More tests

2025-11-27 16:12:22 +01:00
parent f9d8234e23
commit c1e64bb4ef
8 changed files with 129 additions and 0 deletions
--- a/tests/abs_path_ignore/.sloptrapignore
+++ b/tests/abs_path_ignore/.sloptrapignore
@@ -0,0 +1 @@
+/../outside.txt
--- a/tests/dotdot_ignore/.sloptrapignore
+++ b/tests/dotdot_ignore/.sloptrapignore
@@ -0,0 +1 @@
+../outside.txt
--- a/tests/invalid_allow_host_network/.sloptrap
+++ b/tests/invalid_allow_host_network/.sloptrap
@@ -0,0 +1,2 @@
+name=invalid-allow-host
+allow_host_network=maybe
--- a/tests/invalid_manifest_name/.sloptrap
+++ b/tests/invalid_manifest_name/.sloptrap
@@ -0,0 +1 @@
+name=bad/name
--- a/tests/invalid_manifest_packages/.sloptrap
+++ b/tests/invalid_manifest_packages/.sloptrap
@@ -0,0 +1,2 @@
+name=invalid-packages
+packages_extra=curl$bad
--- a/tests/invalid_manifest_sandbox/.sloptrap
+++ b/tests/invalid_manifest_sandbox/.sloptrap
@@ -0,0 +1,2 @@
+name=invalid-sandbox
+codex_args=--sandbox host
--- a/tests/outside.txt
+++ b/tests/outside.txt
@@ -0,0 +1 @@
+outside
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -306,6 +306,115 @@ run_resume_target() {
  teardown_stub_env
 }

+run_codex_symlink_home() {
+  local scenario_dir
+  scenario_dir=$(cd "$TEST_ROOT/resume_target" && pwd -P)
+  printf '==> codex_symlink_home\n'
+  local tmp_home
+  tmp_home=$(mktemp -d)
+  ln -s /etc "$tmp_home/.codex"
+  if HOME="$tmp_home" "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "codex_symlink_home: expected rejection when ~/.codex is a symlink"
+  fi
+  rm -rf "$tmp_home"
+}
+
+run_root_directory_project() {
+  printf '==> root_directory_project\n'
+  local tmp_home
+  tmp_home=$(mktemp -d)
+  if HOME="$tmp_home" "$SLOPTRAP_BIN" --dry-run / >/dev/null 2>&1; then
+    record_failure "root_directory_project: expected rejection for '/' project root"
+  fi
+  rm -rf "$tmp_home"
+}
+
+run_shared_dir_override() {
+  local scenario_dir
+  scenario_dir=$(cd "$TEST_ROOT/resume_target" && pwd -P)
+  printf '==> shared_dir_override\n'
+  setup_stub_env
+  local bogus_shared
+  bogus_shared=$(mktemp -d)
+  if ! PATH="$STUB_BIN:$PATH" HOME="$STUB_HOME" FAKE_PODMAN_LOG="$STUB_LOG" \
+    SLOPTRAP_SHARED_DIR="$bogus_shared" FAKE_PODMAN_INSPECT_FAIL=1 \
+    "$SLOPTRAP_BIN" "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "shared_dir_override: sloptrap exited non-zero"
+    teardown_stub_env
+    rm -rf "$bogus_shared"
+    return
+  fi
+  if grep -q "$bogus_shared" "$STUB_LOG"; then
+    record_failure "shared_dir_override: respected SLOPTRAP_SHARED_DIR override"
+  fi
+  if ! grep -q -- "-v ${scenario_dir}:/workspace" "$STUB_LOG"; then
+    record_failure "shared_dir_override: missing expected project bind mount"
+  fi
+  teardown_stub_env
+  rm -rf "$bogus_shared"
+}
+
+run_packages_env_validation() {
+  local scenario_dir
+  scenario_dir=$(cd "$TEST_ROOT/resume_target" && pwd -P)
+  printf '==> packages_env_validation\n'
+  local tmp_home
+  tmp_home=$(mktemp -d)
+  if HOME="$tmp_home" SLOPTRAP_PACKAGES='curl";touch /tmp/pwn #' \
+    "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "packages_env_validation: expected rejection of invalid SLOPTRAP_PACKAGES"
+  fi
+  rm -rf "$tmp_home"
+}
+
+run_abs_path_ignore() {
+  local scenario_dir="$TEST_ROOT/abs_path_ignore"
+  printf '==> abs_path_ignore\n'
+  if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "abs_path_ignore: expected rejection for anchored parent traversal entry"
+  fi
+}
+
+run_dotdot_ignore() {
+  local scenario_dir="$TEST_ROOT/dotdot_ignore"
+  printf '==> dotdot_ignore\n'
+  if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "dotdot_ignore: expected rejection for parent traversal entry"
+  fi
+}
+
+run_invalid_manifest_name() {
+  local scenario_dir="$TEST_ROOT/invalid_manifest_name"
+  printf '==> invalid_manifest_name\n'
+  if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "invalid_manifest_name: expected rejection for illegal name"
+  fi
+}
+
+run_invalid_manifest_sandbox() {
+  local scenario_dir="$TEST_ROOT/invalid_manifest_sandbox"
+  printf '==> invalid_manifest_sandbox\n'
+  if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "invalid_manifest_sandbox: expected rejection for sandbox mode"
+  fi
+}
+
+run_invalid_manifest_packages() {
+  local scenario_dir="$TEST_ROOT/invalid_manifest_packages"
+  printf '==> invalid_manifest_packages\n'
+  if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "invalid_manifest_packages: expected rejection for bad packages"
+  fi
+}
+
+run_invalid_allow_host_network() {
+  local scenario_dir="$TEST_ROOT/invalid_allow_host_network"
+  printf '==> invalid_allow_host_network\n'
+  if "$SLOPTRAP_BIN" --dry-run "$scenario_dir" >/dev/null 2>&1; then
+    record_failure "invalid_allow_host_network: expected rejection for invalid value"
+  fi
+}
+
 run_shellcheck
 run_mount_injection
 run_root_target
@@ -314,6 +423,16 @@ run_manifest_injection
 run_helper_symlink
 run_secret_mask
 run_resume_target
+run_codex_symlink_home
+run_root_directory_project
+run_shared_dir_override
+run_packages_env_validation
+run_abs_path_ignore
+run_dotdot_ignore
+run_invalid_manifest_name
+run_invalid_manifest_sandbox
+run_invalid_manifest_packages
+run_invalid_allow_host_network

 if [[ ${#failures[@]} -gt 0 ]]; then
  printf '\nTest failures:\n'