napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[shellprocess] Expand tests

Browse Source 
These tests run (shell) commands as part of the test; this may be
a security problem, although I've tried to do things safely.
This commit is contained in:
Adriaan de Groot 2018-05-23 13:49:23 -04:00
parent 87b9c42158
commit d3e57e9c9f
1 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/modules/shellprocess/Tests.cpp
View File

@ -18,6 +18,7 @@
#include "Tests.h" #include "Tests.h"
#include "GlobalStorage.h"
#include "JobQueue.h" #include "JobQueue.h"
#include "Settings.h" #include "Settings.h"
@ -160,7 +161,19 @@ void ShellProcessTests::testRootSubstitution()
script: script:
- "ls /tmp" - "ls /tmp"
)" ); )" );
QVariant script = CalamaresUtils::yamlMapToVariant( doc ).toMap().value( "script" ); QVariant plainScript = CalamaresUtils::yamlMapToVariant( doc ).toMap().value( "script" );
QVariant rootScript = CalamaresUtils::yamlMapToVariant(
YAML::Load( R"(---
script:
- "ls @@ROOT@@"
)" ) ).toMap().value( "script" );
QVariant userScript = CalamaresUtils::yamlMapToVariant(
YAML::Load( R"(---
script:
- mktemp -d @@ROOT@@/calatestXXXXXXXX
- "chown @@USER@@ @@ROOT@@/calatest*"
- rm -rf @@ROOT@@/calatest*
)" ) ).toMap().value( "script" );
if ( !Calamares::JobQueue::instance() ) if ( !Calamares::JobQueue::instance() )
(void *)new Calamares::JobQueue( nullptr ); (void *)new Calamares::JobQueue( nullptr );
@ -170,9 +183,31 @@ script:
Calamares::GlobalStorage* gs = Calamares::JobQueue::instance()->globalStorage(); Calamares::GlobalStorage* gs = Calamares::JobQueue::instance()->globalStorage();
QVERIFY( gs != nullptr ); QVERIFY( gs != nullptr );
qDebug() << "Expect WARNING, ERROR, WARNING";
// Doesn't use @@ROOT@@, so no failures // Doesn't use @@ROOT@@, so no failures
QVERIFY( bool(CommandList(script, false, 10 ).run()) ); QVERIFY( bool(CommandList(plainScript, false, 10 ).run()) );
// Doesn't use @@ROOT@@, but does chroot, so fails // Doesn't use @@ROOT@@, but does chroot, so fails
QVERIFY( !bool(CommandList(script, true, 10 ).run()) ); QVERIFY( !bool(CommandList(plainScript, true, 10 ).run()) );
// Does use @@ROOT@@, which is not set, so fails
QVERIFY( !bool(CommandList(rootScript, false, 10 ).run()) );
// .. fails for two reasons
QVERIFY( !bool(CommandList(rootScript, true, 10 ).run()) );
gs->insert( "rootMountPoint", "/tmp" );
// Now that the root is set, two variants work .. still can't
// chroot, unless the rootMountPoint contains a full system,
// *and* we're allowed to chroot (ie. running tests as root).
qDebug() << "Expect no output.";
QVERIFY( bool(CommandList(plainScript, false, 10 ).run()) );
QVERIFY( bool(CommandList(rootScript, false, 10 ).run()) );
qDebug() << "Expect ERROR";
// But no user set yet
QVERIFY( !bool(CommandList(userScript, false, 10 ).run()) );
// Now play dangerous games with shell expansion
gs->insert( "username", "`id -u`" );
QVERIFY( bool(CommandList(userScript, false, 10 ).run()) );
} }