Domů Procházet Nápověda
Přihlásit se
themusicgod1
/
MediaWiki
rozštěpen z LinusTuring/MediaWiki
Sledovat 1
Oblíbit 0
Rozštěpit 0
Soubory
Strom: 85686c24e4
Větve Značky
MediaWiki
/
tests
/
phpunit
/
includes
/
shell
/
FirejailCommandTest.php

FirejailCommandTest.php 2.8 KB
Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Copyright (C) 2017 Kunal Mehta <legoktm@member.fsf.org>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License as published by
    8. 

  8.  * the Free Software Foundation; either version 2 of the License, or
    9. 

  9.  * (at your option) any later version.
    10. 

  10.  *
    11. 

  11.  * This program is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.  * GNU General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU General Public License along
    17. 

  17.  * with this program; if not, write to the Free Software Foundation, Inc.,
    18. 

  18.  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    19. 

  19.  *
    20. 

  20.  */
    21. 

  21. 

  22. use MediaWiki\Shell\FirejailCommand;
    23. 

  23. use MediaWiki\Shell\Shell;
    24. 

  24. use Wikimedia\TestingAccessWrapper;
    25. 

  25. 

  26. class FirejailCommandTest extends PHPUnit\Framework\TestCase {
    27. 

  27. 

  28. 	use MediaWikiCoversValidator;
    29. 

  29. 

  30. 	public function provideBuildFinalCommand() {
    31. 

  31. 		global $IP;
    32. 

  32. 		// phpcs:ignore Generic.Files.LineLength
    33. 

  33. 		$env = "'MW_INCLUDE_STDERR=;MW_CPU_LIMIT=180; MW_CGROUP='\'''\''; MW_MEM_LIMIT=307200; MW_FILE_SIZE_LIMIT=102400; MW_WALL_CLOCK_LIMIT=180; MW_USE_LOG_PIPE=yes'";
    34. 

  34. 		$limit = "/bin/bash '$IP/includes/shell/limit.sh'";
    35. 

  35. 		$profile = "--profile=$IP/includes/shell/firejail.profile";
    36. 

  36. 		$blacklist = '--blacklist=' . realpath( MW_CONFIG_FILE );
    37. 

  37. 		$default = "$blacklist --noroot --seccomp --private-dev";
    38. 

  38. 		return [
    39. 

  39. 			[
    40. 

  40. 				'No restrictions',
    41. 

  41. 				'ls', 0, "$limit ''\''ls'\''' $env"
    42. 

  42. 			],
    43. 

  43. 			[
    44. 

  44. 				'default restriction',
    45. 

  45. 				'ls', Shell::RESTRICT_DEFAULT,
    46. 

  46. 				"$limit 'firejail --quiet $profile $default -- '\''ls'\''' $env"
    47. 

  47. 			],
    48. 

  48. 			[
    49. 

  49. 				'no network',
    50. 

  50. 				'ls', Shell::NO_NETWORK,
    51. 

  51. 				"$limit 'firejail --quiet $profile --net=none -- '\''ls'\''' $env"
    52. 

  52. 			],
    53. 

  53. 			[
    54. 

  54. 				'default restriction & no network',
    55. 

  55. 				'ls', Shell::RESTRICT_DEFAULT | Shell::NO_NETWORK,
    56. 

  56. 				"$limit 'firejail --quiet $profile $default --net=none -- '\''ls'\''' $env"
    57. 

  57. 			],
    58. 

  58. 			[
    59. 

  59. 				'seccomp',
    60. 

  60. 				'ls', Shell::SECCOMP,
    61. 

  61. 				"$limit 'firejail --quiet $profile --seccomp -- '\''ls'\''' $env"
    62. 

  62. 			],
    63. 

  63. 			[
    64. 

  64. 				'seccomp & no execve',
    65. 

  65. 				'ls', Shell::SECCOMP | Shell::NO_EXECVE,
    66. 

  66. 				"$limit 'firejail --quiet $profile --shell=none --seccomp=execve -- '\''ls'\''' $env"
    67. 

  67. 			],
    68. 

  68. 		];
    69. 

  69. 	}
    70. 

  70. 

  71. 	/**
    72. 

  72. 	 * @covers \MediaWiki\Shell\FirejailCommand::buildFinalCommand()
    73. 

  73. 	 * @dataProvider provideBuildFinalCommand
    74. 

  74. 	 */
    75. 

  75. 	public function testBuildFinalCommand( $desc, $params, $flags, $expected ) {
    76. 

  76. 		$command = new FirejailCommand( 'firejail' );
    77. 

  77. 		$command
    78. 

  78. 			->params( $params )
    79. 

  79. 			->restrict( $flags );
    80. 

  80. 		$wrapper = TestingAccessWrapper::newFromObject( $command );
    81. 

  81. 		$output = $wrapper->buildFinalCommand( $wrapper->command );
    82. 

  82. 		$this->assertEquals( $expected, $output[0], $desc );
    83. 

  83. 	}
    84. 

  84. 

  85. }
    86. 

  86.