2017-05-24 02:18:05 +02:00
|
|
|
require 'test_helper'
|
|
|
|
|
|
|
|
|
|
class CapsicumTest < Minitest::Test
|
2017-05-24 02:18:47 +02:00
|
|
|
# This is going to get awkward...
|
|
|
|
|
i_suck_and_my_tests_are_order_dependent!
|
|
|
|
|
|
2017-05-24 02:18:05 +02:00
|
|
|
def test_that_it_has_a_version_number
|
|
|
|
|
refute_nil ::Capsicum::VERSION
|
|
|
|
|
end
|
|
|
|
|
|
2017-05-24 02:18:47 +02:00
|
|
|
def test_1_within_sandbox
|
2017-05-24 17:13:36 +02:00
|
|
|
skip if RUBY_ENGINE == 'jruby' # fork not supported
|
|
|
|
|
|
2017-05-24 02:18:47 +02:00
|
|
|
refute Capsicum.sandboxed?
|
|
|
|
|
|
|
|
|
|
result = Capsicum.within_sandbox do
|
|
|
|
|
begin
|
|
|
|
|
Capsicum.sandboxed? == true || Process.exit!(1)
|
|
|
|
|
File.new("/dev/null")
|
|
|
|
|
rescue Errno::ECAPMODE
|
|
|
|
|
Process.exit!(0)
|
|
|
|
|
else
|
|
|
|
|
Process.exit!(2)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
assert result.exitstatus.zero?
|
|
|
|
|
refute Capsicum.sandboxed?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# After this test we're in capability mode and cannot escape.
|
|
|
|
|
def test_2_capsicum
|
|
|
|
|
refute Capsicum.sandboxed?
|
|
|
|
|
assert Capsicum.enter!
|
2017-05-24 17:13:36 +02:00
|
|
|
assert Capsicum.enter!
|
2017-05-24 02:18:47 +02:00
|
|
|
assert Capsicum.sandboxed?
|
|
|
|
|
|
|
|
|
|
assert_raises(Errno::ECAPMODE) do
|
|
|
|
|
File.new("/dev/null")
|
|
|
|
|
end
|
|
|
|
|
|
2024-06-24 02:46:08 +02:00
|
|
|
assert_raises(Errno::ENOENT) do
|
2017-05-24 02:18:47 +02:00
|
|
|
puts `ls`
|
|
|
|
|
end
|
2017-05-24 02:18:05 +02:00
|
|
|
end
|
|
|
|
|
end
|
