2015-04-09 17:42:54 +08:00
|
|
|
require "testing_env"
|
|
|
|
|
require "sandbox"
|
|
|
|
|
|
|
|
|
|
class SandboxTest < Homebrew::TestCase
|
|
|
|
|
def setup
|
|
|
|
|
skip "sandbox not implemented" unless Sandbox.available?
|
2015-04-28 22:36:54 -04:00
|
|
|
@sandbox = Sandbox.new
|
2015-04-28 22:37:27 -04:00
|
|
|
@dir = Pathname.new(mktmpdir)
|
2015-04-28 22:36:54 -04:00
|
|
|
@file = @dir/"foo"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def teardown
|
|
|
|
|
@dir.rmtree
|
2015-04-09 17:42:54 +08:00
|
|
|
end
|
|
|
|
|
|
2016-08-14 17:34:54 +01:00
|
|
|
def test_formula?
|
|
|
|
|
f = formula { url "foo-1.0" }
|
|
|
|
|
f2 = formula { url "bar-1.0" }
|
|
|
|
|
f2.stubs(:tap).returns(Tap.fetch("test/tap"))
|
|
|
|
|
|
|
|
|
|
ARGV.stubs(:sandbox?).returns true
|
|
|
|
|
assert Sandbox.formula?(f),
|
|
|
|
|
"Formulae should be sandboxed if --sandbox was passed."
|
|
|
|
|
|
|
|
|
|
ARGV.stubs(:sandbox?).returns false
|
|
|
|
|
assert Sandbox.formula?(f),
|
|
|
|
|
"Formulae should be sandboxed if in a sandboxed tap."
|
|
|
|
|
refute Sandbox.formula?(f2),
|
|
|
|
|
"Formulae should not be sandboxed if not in a sandboxed tap."
|
|
|
|
|
end
|
|
|
|
|
|
2016-08-14 17:33:05 +01:00
|
|
|
def test_test?
|
|
|
|
|
ARGV.stubs(:no_sandbox?).returns false
|
|
|
|
|
assert Sandbox.test?,
|
|
|
|
|
"Tests should be sandboxed unless --no-sandbox was passed."
|
|
|
|
|
end
|
|
|
|
|
|
2015-04-09 17:42:54 +08:00
|
|
|
def test_allow_write
|
2015-04-28 22:36:54 -04:00
|
|
|
@sandbox.allow_write @file
|
|
|
|
|
@sandbox.exec "touch", @file
|
|
|
|
|
assert_predicate @file, :exist?
|
2015-04-09 17:42:54 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def test_deny_write
|
|
|
|
|
shutup do
|
2015-04-28 22:36:54 -04:00
|
|
|
assert_raises(ErrorDuringExecution) { @sandbox.exec "touch", @file }
|
2015-04-09 17:42:54 +08:00
|
|
|
end
|
2015-04-28 22:36:54 -04:00
|
|
|
refute_predicate @file, :exist?
|
2015-04-09 17:42:54 +08:00
|
|
|
end
|
2016-08-11 00:23:02 -07:00
|
|
|
|
|
|
|
|
def test_complains_on_failure
|
2016-09-17 15:32:44 +01:00
|
|
|
Utils.expects(popen_read: "foo")
|
|
|
|
|
ARGV.stubs(verbose?: true)
|
2016-08-11 00:23:02 -07:00
|
|
|
out, _err = capture_io do
|
|
|
|
|
assert_raises(ErrorDuringExecution) { @sandbox.exec "false" }
|
|
|
|
|
end
|
|
|
|
|
assert_match "foo", out
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def test_ignores_bogus_python_error
|
|
|
|
|
with_bogus_error = <<-EOS.undent
|
|
|
|
|
foo
|
|
|
|
|
Mar 17 02:55:06 sandboxd[342]: Python(49765) deny file-write-unlink /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/errors.pyc
|
|
|
|
|
bar
|
|
|
|
|
EOS
|
2016-09-17 15:32:44 +01:00
|
|
|
Utils.expects(popen_read: with_bogus_error)
|
|
|
|
|
ARGV.stubs(verbose?: true)
|
2016-08-11 00:23:02 -07:00
|
|
|
out, _err = capture_io do
|
|
|
|
|
assert_raises(ErrorDuringExecution) { @sandbox.exec "false" }
|
|
|
|
|
end
|
|
|
|
|
refute_predicate out, :empty?
|
|
|
|
|
assert_match "foo", out
|
|
|
|
|
assert_match "bar", out
|
|
|
|
|
refute_match "Python", out
|
|
|
|
|
end
|
2015-04-09 17:42:54 +08:00
|
|
|
end
|
