_acs-tcl__safe_tmpfile_p (private)

 _acs-tcl__safe_tmpfile_p

Defined in packages/acs-tcl/tcl/test/security-procs.tcl

Partial Call Graph (max 5 caller/called nodes):
%3 aa_false aa_false (public) aa_log aa_log (public) aa_log_result aa_log_result (public) aa_section aa_section (public) aa_true aa_true (public) _acs-tcl__safe_tmpfile_p _acs-tcl__safe_tmpfile_p _acs-tcl__safe_tmpfile_p->aa_false _acs-tcl__safe_tmpfile_p->aa_log _acs-tcl__safe_tmpfile_p->aa_log_result _acs-tcl__safe_tmpfile_p->aa_section _acs-tcl__safe_tmpfile_p->aa_true

Testcases:
No testcase defined.
Source code:
        
        set _aa_export {}
        set body_count 1
        foreach testcase_body {{
        #
        # ad_tmpnam is currently not deprecated, but might be in the
        # future, so we generate temporary filenames "manually"
        #

        set tmpfile [ns_config ns/parameters tmpdir]/afile
        aa_section {Path to a tmpfile that does not exist yet}
        aa_true "A temporary filename is safe" [security::safe_tmpfile_p $tmpfile]

        set tmpfile [ns_config ns/parameters tmpdir]/afile-2
        aa_section {Path to a tmpfile that we demand to exist}
        aa_false "A temporary filename is not safe if the file des not exist"  [security::safe_tmpfile_p -must_exist $tmpfile]

        aa_section {Path to an existing tmpfile}
        set F [ad_opentmpfile tmpfile]
        puts $F 1234
        close $F
        aa_true "An existing tmpfile is safe" [security::safe_tmpfile_p -must_exist $tmpfile]
        ad_file delete $tmpfile

        aa_section {Path to a tmpfile in a folder of the tmpdir}
        set tmpfile [ns_config ns/parameters tmpdir]/afolder/test
        aa_false "A safe tmpfile can only be a direct child of the tmpdir"  [security::safe_tmpfile_p $tmpfile]

        aa_section {Trying to confuse the proc with ".."}
        set tmpfile [ns_config ns/parameters tmpdir]/afolder/../../test
        aa_false "Proc is not fooled by .."  [security::safe_tmpfile_p $tmpfile]

        aa_section {Trying to confuse the proc with "~"}
        set tmpfile ~/../../test
        aa_false "Proc is not fooled by ~"  [security::safe_tmpfile_p $tmpfile]

        aa_section {Path to a file outside of the tmpdir}
        set tmpfile [acs_root_dir]/mypreciouscode
        aa_false "A safe tmpfile can only be a direct child of the tmpdir"  [security::safe_tmpfile_p $tmpfile]

    }} {
          aa_log "Running testcase body $body_count"
          set ::__aa_test_indent [info level]
          set catch_val [catch $testcase_body msg]
          if {$catch_val != 0 && $catch_val != 2} {
              aa_log_result "fail" "safe_tmpfile_p (body $body_count): Error during execution: $msg, stack trace: \n$::errorInfo"
          }
          incr body_count
        }
XQL Not present:
Generic, PostgreSQL, Oracle
[ hide source ] | [ make this the default ]
Show another procedure: