[Windows|Linux] Forbid os.stat and os.fstat (#7325)
authorAdrien Ferrand <adferrand@users.noreply.github.com>
Fri, 6 Sep 2019 21:30:25 +0000 (23:30 +0200)
committerBrad Warren <bmw@users.noreply.github.com>
Fri, 6 Sep 2019 21:30:25 +0000 (14:30 -0700)
commitab76834100d75e5330f585b9619332e2e0c8a43e
tree1591d6937e21176bd368fe6e1f1f54e243b7a932
parentada2f5c767f11b60e246fa1a5130fa67d64f6a78
[Windows|Linux] Forbid os.stat and os.fstat (#7325)

Fixes #7212

This PR forbid os.stat and os.fstat, and fix or provide alternatives to avoid its usage in certbot outside of certbot.compat.filesystem.

* Reimplement private key mode propagation

* Remove other os.stat

* Remove last call of os.stat in certbot package

* Forbid stat and fstat

* Implement mode comparison checks

* Add unit tests

* Update certbot/compat/filesystem.py

Co-Authored-By: Brad Warren <bmw@users.noreply.github.com>
* Update certbot/compat/filesystem.py

Co-Authored-By: Brad Warren <bmw@users.noreply.github.com>
* Handle case where multiple ace concerns a given SID in has_min_permissions

* Add a new test scenario

* Add a simple test for has_same_ownership

* Fix name function

* Add a comment explaining an ACE structure

* Move a test in its dedicated class

* Improve a message error

* Calculate has_min_permission result using effective permission rights to be more generic.

* Change an exception message

* Add comments, avoid to skip a test.

* Update certbot/compat/filesystem.py

Co-Authored-By: Brad Warren <bmw@users.noreply.github.com>
44 files changed:
.codecov.yml
certbot-apache/certbot_apache/tests/http_01_test.py
certbot-apache/local-oldest-requirements.txt
certbot-apache/setup.py
certbot-dns-cloudflare/local-oldest-requirements.txt
certbot-dns-cloudflare/setup.py
certbot-dns-cloudxns/local-oldest-requirements.txt
certbot-dns-cloudxns/setup.py
certbot-dns-digitalocean/local-oldest-requirements.txt
certbot-dns-digitalocean/setup.py
certbot-dns-dnsimple/local-oldest-requirements.txt
certbot-dns-dnsimple/setup.py
certbot-dns-dnsmadeeasy/local-oldest-requirements.txt
certbot-dns-dnsmadeeasy/setup.py
certbot-dns-gehirn/local-oldest-requirements.txt
certbot-dns-gehirn/setup.py
certbot-dns-google/local-oldest-requirements.txt
certbot-dns-google/setup.py
certbot-dns-linode/local-oldest-requirements.txt
certbot-dns-linode/setup.py
certbot-dns-luadns/local-oldest-requirements.txt
certbot-dns-luadns/setup.py
certbot-dns-nsone/local-oldest-requirements.txt
certbot-dns-nsone/setup.py
certbot-dns-ovh/local-oldest-requirements.txt
certbot-dns-ovh/setup.py
certbot-dns-rfc2136/local-oldest-requirements.txt
certbot-dns-rfc2136/setup.py
certbot-dns-route53/local-oldest-requirements.txt
certbot-dns-route53/setup.py
certbot-dns-sakuracloud/local-oldest-requirements.txt
certbot-dns-sakuracloud/setup.py
certbot/compat/filesystem.py
certbot/compat/misc.py
certbot/compat/os.py
certbot/lock.py
certbot/plugins/dns_common.py
certbot/plugins/dns_common_test.py
certbot/plugins/webroot_test.py
certbot/storage.py
certbot/tests/compat/filesystem_test.py
certbot/tests/compat/os_test.py
certbot/tests/lock_test.py
tox.ini