sandboxed_api/sandbox2/examples/crc4/crc4sandbox_test.cc - platform/external/sandboxed-api - Git at Google

 // Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Unit tests for crc4sandbox example.

 #include <unistd.h>

 #include <string>

 #include <glog/logging.h>
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "sandboxed_api/sandbox2/util.h"
 #include "sandboxed_api/testing.h"
 #include "sandboxed_api/util/status_matchers.h"

 namespace sandbox2 {
 namespace {

 using ::sapi::GetTestSourcePath;
 using ::testing::Eq;
 using ::testing::StrEq;

 class CRC4Test : public ::testing::Test {
  protected:
   void SetUp() override {
     path_ = GetTestSourcePath("sandbox2/examples/crc4/crc4sandbox");
     util::CharPtrArrToVecString(environ, &env_);
   }

   std::string path_;
   std::vector<std::string> env_;
 };

 // Test that crc4sandbox works.
 TEST_F(CRC4Test, TestNormalOperation) {
   SKIP_SANITIZERS_AND_COVERAGE;
   std::string output;
   SAPI_ASSERT_OK_AND_ASSIGN(
       int exit_code,
       util::Communicate({path_, "-input", "ABCD"}, env_, &output));

   EXPECT_THAT(output, StrEq("0x44434241\n"));
   EXPECT_THAT(exit_code, Eq(0));
 }

 // Test that crc4sandbox protects against bugs, because only the sandboxee
 // will crash and break its communication with executor.
 TEST_F(CRC4Test, TestExploitAttempt) {
   SKIP_SANITIZERS_AND_COVERAGE;

   std::string output;
   SAPI_ASSERT_OK_AND_ASSIGN(
       int exit_code, util::Communicate({path_, "-input", std::string(128, 'A')},
                                        env_, &output));

   LOG(INFO) << "Output: " << output;
   EXPECT_THAT(exit_code, Eq(3));
 }

 // Test that if sandboxee calls a syscall that is not allowed by the policy,
 // it triggers a policy violation for the executor.
 TEST_F(CRC4Test, TestSyscallViolation) {
   SKIP_SANITIZERS_AND_COVERAGE;

   std::string output;
   SAPI_ASSERT_OK_AND_ASSIGN(
       int exit_code,
       util::Communicate({path_, "-input", "x", "-call_syscall_not_allowed"},
                         env_, &output));

   LOG(INFO) << "Output: " << output;
   EXPECT_THAT(exit_code, Eq(3));
 }

 }  // namespace
 }  // namespace sandbox2
	// Copyright 2019 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Unit tests for crc4sandbox example.

	#include <unistd.h>

	#include <string>

	#include <glog/logging.h>
	#include "gmock/gmock.h"
	#include "gtest/gtest.h"
	#include "sandboxed_api/sandbox2/util.h"
	#include "sandboxed_api/testing.h"
	#include "sandboxed_api/util/status_matchers.h"

	namespace sandbox2 {
	namespace {

	using ::sapi::GetTestSourcePath;
	using ::testing::Eq;
	using ::testing::StrEq;

	class CRC4Test : public ::testing::Test {
	protected:
	void SetUp() override {
	path_ = GetTestSourcePath("sandbox2/examples/crc4/crc4sandbox");
	util::CharPtrArrToVecString(environ, &env_);
	}

	std::string path_;
	std::vector<std::string> env_;
	};

	// Test that crc4sandbox works.
	TEST_F(CRC4Test, TestNormalOperation) {
	SKIP_SANITIZERS_AND_COVERAGE;
	std::string output;
	SAPI_ASSERT_OK_AND_ASSIGN(
	int exit_code,
	util::Communicate({path_, "-input", "ABCD"}, env_, &output));

	EXPECT_THAT(output, StrEq("0x44434241\n"));
	EXPECT_THAT(exit_code, Eq(0));
	}

	// Test that crc4sandbox protects against bugs, because only the sandboxee
	// will crash and break its communication with executor.
	TEST_F(CRC4Test, TestExploitAttempt) {
	SKIP_SANITIZERS_AND_COVERAGE;

	std::string output;
	SAPI_ASSERT_OK_AND_ASSIGN(
	int exit_code, util::Communicate({path_, "-input", std::string(128, 'A')},
	env_, &output));

	LOG(INFO) << "Output: " << output;
	EXPECT_THAT(exit_code, Eq(3));
	}

	// Test that if sandboxee calls a syscall that is not allowed by the policy,
	// it triggers a policy violation for the executor.
	TEST_F(CRC4Test, TestSyscallViolation) {
	SKIP_SANITIZERS_AND_COVERAGE;

	std::string output;
	SAPI_ASSERT_OK_AND_ASSIGN(
	int exit_code,
	util::Communicate({path_, "-input", "x", "-call_syscall_not_allowed"},
	env_, &output));

	LOG(INFO) << "Output: " << output;
	EXPECT_THAT(exit_code, Eq(3));
	}

	} // namespace
	} // namespace sandbox2