /dev/null +++ b/tests/2257.dot @@ -0,0 +1 @@ +graph { a -- b; } diff --git a/tests/test_regression.py b/tests/test_regression.py index ae0c31530..8941595c8 100644 --- a/tests/test_regression.py +++ b/tests/test_regression.py @@ -1902,6 +1902,33 @@ def test_2225(): p.check_returncode() +@pytest.mark.xfail(strict=True) +def test_2257(): + """ + `$GV_FILE_PATH` being set should prevent Graphviz from running + + `$GV_FILE_PATH` was an environment variable formerly used to implement a file + system sandboxing policy when Graphviz was exposed to the internet via a web + server. These days, there are safer and more robust techniques to sandbox + Graphviz and so `$GV_FILE_PATH` usage has been removed. But if someone + attempts to use this legacy mechanism, we do not want Graphviz to + âfail-open,â starting anyway and silently ignoring `$GV_FILE_PATH` giving + the user the false impression the sandboxing is in force. + + https://gitlab.com/graphviz/graphviz/-/issues/2257 + """ + + # locate our associated test case in this directory + input = Path(__file__).parent / "2257.dot" + assert input.exists(), "unexpectedly missing test case" + + env = os.environ.copy() + env["GV_FILE_PATH"] = "/tmp" + + # Graphviz should refuse to process an input file + with pytest.raises(subprocess.CalledProcessError): + subprocess.check_call(["dot", "-Tsvg", input, "-o", os.devnull], env=env) + @pytest.mark.xfail(strict=True) def test_2258(): """ -- 2.40.0