Ophestra
6e7ddb2d2e
This is done more cleanly by modifying Args in cmdF. Signed-off-by: Ophestra <cat@gensokyo.uk>
235 lines
6.5 KiB
Go
235 lines
6.5 KiB
Go
package dbus_test
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"git.gensokyo.uk/security/fortify/dbus"
|
|
"git.gensokyo.uk/security/fortify/helper"
|
|
)
|
|
|
|
func TestNew(t *testing.T) {
|
|
for _, tc := range [][2][2]string{
|
|
{
|
|
{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/1ca5d183ef4c99e74c3e544715f32702/bus"},
|
|
{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/1ca5d183ef4c99e74c3e544715f32702/system_bus_socket"},
|
|
},
|
|
{
|
|
{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/881ac3796ff3f3bf0a773824383187a0/bus"},
|
|
{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/881ac3796ff3f3bf0a773824383187a0/system_bus_socket"},
|
|
},
|
|
{
|
|
{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/3d1a5084520ef79c0c6a49a675bac701/bus"},
|
|
{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/3d1a5084520ef79c0c6a49a675bac701/system_bus_socket"},
|
|
},
|
|
{
|
|
{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/2a1639bab712799788ea0ff7aa280c35/bus"},
|
|
{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/2a1639bab712799788ea0ff7aa280c35/system_bus_socket"},
|
|
},
|
|
} {
|
|
t.Run("create instance for "+tc[0][0]+" and "+tc[1][0], func(t *testing.T) {
|
|
if got := dbus.New(tc[0], tc[1]); !got.CompareTestNew(tc[0], tc[1]) {
|
|
t.Errorf("New(%q, %q) = %v",
|
|
tc[0], tc[1],
|
|
got)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestProxy_Seal(t *testing.T) {
|
|
t.Run("double seal panic", func(t *testing.T) {
|
|
defer func() {
|
|
want := "dbus proxy sealed twice"
|
|
if r := recover(); r != want {
|
|
t.Errorf("Seal: panic = %q, want %q",
|
|
r, want)
|
|
}
|
|
}()
|
|
|
|
p := dbus.New([2]string{}, [2]string{})
|
|
_ = p.Seal(dbus.NewConfig("", true, false), nil)
|
|
_ = p.Seal(dbus.NewConfig("", true, false), nil)
|
|
})
|
|
|
|
ep := dbus.New([2]string{}, [2]string{})
|
|
if err := ep.Seal(nil, nil); !errors.Is(err, dbus.ErrConfig) {
|
|
t.Errorf("Seal(nil, nil) error = %v, want %v",
|
|
err, dbus.ErrConfig)
|
|
}
|
|
|
|
for id, tc := range testCasePairs() {
|
|
t.Run("create seal for "+id, func(t *testing.T) {
|
|
p := dbus.New(tc[0].bus, tc[1].bus)
|
|
if err := p.Seal(tc[0].c, tc[1].c); (errors.Is(err, helper.ErrContainsNull)) != tc[0].wantErr {
|
|
t.Errorf("Seal(%p, %p) error = %v, wantErr %v",
|
|
tc[0].c, tc[1].c,
|
|
err, tc[0].wantErr)
|
|
return
|
|
}
|
|
|
|
// rest of the tests happen for sealed instances
|
|
if tc[0].wantErr {
|
|
return
|
|
}
|
|
|
|
// build null-terminated string from wanted args
|
|
want := new(strings.Builder)
|
|
args := append(tc[0].want, tc[1].want...)
