Add a wizzard to configure .sloptrap files
This commit is contained in:
Samuel Aubertin
@@ -208,7 +208,7 @@ run_mount_injection() {
|
||||
setup_stub_env
|
||||
rm -rf "$scenario_dir/.sloptrap-ignores"
|
||||
if ! PATH="$STUB_BIN:$PATH" HOME="$STUB_HOME" FAKE_PODMAN_LOG="$STUB_LOG" FAKE_PODMAN_INSPECT_FAIL=1 \
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" >/dev/null 2>&1; then
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "mount_injection: sloptrap exited non-zero"
|
||||
teardown_stub_env
|
||||
return
|
||||
@@ -233,7 +233,7 @@ run_mount_injection() {
|
||||
run_root_target() {
|
||||
local scenario_dir="$TEST_ROOT/root_target"
|
||||
printf '==> root_target\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "root_target: expected rejection for project-root mask"
|
||||
return
|
||||
fi
|
||||
@@ -244,7 +244,7 @@ run_symlink_escape() {
|
||||
printf '==> symlink_escape\n'
|
||||
local secret_path="$ROOT_DIR/secrets.txt"
|
||||
touch "$secret_path"
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "symlink_escape: expected failure for symlink escape"
|
||||
rm -f "$secret_path"
|
||||
return
|
||||
@@ -255,7 +255,7 @@ run_symlink_escape() {
|
||||
run_manifest_injection() {
|
||||
local scenario_dir="$TEST_ROOT/manifest_injection"
|
||||
printf '==> manifest_injection\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "manifest_injection: expected rejection of bad make override"
|
||||
return
|
||||
fi
|
||||
@@ -264,10 +264,10 @@ run_manifest_injection() {
|
||||
run_helper_symlink() {
|
||||
local scenario_dir="$TEST_ROOT/helper_symlink"
|
||||
printf '==> helper_symlink\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "helper_symlink: expected rejection when helper directory is a symlink"
|
||||
fi
|
||||
if "$SLOPTRAP_BIN" "$scenario_dir" clean >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" "$scenario_dir" clean </dev/null >/dev/null 2>&1; then
|
||||
record_failure "helper_symlink: expected rejection for clean when helper directory is a symlink"
|
||||
fi
|
||||
}
|
||||
@@ -281,7 +281,7 @@ run_secret_mask() {
|
||||
FAKE_PODMAN_INSPECT_FAIL=1 SECRET_MASK_VERIFY=1 \
|
||||
SECRET_MASK_EXPECTED_TARGET="${custom_workdir}/secret.txt" \
|
||||
SLOPTRAP_WORKDIR="$custom_workdir" \
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" >/dev/null 2>&1; then
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "secret_mask: masking check failed"
|
||||
teardown_stub_env
|
||||
return
|
||||
@@ -295,7 +295,7 @@ run_resume_target() {
|
||||
setup_stub_env
|
||||
local session_id="019a81b7-32d2-7622-8639-6698c6579625"
|
||||
if ! PATH="$STUB_BIN:$PATH" HOME="$STUB_HOME" FAKE_PODMAN_LOG="$STUB_LOG" \
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" resume "$session_id" >/dev/null 2>&1; then
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" resume "$session_id" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "resume_target: sloptrap exited non-zero"
|
||||
teardown_stub_env
|
||||
return
|
||||
@@ -313,7 +313,7 @@ run_codex_symlink_home() {
|
||||
local tmp_home
|
||||
tmp_home=$(mktemp -d)
|
||||
ln -s /etc "$tmp_home/.codex"
|
||||
if HOME="$tmp_home" "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if HOME="$tmp_home" "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "codex_symlink_home: expected rejection when ~/.codex is a symlink"
|
||||
fi
|
||||
rm -rf "$tmp_home"
|
||||
@@ -323,7 +323,7 @@ run_root_directory_project() {
|
||||
printf '==> root_directory_project\n'
|
||||
local tmp_home
|
||||
tmp_home=$(mktemp -d)
|
||||
if HOME="$tmp_home" "$SLOPTRAP_BIN" --dry-run / >/dev/null 2>&1; then
|
||||
if HOME="$tmp_home" "$SLOPTRAP_BIN" --dry-run / </dev/null >/dev/null 2>&1; then
