Ticket #13579: 13579_test_permissions.patch

sage/misc/temporary_file.py

@@ -66 +66 @@
         '/home/username/.sage/temp/hostname/7961/dir_testing_XgRu4p.extension/'
         sage: os.chdir(d)
         sage: _ = open('file_inside_d', 'w')
+
+    Temporary directories are unaccessible by other users::
+
+        sage: os.stat(d).st_mode & 0o077
+        0
     """
     from sage.misc.misc import SAGE_TMP
     tmp = tempfile.mkdtemp(prefix=name, suffix=ext, dir=str(SAGE_TMP))
@@ -108 +113 @@
         sage: fn  # random
         '/home/username/.sage/temp/hostname/8044/just_for_testing_tVVHsn.extension'
         sage: _ = open(fn, 'w')
+
+    Temporary files are unaccessible by other users::
+
+        sage: os.stat(fn).st_mode & 0o077
+        0
     """
     from sage.misc.misc import SAGE_TMP
     handle, tmp = tempfile.mkstemp(prefix=name, suffix=ext, dir=str(SAGE_TMP))

sage/tests/cmdline.py

@@ -53 +53 @@
 import os, select
 
 
-def test_executable(args, input="", timeout=50.0):
+def test_executable(args, input="", timeout=50.0, cwd=None):
     """
     Run the program defined by ``args`` using the string ``input`` on
     the standard input.
@@ -69 +69 @@
     - ``timeout`` -- if the program produces no output for ``timeout``
       seconds, a RuntimeError is raised.
 
+    - ``cwd`` -- (default: ``None``) if not None, run the program from
+      the given directory.
+
     OUTPUT: a tuple ``(out, err, ret)`` with the standard output,
     standard error and exitcode of the program run.
 
@@ -233 +236 @@
         ''
         sage: ret
         0
-        sage: os.chdir(dir)
-        sage: (out, err, ret) = test_executable(["sage", name])
+        sage: (out, err, ret) = test_executable(["sage", name], cwd=dir)
         sage: print out
         34
         sage: err
@@ -257 +259 @@
         ''
         sage: ret
         0
-        sage: os.chdir(dir)
-        sage: (out, err, ret) = test_executable(["sage", name])
+        sage: (out, err, ret) = test_executable(["sage", name], cwd=dir)
         sage: print out
         1
         sage: err
@@ -311 +312 @@
         True
         sage: os.environ['SAGE_TESTDIR'] = OLD_TESTDIR  # just in case
 
+    Check that Sage refuses to run doctests from a directory whose
+    permissions are too loose.  We create a world-writable directory
+    inside a safe temporary directory to test this::
+
+        sage: d = os.path.join(tmp_dir(), "test")
+        sage: os.mkdir(d)
+        sage: os.chmod(d, 0o777)
+        sage: (out, err, ret) = test_executable(["sage", "-t", "nonexisting.py"], cwd=d)
+        sage: print err
+        Traceback (most recent call last):
+        ...
+        RuntimeError: refusing to run doctests...
+        sage: (out, err, ret) = test_executable(["sage", "-tp", "1", "nonexisting.py"], cwd=d)
+        sage: print err
+        Traceback (most recent call last):
+        ...
+        RuntimeError: refusing to run doctests...
+
     Test external programs being called by Sage::
     
         sage: (out, err, ret) = test_executable(["sage", "--sh"], "echo Hello World\nexit 42\n")
@@ -503 +522 @@
         True
     
     """
-    p = Popen(args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+    p = Popen(args, stdin=PIPE, stdout=PIPE, stderr=PIPE, cwd=cwd)
     if input: p.stdin.write(input)
     p.stdin.close()
     fdout = p.stdout.fileno()