summaryrefslogtreecommitdiff
path: root/tests/reverse/exclude_test.go
blob: f24ff2c35b521fdf4617f677c12087a59a1c7726 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
package reverse_test

import (
	"io/ioutil"
	"path/filepath"
	"testing"

	"github.com/rfjakob/gocryptfs/v2/ctlsock"
	"github.com/rfjakob/gocryptfs/v2/internal/nametransform"
	"github.com/rfjakob/gocryptfs/v2/tests/test_helpers"
)

func ctlsockEncryptPath(t *testing.T, sock string, path string) string {
	req := ctlsock.RequestStruct{EncryptPath: path}
	response := test_helpers.QueryCtlSock(t, sock, req)
	if response.ErrNo != 0 {
		t.Fatal(response)
	}
	return response.Result
}

// doTestExcludeTestFs runs exclude tests against the exclude_test_fs folder
func doTestExcludeTestFs(t *testing.T, flag string, patterns, visible, hidden []string) {
	// Mount reverse fs
	mnt, err := ioutil.TempDir(test_helpers.TmpDir, t.Name())
	if err != nil {
		t.Fatal(err)
	}
	sock := mnt + ".sock"
	cliArgs := []string{"-reverse", "-extpass", "echo test", "-ctlsock", sock}
	for _, v := range patterns {
		cliArgs = append(cliArgs, flag, v)
	}
	if plaintextnames {
		cliArgs = append(cliArgs, "-config", "exclude_test_fs/.gocryptfs.reverse.conf.plaintextnames")
	}
	test_helpers.MountOrFatal(t, "exclude_test_fs", mnt, cliArgs...)
	defer test_helpers.UnmountPanic(mnt)

	// Get encrypted version of visible and hidden paths
	cVisible := encryptExcludeTestPaths(t, sock, visible)
	cHidden := encryptExcludeTestPaths(t, sock, hidden)

	// Check that hidden paths are not there and visible paths are there
	for _, v := range cHidden {
		if test_helpers.VerifyExistence(t, mnt+"/"+v) {
			t.Errorf("File %q is visible, but should be hidden", v)
		}
		if nametransform.IsLongContent(filepath.Base(v)) {
			// TODO ???
		}
	}
	for _, v := range cVisible {
		if !test_helpers.VerifyExistence(t, mnt+"/"+v) {
			t.Errorf("File %q is hidden, but should be visible", v)
		}
	}
}

// encryptExcludeTestPaths is used by doTestExcludeTestFs() to encrypt the lists of
// testcase paths
func encryptExcludeTestPaths(t *testing.T, socket string, pRelPaths []string) (out []string) {
	for _, pRelPath := range pRelPaths {
		cRelPath := ctlsockEncryptPath(t, socket, pRelPath)
		out = append(out, cRelPath)
		if !plaintextnames && nametransform.IsLongContent(filepath.Base(cRelPath)) {
			// If we exclude
			//   gocryptfs.longname.3vZ_r3eDPb1_fL3j5VA4rd_bcKWLKT9eaxOVIGK5HFA
			// we should also exclude
			//   gocryptfs.longname.3vZ_r3eDPb1_fL3j5VA4rd_bcKWLKT9eaxOVIGK5HFA.name
			out = append(out, cRelPath+nametransform.LongNameSuffix)
		}
	}
	return out
}

// TestExcludeTestFs runs exclude tests against the exclude_test_fs folder.
func TestExcludeTestFs(t *testing.T) {
	// --exclude-wildcard patterns, gitignore syntax
	patterns := []string{
		"file1",                       // matches file1 anywhere
		"!longdir1" + x240 + "/file1", // ! includes an otherwise file
		"file2/",                      // a trailing slash matches only a directory
		"dir1/file2",                  // matches file2 inside dir1 anywhere
		"#file2",                      // comments are ignored
		"dir2",                        // excludes the whole directory
		"longfile2" + x240,            // matches longfile2 anywhere
		"/longfile3" + x240,           // a leading / anchors the match at the root
		"*~",                          // wildcards are supported
		"dir1/**/exclude",             // ** matches any number of directories
		"file3/",                      // pattern with trailing slash should not match a file
	}
	// visible are plaintext paths that should be visible in the encrypted view
	visible := []string{
		"file2",
		"dir1/longfile1" + x240,
		"dir1/longfile3" + x240,
		"longdir1" + x240,
		"longdir1" + x240 + "/file1",
		"longdir2" + x240 + "/file",
		"longfile1" + x240,
		"file3",
	}
	// hidden are plaintext paths that should be hidden in the encrypted view
	hidden := []string{
		"bkp1~",
		"dir1/file1",
		"dir1/file2",
		"dir1/exclude",
		"dir1/longbkp1" + x240 + "~",
		"dir1/longfile2" + x240,
		"dir1/subdir1/exclude",
		"dir1/subdir1/subdir2/exclude",
		"dir2",
		"dir2/file",
		"dir2/longdir1" + x240 + "/file",
		"dir2/longfile." + x240,
		"dir2/subdir",
		"dir2/subdir/file",
		"file1",
		"longdir2" + x240 + "/bkp~",
		"longfile2" + x240,
		"longfile3" + x240,
	}

	doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden)
	doTestExcludeTestFs(t, "-ew", patterns, visible, hidden)
}

// Exclude everything using "/*", then selectively include only dir1 using "!/dir1"
// https://github.com/rfjakob/gocryptfs/issues/588
func TestExcludeAllOnlyDir1(t *testing.T) {
	// --exclude-wildcard patterns, gitignore syntax
	patterns := []string{
		"*",
		"!/dir1",
	}
	// visible are plaintext paths that should be visible in the encrypted view
	visible := []string{
		"dir1",
		"dir1/file1",
	}
	// hidden are plaintext paths that should be hidden in the encrypted view
	hidden := []string{
		"dir2",
		"dir2/file",
		"dir2/longdir1" + x240 + "/file",
		"dir2/longfile." + x240,
		"dir2/subdir",
		"dir2/subdir/file",
		"file1",
		"longdir2" + x240 + "/bkp~",
		"longfile2" + x240,
		"longfile3" + x240,
	}
	doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden)
}