|
||||
record_failure "root_directory_project: expected rejection for '/' project root"
|
||||
fi
|
||||
rm -rf "$tmp_home"
|
||||
@@ -338,7 +338,7 @@ run_shared_dir_override() {
|
||||
bogus_shared=$(mktemp -d)
|
||||
if ! PATH="$STUB_BIN:$PATH" HOME="$STUB_HOME" FAKE_PODMAN_LOG="$STUB_LOG" \
|
||||
SLOPTRAP_SHARED_DIR="$bogus_shared" FAKE_PODMAN_INSPECT_FAIL=1 \
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" >/dev/null 2>&1; then
|
||||
"$SLOPTRAP_BIN" "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "shared_dir_override: sloptrap exited non-zero"
|
||||
teardown_stub_env
|
||||
rm -rf "$bogus_shared"
|
||||
@@ -361,7 +361,7 @@ run_packages_env_validation() {
|
||||
local tmp_home
|
||||
tmp_home=$(mktemp -d)
|
||||
if HOME="$tmp_home" SLOPTRAP_PACKAGES='curl";touch /tmp/pwn #' \
|
||||
"$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
"$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "packages_env_validation: expected rejection of invalid SLOPTRAP_PACKAGES"
|
||||
fi
|
||||
rm -rf "$tmp_home"
|
||||
@@ -370,7 +370,7 @@ run_packages_env_validation() {
|
||||
run_abs_path_ignore() {
|
||||
local scenario_dir="$TEST_ROOT/abs_path_ignore"
|
||||
printf '==> abs_path_ignore\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "abs_path_ignore: expected rejection for anchored parent traversal entry"
|
||||
fi
|
||||
}
|
||||
@@ -378,7 +378,7 @@ run_abs_path_ignore() {
|
||||
run_dotdot_ignore() {
|
||||
local scenario_dir="$TEST_ROOT/dotdot_ignore"
|
||||
printf '==> dotdot_ignore\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "dotdot_ignore: expected rejection for parent traversal entry"
|
||||
fi
|
||||
}
|
||||
@@ -386,7 +386,7 @@ run_dotdot_ignore() {
|
||||
run_invalid_manifest_name() {
|
||||
local scenario_dir="$TEST_ROOT/invalid_manifest_name"
|
||||
printf '==> invalid_manifest_name\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "invalid_manifest_name: expected rejection for illegal name"
|
||||
fi
|
||||
}
|
||||
@@ -394,7 +394,7 @@ run_invalid_manifest_name() {
|
||||
run_invalid_manifest_sandbox() {
|
||||
local scenario_dir="$TEST_ROOT/invalid_manifest_sandbox"
|
||||
printf '==> invalid_manifest_sandbox\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "invalid_manifest_sandbox: expected rejection for sandbox mode"
|
||||
fi
|
||||
}
|
||||
@@ -402,7 +402,7 @@ run_invalid_manifest_sandbox() {
|
||||
run_invalid_manifest_packages() {
|
||||
local scenario_dir="$TEST_ROOT/invalid_manifest_packages"
|
||||
printf '==> invalid_manifest_packages\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "invalid_manifest_packages: expected rejection for bad packages"
|
||||
fi
|
||||
}
|
||||
@@ -410,11 +410,92 @@ run_invalid_manifest_packages() {
|
||||
run_invalid_allow_host_network() {
|
||||
local scenario_dir="$TEST_ROOT/invalid_allow_host_network"
|
||||
printf '==> invalid_allow_host_network\n'
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
|
||||
if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" </dev/null >/dev/null 2>&1; then
|
||||
record_failure "invalid_allow_host_network: expected rejection for invalid value"
|
||||
fi
|
||||
}
|
||||
|
||||
run_wizzard_create_manifest() {
|
||||
local scenario_dir="$TEST_ROOT/wizzard_empty"
|
||||
printf '==> wizzard_create_manifest\n'
|
||||
if ! command -v script >/dev/null 2>&1; then
|
||||
printf 'skipping wizzard_create_manifest: script binary not found in PATH\n'
|
||||
return
|
||||
fi
|
||||
rm -f "$scenario_dir/.sloptrap"
|
||||
local input=$'\n\n\n\n\n'
|
||||
if ! printf '%s' "$input" | script -q -c "$SLOPTRAP_BIN \"$scenario_dir\" wizzard" /dev/null >/dev/null 2>&1; then
