brew/Library/Homebrew/test/sandbox_test.rb

require "testing_env"
require "sandbox"

class SandboxTest < Homebrew::TestCase
  def setup
    super
    skip "sandbox not implemented" unless Sandbox.available?
    @sandbox = Sandbox.new
    @dir = Pathname.new(mktmpdir)
    @file = @dir/"foo"
  end

  def test_formula?
    f = formula { url "foo-1.0" }
    f2 = formula { url "bar-1.0" }
    f2.stubs(:tap).returns(Tap.fetch("test/tap"))

    ENV["HOMEBREW_SANDBOX"] = "1"
    assert Sandbox.formula?(f),
      "Formulae should be sandboxed if --sandbox was passed."

    ENV.delete("HOMEBREW_SANDBOX")
    assert Sandbox.formula?(f),
      "Formulae should be sandboxed if in a sandboxed tap."
    refute Sandbox.formula?(f2),
        "Formulae should not be sandboxed if not in a sandboxed tap."
  end

  def test_test?
    ENV.delete("HOMEBREW_NO_SANDBOX")
    assert Sandbox.test?,
      "Tests should be sandboxed unless --no-sandbox was passed."
  end

  def test_allow_write
    @sandbox.allow_write @file
    @sandbox.exec "touch", @file
    assert_predicate @file, :exist?
  end

  def test_deny_write
    shutup do
      assert_raises(ErrorDuringExecution) { @sandbox.exec "touch", @file }
    end
    refute_predicate @file, :exist?
  end

  def test_complains_on_failure
    Utils.expects(popen_read: "foo")
    ENV["HOMEBREW_VERBOSE"] = "1"
    out, _err = capture_io do
      assert_raises(ErrorDuringExecution) { @sandbox.exec "false" }
    end
    assert_match "foo", out
  end

  def test_ignores_bogus_python_error
    with_bogus_error = <<-EOS.undent
      foo
      Mar 17 02:55:06 sandboxd[342]: Python(49765) deny file-write-unlink /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/errors.pyc
      bar
    EOS
    Utils.expects(popen_read: with_bogus_error)
    ENV["HOMEBREW_VERBOSE"] = "1"
    out, _err = capture_io do
      assert_raises(ErrorDuringExecution) { @sandbox.exec "false" }
    end
    refute_predicate out, :empty?
    assert_match "foo", out
    assert_match "bar", out
    refute_match "Python", out
  end
end
preliminary write control only sandbox Closes Homebrew/homebrew#38361. Signed-off-by: Xu Cheng <xucheng@me.com> 2015-04-09 17:42:54 +08:00			`require "testing_env"`
			`require "sandbox"`

			`class SandboxTest < Homebrew::TestCase`
			`def setup`
tests: enforce `super` in lifecycle hooks This will allow us to have global setup and teardown for tests. For example, we can automatically clear caches after each test, to avoid annoying intermittent failures like #1879 and #1886. 2017-01-21 11:21:30 +00:00			`super`
preliminary write control only sandbox Closes Homebrew/homebrew#38361. Signed-off-by: Xu Cheng <xucheng@me.com> 2015-04-09 17:42:54 +08:00			`skip "sandbox not implemented" unless Sandbox.available?`
Manage sandbox test resources in setup/teardown 2015-04-28 22:36:54 -04:00			`@sandbox = Sandbox.new`
Ensure HOMEBREW_TEMP is respected in all tests 2015-04-28 22:37:27 -04:00			`@dir = Pathname.new(mktmpdir)`
Manage sandbox test resources in setup/teardown 2015-04-28 22:36:54 -04:00			`@file = @dir/"foo"`
			`end`

sandbox: add formula? method and sandbox core. Add a new `Sandbox.formula?` method to see if a given formula should be sandboxed. Use the formula to check its tap against a list of pre-approved taps where we know every formula builds under the sandbox (currently just homebrew/core). 2016-08-14 17:34:54 +01:00			`def test_formula?`
			`f = formula { url "foo-1.0" }`
			`f2 = formula { url "bar-1.0" }`
			`f2.stubs(:tap).returns(Tap.fetch("test/tap"))`

tests: remove remainder of ARGV stubs I was waiting for confirmation that there wasn't a good reason for these to be stubbed before I removed them. 2017-01-21 15:46:28 +00:00			`ENV["HOMEBREW_SANDBOX"] = "1"`
sandbox: add formula? method and sandbox core. Add a new `Sandbox.formula?` method to see if a given formula should be sandboxed. Use the formula to check its tap against a list of pre-approved taps where we know every formula builds under the sandbox (currently just homebrew/core). 2016-08-14 17:34:54 +01:00			`assert Sandbox.formula?(f),`
			`"Formulae should be sandboxed if --sandbox was passed."`

