From: Kunal Mehta Date: Wed, 30 Jan 2019 07:56:46 +0000 (-0800) Subject: Rename FirejailCommandIntegrationTest to match class name X-Git-Tag: 1.34.0-rc.0~2991 X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22sites_tous%22%29%20.%20%22?a=commitdiff_plain;h=eb2771ecbe3bc819f0783b80643add4b0192f3f3;hp=7eb3d87742b1f7239f0f6e9c8b7b9250ac216f4a;p=lhc%2Fweb%2Fwiklou.git Rename FirejailCommandIntegrationTest to match class name Change-Id: I581c0d95c38e6d22ab19d68e58e2f48c98b2379b --- diff --git a/tests/integration/includes/shell/FirejailCommandIntegrationTest.php b/tests/integration/includes/shell/FirejailCommandIntegrationTest.php new file mode 100644 index 0000000000..47300051a1 --- /dev/null +++ b/tests/integration/includes/shell/FirejailCommandIntegrationTest.php @@ -0,0 +1,80 @@ +markTestSkipped( 'shelling out is disabled' ); + } elseif ( Shell::command( 'which', 'firejail' )->execute()->getExitCode() ) { + $this->markTestSkipped( 'firejail not installed' ); + } elseif ( wfIsWindows() ) { + $this->markTestSkipped( 'test supports POSIX environments only' ); + } + } + + public function testSanity() { + // Make sure that firejail works at all. + $command = new FirejailCommand( 'firejail' ); + $command + ->unsafeParams( 'ls .' ) + ->restrict( Shell::RESTRICT_DEFAULT ); + $result = $command->execute(); + $this->assertSame( 0, $result->getExitCode() ); + } + + /** + * @coversNothing + * @dataProvider provideExecute + */ + public function testExecute( $testCommand, $flag ) { + if ( preg_match( '/^sudo /', $testCommand ) ) { + if ( Shell::command( 'sudo', '-n', 'ls', '/' )->execute()->getExitCode() ) { + $this->markTestSkipped( 'need passwordless sudo' ); + } + } + + $command = new FirejailCommand( 'firejail' ); + $command + ->unsafeParams( $testCommand ) + // If we don't restrict at all, firejail won't be invoked, + // so the test will give a false positive if firejail breaks + // the command for some non-flag-related reason. Instead, + // set some flag that won't get in the way. + ->restrict( $flag === Shell::NO_NETWORK ? Shell::PRIVATE_DEV : Shell::NO_NETWORK ); + $result = $command->execute(); + $this->assertSame( 0, $result->getExitCode(), 'sanity check' ); + + $command = new FirejailCommand( 'firejail' ); + $command + ->unsafeParams( $testCommand ) + ->restrict( $flag ); + $result = $command->execute(); + $this->assertNotSame( 0, $result->getExitCode(), 'real check' ); + } + + public function provideExecute() { + global $IP; + return [ + [ 'sudo -n ls /', Shell::NO_ROOT ], + [ 'sudo -n ls /', Shell::SECCOMP ], // not a great test but seems to work + [ 'ls /dev/cpu', Shell::PRIVATE_DEV ], + [ 'curl -fsSo /dev/null https://wikipedia.org/', Shell::NO_NETWORK ], + [ 'exec ls /', Shell::NO_EXECVE ], + [ "cat $IP/LocalSettings.php", Shell::NO_LOCALSETTINGS ], + ]; + } + +} diff --git a/tests/integration/includes/shell/FirejailCommandTest.php b/tests/integration/includes/shell/FirejailCommandTest.php deleted file mode 100644 index 47300051a1..0000000000 --- a/tests/integration/includes/shell/FirejailCommandTest.php +++ /dev/null @@ -1,80 +0,0 @@ -markTestSkipped( 'shelling out is disabled' ); - } elseif ( Shell::command( 'which', 'firejail' )->execute()->getExitCode() ) { - $this->markTestSkipped( 'firejail not installed' ); - } elseif ( wfIsWindows() ) { - $this->markTestSkipped( 'test supports POSIX environments only' ); - } - } - - public function testSanity() { - // Make sure that firejail works at all. - $command = new FirejailCommand( 'firejail' ); - $command - ->unsafeParams( 'ls .' ) - ->restrict( Shell::RESTRICT_DEFAULT ); - $result = $command->execute(); - $this->assertSame( 0, $result->getExitCode() ); - } - - /** - * @coversNothing - * @dataProvider provideExecute - */ - public function testExecute( $testCommand, $flag ) { - if ( preg_match( '/^sudo /', $testCommand ) ) { - if ( Shell::command( 'sudo', '-n', 'ls', '/' )->execute()->getExitCode() ) { - $this->markTestSkipped( 'need passwordless sudo' ); - } - } - - $command = new FirejailCommand( 'firejail' ); - $command - ->unsafeParams( $testCommand ) - // If we don't restrict at all, firejail won't be invoked, - // so the test will give a false positive if firejail breaks - // the command for some non-flag-related reason. Instead, - // set some flag that won't get in the way. - ->restrict( $flag === Shell::NO_NETWORK ? Shell::PRIVATE_DEV : Shell::NO_NETWORK ); - $result = $command->execute(); - $this->assertSame( 0, $result->getExitCode(), 'sanity check' ); - - $command = new FirejailCommand( 'firejail' ); - $command - ->unsafeParams( $testCommand ) - ->restrict( $flag ); - $result = $command->execute(); - $this->assertNotSame( 0, $result->getExitCode(), 'real check' ); - } - - public function provideExecute() { - global $IP; - return [ - [ 'sudo -n ls /', Shell::NO_ROOT ], - [ 'sudo -n ls /', Shell::SECCOMP ], // not a great test but seems to work - [ 'ls /dev/cpu', Shell::PRIVATE_DEV ], - [ 'curl -fsSo /dev/null https://wikipedia.org/', Shell::NO_NETWORK ], - [ 'exec ls /', Shell::NO_EXECVE ], - [ "cat $IP/LocalSettings.php", Shell::NO_LOCALSETTINGS ], - ]; - } - -}