|
||||
record_failure "wizzard_create_manifest: wizzard failed"
|
||||
return
|
||||
fi
|
||||
if [[ ! -f $scenario_dir/.sloptrap ]]; then
|
||||
record_failure "wizzard_create_manifest: manifest not created"
|
||||
return
|
||||
fi
|
||||
if ! grep -qx "name=wizzard_empty" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_create_manifest: name default mismatch"
|
||||
fi
|
||||
if ! grep -qx "packages_extra=" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_create_manifest: packages_extra mismatch"
|
||||
fi
|
||||
if ! grep -qx "codex_args=--sandbox danger-full-access --ask-for-approval never" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_create_manifest: codex_args mismatch"
|
||||
fi
|
||||
if ! grep -qx "allow_host_network=false" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_create_manifest: allow_host_network mismatch"
|
||||
fi
|
||||
}
|
||||
|
||||
run_wizzard_existing_defaults() {
|
||||
local scenario_dir="$TEST_ROOT/wizzard_existing"
|
||||
printf '==> wizzard_existing_defaults\n'
|
||||
if ! command -v script >/dev/null 2>&1; then
|
||||
printf 'skipping wizzard_existing_defaults: script binary not found in PATH\n'
|
||||
return
|
||||
fi
|
||||
local input=$'\n\n\n\n\n'
|
||||
if ! printf '%s' "$input" | script -q -c "$SLOPTRAP_BIN \"$scenario_dir\" wizzard" /dev/null >/dev/null 2>&1; then
|
||||
record_failure "wizzard_existing_defaults: wizzard failed"
|
||||
return
|
||||
fi
|
||||
if ! grep -qx "name=custom-wizzard" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_existing_defaults: name not preserved"
|
||||
fi
|
||||
if ! grep -qx "packages_extra=make git" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_existing_defaults: packages_extra not preserved"
|
||||
fi
|
||||
if ! grep -qx "codex_args=--sandbox workspace-write --ask-for-approval on-request" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_existing_defaults: codex_args not preserved"
|
||||
fi
|
||||
if ! grep -qx "allow_host_network=true" "$scenario_dir/.sloptrap"; then
|
||||
record_failure "wizzard_existing_defaults: allow_host_network not preserved"
|
||||
fi
|
||||
}
|
||||
|
||||
run_wizzard_build_trigger() {
|
||||
local scenario_dir="$TEST_ROOT/wizzard_build"
|
||||
printf '==> wizzard_build_trigger\n'
|
||||
if ! command -v script >/dev/null 2>&1; then
|
||||
printf 'skipping wizzard_build_trigger: script binary not found in PATH\n'
|
||||
return
|
||||
fi
|
||||
setup_stub_env
|
||||
rm -f "$scenario_dir/.sloptrap"
|
||||
local input=$'\n\n\n\n\n'
|
||||
if ! printf '%s' "$input" | script -q -c "env PATH=\"$STUB_BIN:$PATH\" HOME=\"$STUB_HOME\" FAKE_PODMAN_LOG=\"$STUB_LOG\" FAKE_PODMAN_INSPECT_FAIL=1 \"$SLOPTRAP_BIN\" \"$scenario_dir\"" /dev/null >/dev/null 2>&1; then
|
||||
record_failure "wizzard_build_trigger: sloptrap failed"
|
||||
teardown_stub_env
|
||||
return
|
||||
fi
|
||||
if [[ ! -f $scenario_dir/.sloptrap ]]; then
|
||||
record_failure "wizzard_build_trigger: manifest not created"
|
||||
fi
|
||||
if ! grep -q -- "FAKE PODMAN: build " "$STUB_LOG"; then
|
||||
record_failure "wizzard_build_trigger: build not invoked after wizard"
|
||||
fi
|
||||
teardown_stub_env
|
||||
}
|
||||
|
||||
run_shellcheck
|
||||
run_mount_injection
|
||||
run_root_target
|
||||
@@ -433,6 +514,9 @@ run_invalid_manifest_name
|
||||
run_invalid_manifest_sandbox
|
||||
run_invalid_manifest_packages
|
||||
run_invalid_allow_host_network
|
||||
run_wizzard_create_manifest
|
||||
run_wizzard_existing_defaults
|
||||
run_wizzard_build_trigger
|
||||
|
||||
if [[ ${#failures[@]} -gt 0 ]]; then
|
||||
printf '\nTest failures:\n'
|
||||
|
||||
Reference in New Issue
Block a user