tests: remove remainder of ARGV stubs I was waiting for confirmation that there wasn't a good reason for these to be stubbed before I removed them. 2017-01-21 15:46:28 +00:00			`ENV.delete("HOMEBREW_SANDBOX")`
sandbox: add formula? method and sandbox core. Add a new `Sandbox.formula?` method to see if a given formula should be sandboxed. Use the formula to check its tap against a list of pre-approved taps where we know every formula builds under the sandbox (currently just homebrew/core). 2016-08-14 17:34:54 +01:00			`assert Sandbox.formula?(f),`
			`"Formulae should be sandboxed if in a sandboxed tap."`
			`refute Sandbox.formula?(f2),`
			`"Formulae should not be sandboxed if not in a sandboxed tap."`
			`end`

sandbox: add test? method. Simplify checking if we’re going to sandbox a test with `Sandbox.test?`. 2016-08-14 17:33:05 +01:00			`def test_test?`
tests: remove remainder of ARGV stubs I was waiting for confirmation that there wasn't a good reason for these to be stubbed before I removed them. 2017-01-21 15:46:28 +00:00			`ENV.delete("HOMEBREW_NO_SANDBOX")`
sandbox: add test? method. Simplify checking if we’re going to sandbox a test with `Sandbox.test?`. 2016-08-14 17:33:05 +01:00			`assert Sandbox.test?,`
			`"Tests should be sandboxed unless --no-sandbox was passed."`
			`end`

preliminary write control only sandbox Closes Homebrew/homebrew#38361. Signed-off-by: Xu Cheng <xucheng@me.com> 2015-04-09 17:42:54 +08:00			`def test_allow_write`
Manage sandbox test resources in setup/teardown 2015-04-28 22:36:54 -04:00			`@sandbox.allow_write @file`
			`@sandbox.exec "touch", @file`
			`assert_predicate @file, :exist?`
preliminary write control only sandbox Closes Homebrew/homebrew#38361. Signed-off-by: Xu Cheng <xucheng@me.com> 2015-04-09 17:42:54 +08:00			`end`

			`def test_deny_write`
			`shutup do`
Manage sandbox test resources in setup/teardown 2015-04-28 22:36:54 -04:00			`assert_raises(ErrorDuringExecution) { @sandbox.exec "touch", @file }`
preliminary write control only sandbox Closes Homebrew/homebrew#38361. Signed-off-by: Xu Cheng <xucheng@me.com> 2015-04-09 17:42:54 +08:00			`end`
Manage sandbox test resources in setup/teardown 2015-04-28 22:36:54 -04:00			`refute_predicate @file, :exist?`
preliminary write control only sandbox Closes Homebrew/homebrew#38361. Signed-off-by: Xu Cheng <xucheng@me.com> 2015-04-09 17:42:54 +08:00			`end`
Test that sandbox complains correctly Test that sandbox does not complain about bogus .pyc errors and does complain about other failures. Closes #684. 2016-08-11 00:23:02 -07:00
			`def test_complains_on_failure`
rubocop --auto-correct all hash-rocket usage. 2016-09-17 15:32:44 +01:00			`Utils.expects(popen_read: "foo")`
tests: set verbose in ENV instead of stubbing ARGV 2017-01-21 15:16:32 +00:00			`ENV["HOMEBREW_VERBOSE"] = "1"`
Test that sandbox complains correctly Test that sandbox does not complain about bogus .pyc errors and does complain about other failures. Closes #684. 2016-08-11 00:23:02 -07:00			`out, _err = capture_io do`
			`assert_raises(ErrorDuringExecution) { @sandbox.exec "false" }`
			`end`
			`assert_match "foo", out`
			`end`

			`def test_ignores_bogus_python_error`
			`with_bogus_error = <<-EOS.undent`
			`foo`
			`Mar 17 02:55:06 sandboxd[342]: Python(49765) deny file-write-unlink /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/errors.pyc`
			`bar`
			`EOS`
rubocop --auto-correct all hash-rocket usage. 2016-09-17 15:32:44 +01:00			`Utils.expects(popen_read: with_bogus_error)`
tests: set verbose in ENV instead of stubbing ARGV 2017-01-21 15:16:32 +00:00			`ENV["HOMEBREW_VERBOSE"] = "1"`
Test that sandbox complains correctly Test that sandbox does not complain about bogus .pyc errors and does complain about other failures. Closes #684. 2016-08-11 00:23:02 -07:00			`out, _err = capture_io do`
			`assert_raises(ErrorDuringExecution) { @sandbox.exec "false" }`
			`end`
			`refute_predicate out, :empty?`
			`assert_match "foo", out`
			`assert_match "bar", out`
			`refute_match "Python", out`
			`end`
preliminary write control only sandbox Closes Homebrew/homebrew#38361. Signed-off-by: Xu Cheng <xucheng@me.com> 2015-04-09 17:42:54 +08:00			`end`