|
|
for _, arg := range args {
|
|
want.WriteString(arg)
|
|
want.WriteByte('\x00')
|
|
}
|
|
|
|
wt := p.AccessTestProxySeal()
|
|
got := new(strings.Builder)
|
|
if _, err := wt.WriteTo(got); err != nil {
|
|
t.Errorf("p.seal.WriteTo(): %v", err)
|
|
}
|
|
|
|
if want.String() != got.String() {
|
|
t.Errorf("Seal(%p, %p) seal = %v, want %v",
|
|
tc[0].c, tc[1].c,
|
|
got.String(), want.String())
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestProxy_Start_Wait_Close_String(t *testing.T) {
|
|
t.Run("sandbox", func(t *testing.T) {
|
|
proxyName := dbus.ProxyName
|
|
dbus.ProxyName = os.Args[0]
|
|
t.Cleanup(func() { dbus.ProxyName = proxyName })
|
|
testProxyStartWaitCloseString(t, true)
|
|
})
|
|
t.Run("direct", func(t *testing.T) { testProxyStartWaitCloseString(t, false) })
|
|
}
|
|
|
|
func testProxyStartWaitCloseString(t *testing.T, sandbox bool) {
|
|
for id, tc := range testCasePairs() {
|
|
// this test does not test errors
|
|
if tc[0].wantErr {
|
|
continue
|
|
}
|
|
|
|
t.Run("string for nil proxy", func(t *testing.T) {
|
|
var p *dbus.Proxy
|
|
want := "(invalid dbus proxy)"
|
|
if got := p.String(); got != want {
|
|
t.Errorf("String() = %v, want %v",
|
|
got, want)
|
|
}
|
|
})
|
|
|
|
t.Run("proxy for "+id, func(t *testing.T) {
|
|
p := dbus.New(tc[0].bus, tc[1].bus)
|
|
p.CmdF = func(cmd *exec.Cmd) {
|
|
wantArgv0 := dbus.ProxyName
|
|
if sandbox {
|
|
wantArgv0 = "bwrap"
|
|
}
|
|
if cmd.Args[0] != wantArgv0 {
|
|
panic(fmt.Sprintf("unexpected argv0 %q", os.Args[0]))
|
|
}
|
|
cmd.Err = nil
|
|
cmd.Path = os.Args[0]
|
|
|
|
if sandbox {
|
|
cmd.Args = append([]string{os.Args[0], "-test.run=TestHelperStub", "--"},
|
|
append(cmd.Args[:5], append([]string{"-test.run=TestHelperStub", "--"}, cmd.Args[5:]...)...)...)
|
|
cmd.Env = append(cmd.Env, "GO_TEST_FORTIFY_BWRAP_STUB_TYPE=dbus")
|
|
} else {
|
|
cmd.Args = append([]string{os.Args[0], "-test.run=TestHelperStub", "--"}, cmd.Args[1:]...)
|
|
}
|
|
}
|
|
output := new(strings.Builder)
|
|
|
|
t.Run("unsealed", func(t *testing.T) {
|
|
t.Run("string", func(t *testing.T) {
|
|
want := "(unsealed dbus proxy)"
|
|
if got := p.String(); got != want {
|
|
t.Errorf("String() = %v, want %v",
|
|
got, want)
|
|
return
|
|
}
|
|
})
|
|
|
|
t.Run("start", func(t *testing.T) {
|
|
want := "proxy not sealed"
|
|
if err := p.Start(context.Background(), nil, sandbox); err == nil || err.Error() != want {
|
|
t.Errorf("Start() error = %v, wantErr %q",
|
|
err, errors.New(want))
|
|
return
|
|
}
|
|
})
|
|
|
|
t.Run("wait", func(t *testing.T) {
|
|
wantErr := "dbus: not started"
|
|
if err := p.Wait(); err == nil || err.Error() != wantErr {
|
|
t.Errorf("Wait() error = %v, wantErr %v",
|
|
err, wantErr)
|
|
}
|
|
})
|
|
})
|
|
|
|
t.Run("seal with "+id, func(t *testing.T) {
|
|
if err := p.Seal(tc[0].c, tc[1].c); err != nil {
|
|
t.Errorf("Seal(%p, %p) error = %v, wantErr %v",
|
|
tc[0].c, tc[1].c,
|
|
err, tc[0].wantErr)
|
|
return
|
|
}
|
|
})
|
|
|
|
t.Run("sealed", func(t *testing.T) {
|
|
want := strings.Join(append(tc[0].want, tc[1].want...), " ")
|
|
if got := p.String(); got != want {
|
|
t.Errorf("String() = %v, want %v",
|
|
got, want)
|
|
return
|
|
}
|
|
|
|
t.Run("start", func(t *testing.T) {
|
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
|
defer cancel()
|
|
|
|
if err := p.Start(ctx, output, sandbox); err != nil {
|
|
t.Fatalf("Start(nil, nil) error = %v",
|
|
err)
|
|
}
|
|
|
|
t.Run("string", func(t *testing.T) {
|
|
wantSubstr := fmt.Sprintf("%s -test.run=TestHelperStub -- --args=3 --fd=4", os.Args[0])
|
|
if sandbox {
|
|
wantSubstr = fmt.Sprintf(
|
|
"%s -test.run=TestHelperStub -- bwrap --args 6 -- %s -test.run=TestHelperStub -- --args=3 --fd=4",
|
|
os.Args[0], os.Args[0],
|
|
)
|
|
}
|
|
if got := p.String(); !strings.Contains(got, wantSubstr) {
|
|
t.Errorf("String() = %v, want %v",
|
|
p.String(), wantSubstr)
|
|
return
|
|
}
|
|
})
|
|
|
|
t.Run("wait", func(t *testing.T) {
|
|
p.Close()
|
|
if err := p.Wait(); err != nil {
|
|
t.Errorf("Wait() error = %v\noutput: %s",
|
|
err, output.String())
|
|
}
|
|
})
|
|
})
|
|
})
|
|
})
|
|
}
|
|
}
|