[shellprocess] Expand tests

These tests run (shell) commands as part of the test; this may be a security problem, although I've tried to do things safely.
2018-05-23 13:49:23 -04:00 · 2018-05-23 13:49:23 -04:00 · d3e57e9c9f
commit d3e57e9c9f
parent 87b9c42158
1 changed files with 38 additions and 3 deletions
--- a/src/modules/shellprocess/Tests.cpp
+++ b/src/modules/shellprocess/Tests.cpp
@ -18,6 +18,7 @@

 #include "Tests.h"

+#include "GlobalStorage.h"
 #include "JobQueue.h"
 #include "Settings.h"

@ -160,7 +161,19 @@ void ShellProcessTests::testRootSubstitution()
 script:
    - "ls /tmp"
 )" );
-    QVariant script = CalamaresUtils::yamlMapToVariant( doc ).toMap().value( "script" );
+    QVariant plainScript = CalamaresUtils::yamlMapToVariant( doc ).toMap().value( "script" );
+    QVariant rootScript = CalamaresUtils::yamlMapToVariant(
+        YAML::Load( R"(---
+script:
+    - "ls @@ROOT@@"
+)" ) ).toMap().value( "script" );
+    QVariant userScript = CalamaresUtils::yamlMapToVariant(
+        YAML::Load( R"(---
+script:
+    - mktemp -d @@ROOT@@/calatestXXXXXXXX
+    - "chown @@USER@@ @@ROOT@@/calatest*"
+    - rm -rf @@ROOT@@/calatest*
+)" ) ).toMap().value( "script" );

    if ( !Calamares::JobQueue::instance() )
        (void *)new Calamares::JobQueue( nullptr );
@ -170,9 +183,31 @@ script:
    Calamares::GlobalStorage* gs = Calamares::JobQueue::instance()->globalStorage();
    QVERIFY( gs != nullptr );

+    qDebug() << "Expect WARNING, ERROR, WARNING";
    // Doesn't use @@ROOT@@, so no failures
-    QVERIFY( bool(CommandList(script, false, 10 ).run()) );
+    QVERIFY( bool(CommandList(plainScript, false, 10 ).run()) );

    // Doesn't use @@ROOT@@, but does chroot, so fails
-    QVERIFY( !bool(CommandList(script, true, 10 ).run()) );
+    QVERIFY( !bool(CommandList(plainScript, true, 10 ).run()) );
+
+    // Does use @@ROOT@@, which is not set, so fails
+    QVERIFY( !bool(CommandList(rootScript, false, 10 ).run()) );
+    // .. fails for two reasons
+    QVERIFY( !bool(CommandList(rootScript, true, 10 ).run()) );
+
+    gs->insert( "rootMountPoint", "/tmp" );
+    // Now that the root is set, two variants work .. still can't
+    // chroot, unless the rootMountPoint contains a full system,
+    // *and* we're allowed to chroot (ie. running tests as root).
+    qDebug() << "Expect no output.";
+    QVERIFY( bool(CommandList(plainScript, false, 10 ).run()) );
+    QVERIFY( bool(CommandList(rootScript, false, 10 ).run()) );
+
+    qDebug() << "Expect ERROR";
+    // But no user set yet
+    QVERIFY( !bool(CommandList(userScript, false, 10 ).run()) );
+
+    // Now play dangerous games with shell expansion
+    gs->insert( "username", "`id -u`" );
+    QVERIFY( bool(CommandList(userScript, false, 10 ).run()) );
 }