#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /tools/python-jsonpointer/Sanity/writeable-suid-guid
#   Description: Test for suid files
#   Author: Milos Prchlik <mprchlik@redhat.com>, Jan Kuřík <jkurik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2014-2021 Red Hat, Inc.
#
#   This copyrighted material is made available to anyone wishing
#   to use, modify, copy, or redistribute it subject to the terms
#   and conditions of the GNU General Public License version 2.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE. See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public
#   License along with this program; if not, write to the Free
#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
#   Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1

PACKAGE="python-jsonpointer"

rlJournalStart
    rlPhaseStartSetup
        if rpm -q --quiet python-jsonpointer; then
            PACKAGE="python-jsonpointer"
        elif rpm -q --quiet python3-jsonpointer; then
            PACKAGE="python3-jsonpointer"
        else
            rlDie "No python's jsonpointer package is installed"
        fi

        rlAssertRpm ${PACKAGE}
        rlRun "T=\$(mktemp -d)"
        rlRun "pushd ${T}" || rlDie "Can not 'cd' into a temporary directory"
    rlPhaseEnd

    rlPhaseStartTest
        rlRun -s "find $(rpm -ql ${PACKAGE} | tr '\n' ' ') \
            \\( -perm -4000 -fprintf suid.txt '%#m %u:%g %p\\\\n' \\) , \
            \\( -perm -2000 -fprintf guid.txt '%#m %u:%g %p\\\\n' \\) , \
            \\( -perm -1000 -fprintf sticky.txt '%#m %u:%g %p\\\\n' \\) , \
            \\( -type d -perm -0002 -fprintf writeable-d.txt '%#m %u:%g %p\\\\n' \\) , \
            \\( -type f -perm -0002 -fprintf writeable-f.txt '%#m %u:%g %p\\\\n' \\) \
            " 0 "Search for world-writable, SUID, GUID or sticky bit files and directories"
        for f in suid.txt guid.txt sticky.txt writeable-d.txt writeable-f.txt; do
            if [[ -s ${f} ]]; then
                rlLogInfo "${f} contains the following files:"
                rlLogInfo "$(cat ${f})"
                rlFail "${PACKAGE} files/dirs should not contain SUID, GUID, sticky or world" \
                    "writeable files"
            fi
        done
    rlPhaseEnd

    rlPhaseStartCleanup
        rlRun "popd"
        rlRun "rm -rf ${T}"
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd