valitydev/riak_test
14
0
Fork 0
mirror of https://github.com/valitydev/riak_test.git synced 2024-11-06 08:35:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Test that link walking and erlang mapreduce with untrusted modules is not allowed

Browse Source
This commit is contained in:
Andrew Thompson 2013-12-10 18:34:00 -05:00
parent 5ce8320ff9
commit b72acb2e0f
2 changed files with 183 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
tests/http_security.erl
View File

@ -3,6 +3,8 @@
-behavior(riak_test).
-export([confirm/0]).
-export([map_object_value/3, reduce_set_union/2, mapred_modfun_input/3]).
-include_lib("eunit/include/eunit.hrl").
-define(assertDenied(Op), ?assertMatch({error, {forbidden, _}}, Op)).
@ -313,6 +315,85 @@ confirm() ->
<<"Riak.reduceSum">>}, undefined,
true}])),
%% load this module on all the nodes
ok = rt:load_modules_on_nodes([?MODULE], Nodes),
lager:info("checking erlang mapreduce works"),
?assertMatch({ok, [{1, _}]},
rhc:mapred_bucket(C7, <<"MR">>, [{map, {modfun,
riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union}, undefined,
true}])),
lager:info("checking that insecure input modfun fails"),
?assertMatch({error, _},
rhc:mapred_bucket(C7, {modfun, ?MODULE, mapred_modfun_input,
[]}, [{map, {modfun,
riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union}, undefined,
true}])),
lager:info("checking that insecure query modfuns fail"),
?assertMatch({error, _},
rhc:mapred_bucket(C7, <<"MR">>, [{map, {modfun,
?MODULE,
map_object_value}, undefined, false},
{reduce, {modfun,
?MODULE,
reduce_set_union}, undefined,
true}])),
lager:info("whitelisting module path"),
ok = rpc:call(Node, application, set_env, [riak_kv, add_paths,
[filename:dirname(code:which(?MODULE))]]),
lager:info("checking that insecure input modfun fails when whitelisted but"
" lacking permissions"),
?assertMatch({error, {"403", _}},
rhc:mapred_bucket(C7, {modfun, ?MODULE, mapred_modfun_input,
[]}, [{map, {modfun,
riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union}, undefined,
true}])),
ok = rpc:call(Node, riak_core_console, grant, [["riak_kv.mapreduce", "ON",
"ANY", "TO", "user"]]),
lager:info("checking that insecure input modfun works when whitelisted and"
" has permissions"),
?assertMatch({ok, _},
rhc:mapred_bucket(C7, {modfun, ?MODULE, mapred_modfun_input,
[]}, [{map, {modfun,
riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union}, undefined,
true}])),
ok = rpc:call(Node, riak_core_console, revoke, [["riak_kv.mapreduce", "ON",
"ANY", "FROM", "user"]]),
lager:info("checking that insecure query modfuns works when whitelisted"),
?assertMatch({ok, _},
rhc:mapred_bucket(C7, <<"MR">>, [{map, {modfun,
?MODULE,
map_object_value}, undefined, false},
{reduce, {modfun,
?MODULE,
reduce_set_union}, undefined,
true}])),
lager:info("Revoking list-keys, checking that full-bucket mapred fails"),
ok = rpc:call(Node, riak_core_console, revoke, [["riak_kv.list_keys", "ON",
"default", "MR", "FROM", "user"]]),
@ -334,7 +415,15 @@ enable_ssl(Node) ->
rt:wait_until_pingable(Node),
rt:wait_for_service(Node, riak_kv).
map_object_value(RiakObject, A, B) ->
riak_kv_mapreduce:map_object_value(RiakObject, A, B).
reduce_set_union(List, A) ->
riak_kv_mapreduce:reduce_set_union(List, A).
mapred_modfun_input(Pipe, _Args, _Timeout) ->
riak_pipe:queue_work(Pipe, {{<<"MR">>, <<"lobster_roll">>}, {struct, []}}),
riak_pipe:eoi(Pipe).
crdt_tests([Node|_]=Nodes, RHC) ->
lager:info("Creating bucket types for CRDTs"),

