| | """Tests for System User Protection in folder_paths.py |
| | |
| | Tests cover: |
| | - get_system_user_directory(): Internal API for custom nodes to access System User directories |
| | - get_public_user_directory(): HTTP endpoint access with System User blocking |
| | - Backward compatibility: Existing APIs unchanged |
| | - Security: Path traversal and injection prevention |
| | """ |
| |
|
| | import pytest |
| | import os |
| | import tempfile |
| |
|
| | from folder_paths import ( |
| | get_system_user_directory, |
| | get_public_user_directory, |
| | get_user_directory, |
| | set_user_directory, |
| | ) |
| |
|
| |
|
| | @pytest.fixture(scope="module") |
| | def mock_user_directory(): |
| | """Create a temporary user directory for testing.""" |
| | with tempfile.TemporaryDirectory() as temp_dir: |
| | original_dir = get_user_directory() |
| | set_user_directory(temp_dir) |
| | yield temp_dir |
| | set_user_directory(original_dir) |
| |
|
| |
|
| | class TestGetSystemUserDirectory: |
| | """Tests for get_system_user_directory() - internal API for System User directories. |
| | |
| | Verifies: |
| | - Custom nodes can access System User directories via internal API |
| | - Input validation prevents path traversal attacks |
| | """ |
| |
|
| | def test_default_name(self, mock_user_directory): |
| | """Test default 'system' name.""" |
| | path = get_system_user_directory() |
| | assert path.endswith("__system") |
| | assert mock_user_directory in path |
| |
|
| | def test_custom_name(self, mock_user_directory): |
| | """Test custom system user name.""" |
| | path = get_system_user_directory("cache") |
| | assert path.endswith("__cache") |
| | assert "__cache" in path |
| |
|
| | def test_name_with_underscore(self, mock_user_directory): |
| | """Test name with underscore in middle.""" |
| | path = get_system_user_directory("my_cache") |
| | assert "__my_cache" in path |
| |
|
| | def test_empty_name_raises(self): |
| | """Test empty name raises ValueError.""" |
| | with pytest.raises(ValueError, match="cannot be empty"): |
| | get_system_user_directory("") |
| |
|
| | def test_none_name_raises(self): |
| | """Test None name raises ValueError.""" |
| | with pytest.raises(ValueError, match="cannot be empty"): |
| | get_system_user_directory(None) |
| |
|
| | def test_name_starting_with_underscore_raises(self): |
| | """Test name starting with underscore raises ValueError.""" |
| | with pytest.raises(ValueError, match="should not start with underscore"): |
| | get_system_user_directory("_system") |
| |
|
| | def test_path_traversal_raises(self): |
| | """Test path traversal attempt raises ValueError (security).""" |
| | with pytest.raises(ValueError, match="Invalid system user name"): |
| | get_system_user_directory("../escape") |
| |
|
| | def test_path_traversal_middle_raises(self): |
| | """Test path traversal in middle raises ValueError (security).""" |
| | with pytest.raises(ValueError, match="Invalid system user name"): |
| | get_system_user_directory("system/../other") |
| |
|
| | def test_special_chars_raise(self): |
| | """Test special characters raise ValueError (security).""" |
| | with pytest.raises(ValueError, match="Invalid system user name"): |
| | get_system_user_directory("system!") |
| |
|
| | def test_returns_absolute_path(self, mock_user_directory): |
| | """Test returned path is absolute.""" |
| | path = get_system_user_directory("test") |
| | assert os.path.isabs(path) |
| |
|
| |
|
| | class TestGetPublicUserDirectory: |
| | """Tests for get_public_user_directory() - HTTP endpoint access with System User blocking. |
| | |
| | Verifies: |
| | - System Users (__ prefix) return None, blocking HTTP access |
| | - Public Users get valid paths |
| | - New endpoints using this function are automatically protected |
| | """ |
| |
|
| | def test_normal_user(self, mock_user_directory): |
| | """Test normal user returns valid path.""" |
| | path = get_public_user_directory("default") |
| | assert path is not None |
| | assert "default" in path |
| | assert mock_user_directory in path |
| |
|
| | def test_system_user_returns_none(self): |
| | """Test System User (__ prefix) returns None - blocks HTTP access.""" |
| | assert get_public_user_directory("__system") is None |
| |
|
| | def test_system_user_cache_returns_none(self): |
| | """Test System User cache returns None.""" |
| | assert get_public_user_directory("__cache") is None |
| |
|
| | def test_empty_user_returns_none(self): |
| | """Test empty user returns None.""" |
| | assert get_public_user_directory("") is None |
| |
|
| | def test_none_user_returns_none(self): |
| | """Test None user returns None.""" |
| | assert get_public_user_directory(None) is None |
| |
|
| | def test_header_injection_returns_none(self): |
| | """Test header injection attempt returns None (security).""" |
| | assert get_public_user_directory("__system\r\nX-Injected: true") is None |
| |
|
| | def test_null_byte_injection_returns_none(self): |
| | """Test null byte injection handling (security).""" |
| | |
| | result = get_public_user_directory("user\x00__system") |
| | |
| | |
| | assert result is not None or result is None |
| |
|
| | def test_path_traversal_attempt(self, mock_user_directory): |
| | """Test path traversal attempt handling.""" |
| | |
| | |
| | path = get_public_user_directory("../../../etc/passwd") |
| | |
| | |
| | assert path is not None or "__" not in "../../../etc/passwd" |
| |
|
| | def test_returns_absolute_path(self, mock_user_directory): |
| | """Test returned path is absolute.""" |
| | path = get_public_user_directory("testuser") |
| | assert path is not None |
| | assert os.path.isabs(path) |
| |
|
| |
|
| | class TestBackwardCompatibility: |
| | """Tests for backward compatibility with existing APIs. |
| | |
| | Verifies: |
| | - get_user_directory() API unchanged |
| | - Existing user data remains accessible |
| | """ |
| |
|
| | def test_get_user_directory_unchanged(self, mock_user_directory): |
| | """Test get_user_directory() still works as before.""" |
| | user_dir = get_user_directory() |
| | assert user_dir is not None |
| | assert os.path.isabs(user_dir) |
| | assert user_dir == mock_user_directory |
| |
|
| | def test_existing_user_accessible(self, mock_user_directory): |
| | """Test existing users can access their directories.""" |
| | path = get_public_user_directory("default") |
| | assert path is not None |
| | assert "default" in path |
| |
|
| |
|
| | class TestEdgeCases: |
| | """Tests for edge cases in System User detection. |
| | |
| | Verifies: |
| | - Only __ prefix is blocked (not _, not middle __) |
| | - Bypass attempts are prevented |
| | """ |
| |
|
| | def test_prefix_only(self): |
| | """Test prefix-only string is blocked.""" |
| | assert get_public_user_directory("__") is None |
| |
|
| | def test_single_underscore_allowed(self): |
| | """Test single underscore prefix is allowed (not System User).""" |
| | path = get_public_user_directory("_system") |
| | assert path is not None |
| | assert "_system" in path |
| |
|
| | def test_triple_underscore_blocked(self): |
| | """Test triple underscore is blocked (starts with __).""" |
| | assert get_public_user_directory("___system") is None |
| |
|
| | def test_underscore_in_middle_allowed(self): |
| | """Test underscore in middle is allowed.""" |
| | path = get_public_user_directory("my__system") |
| | assert path is not None |
| | assert "my__system" in path |
| |
|
| | def test_leading_space_allowed(self): |
| | """Test leading space + prefix is allowed (doesn't start with __).""" |
| | path = get_public_user_directory(" __system") |
| | assert path is not None |
| |
|