94
tests/pb_security.erl
View File

@ -3,6 +3,8 @@
-behavior(riak_test).
-export([confirm/0]).
-export([map_object_value/3, reduce_set_union/2, mapred_modfun_input/3]).
-include_lib("eunit/include/eunit.hrl").
-include_lib("riakc/include/riakc.hrl").
@ -383,6 +385,88 @@ confirm() ->
<<"Riak.reduceSum">>},
undefined, true}])),
lager:info("checking mapreduce with a whitelisted modfun works"),
?assertEqual({ok, [{1, [<<"1">>]}]},
riakc_pb_socket:mapred_bucket(PB, <<"hello">>,
[{map, {modfun, riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union},
undefined, true}])),
%% load this module on all the nodes
ok = rt:load_modules_on_nodes([?MODULE], Nodes),
lager:info("checking mapreduce with a insecure modfun input fails"),
?assertMatch({error, <<"{inputs,{insecure_module_path",_/binary>>},
riakc_pb_socket:mapred_bucket(PB, {modfun, ?MODULE,
mapred_modfun_input, []},
[{map, {modfun, riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union},
undefined, true}])),
lager:info("checking mapreduce with a insecure modfun phase fails"),
?assertMatch({error, <<"{query,{insecure_module_path",_/binary>>},
riakc_pb_socket:mapred_bucket(PB, <<"hello">>,
[{map, {modfun, ?MODULE,
map_object_value}, undefined, false},
{reduce, {modfun,
?MODULE,
reduce_set_union},
undefined, true}])),
lager:info("whitelisting module path"),
ok = rpc:call(Node, application, set_env, [riak_kv, add_paths,
[filename:dirname(code:which(?MODULE))]]),
lager:info("checking mapreduce with a insecure modfun input fails when"
" whitelisted but lacking permissions"),
?assertMatch({error, <<"Permission",_/binary>>},
riakc_pb_socket:mapred_bucket(PB, {modfun, ?MODULE,
mapred_modfun_input, []},
[{map, {modfun, riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union},
undefined, true}])),
ok = rpc:call(Node, riak_core_console, grant, [["riak_kv.mapreduce", "ON",
"ANY", "TO", "user"]]),
?assertEqual({ok, [{1, [<<"1">>]}]},
riakc_pb_socket:mapred_bucket(PB, {modfun, ?MODULE,
mapred_modfun_input, []},
[{map, {modfun, riak_kv_mapreduce,
map_object_value}, undefined, false},
{reduce, {modfun,
riak_kv_mapreduce,
reduce_set_union},
undefined, true}])),
ok = rpc:call(Node, riak_core_console, revoke, [["riak_kv.mapreduce", "ON",
"ANY", "FROM", "user"]]),
lager:info("checking mapreduce with a insecure modfun phase works when"
" whitelisted"),
?assertEqual({ok, [{1, [<<"1">>]}]},
riakc_pb_socket:mapred_bucket(PB, <<"hello">>,
[{map, {modfun, ?MODULE,
map_object_value}, undefined, false},
{reduce, {modfun,
?MODULE,
reduce_set_union},
undefined, true}])),
lager:info("link walking should fail with a deprecation error"),
?assertMatch({error, _}, riakc_pb_socket:mapred(PB, [{<<"lists">>, <<"mine">>}],
[{link, <<"items">>, '_', true}])),
%% revoke only the list_keys permission
lager:info("Revoking list-keys, checking that full-bucket mapred fails"),
ok = rpc:call(Node, riak_core_console, revoke, [["riak_kv.list_keys", "ON",
@ -701,3 +785,13 @@ crdt_tests([Node|_]=Nodes, PB) ->
|| {BType, _, Op} <- Types ],
ok.
map_object_value(RiakObject, A, B) ->
riak_kv_mapreduce:map_object_value(RiakObject, A, B).
reduce_set_union(List, A) ->
riak_kv_mapreduce:reduce_set_union(List, A).
mapred_modfun_input(Pipe, _Args, _Timeout) ->
riak_pipe:queue_work(Pipe, {{<<"hello">>, <<"world">>}, {struct, []}}),
riak_pipe:eoi(Pipe).