From 13ef7fba2bdf48319f68a7362779c41edae19651 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 20 Nov 2016 21:23:10 -0500 Subject: testing --- test/environment/dns.exp | 47 ++++++++++++------------ test/fs/fs.sh | 3 ++ test/fs/user-dirs.dirs | 15 ++++++++ test/fs/whitelist-downloads.exp | 49 +++++++++++++++++++++++++ test/utils/audit.exp | 79 +++++++++++++++++++++++++++++++++++++++++ test/utils/utils.sh | 3 ++ 6 files changed, 174 insertions(+), 22 deletions(-) create mode 100644 test/fs/user-dirs.dirs create mode 100755 test/fs/whitelist-downloads.exp create mode 100755 test/utils/audit.exp diff --git a/test/environment/dns.exp b/test/environment/dns.exp index a6a7171eb..40403aade 100755 --- a/test/environment/dns.exp +++ b/test/environment/dns.exp @@ -4,6 +4,31 @@ set timeout 30 spawn $env(SHELL) match_max 100000 +send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r" +expect { + timeout {puts "TESTING ERROR 2.1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "cat /etc/resolv.conf\r" +expect { + timeout {puts "TESTING ERROR 2.2\n";exit} + "nameserver 8.8.4.4" +} +expect { + timeout {puts "TESTING ERROR 2.3\n";exit} + "nameserver 8.8.8.8" +} +expect { + timeout {puts "TESTING ERROR 2.4\n";exit} + "nameserver 4.2.2.1" +} +after 100 +send -- "exit\r" +after 100 + + # no chroot send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r" expect { @@ -27,28 +52,6 @@ after 100 send -- "rm index.html\r" after 100 send -- "exit\r" -sleep 1 - -send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r" -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "cat /etc/resolv.conf\r" -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - "nameserver 8.8.4.4" -} -expect { - timeout {puts "TESTING ERROR 2.3\n";exit} - "nameserver 8.8.8.8" -} -expect { - timeout {puts "TESTING ERROR 2.4\n";exit} - "nameserver 4.2.2.1" -} after 100 puts "\nall done\n" diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 1c5473f79..d9a425661 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -61,6 +61,9 @@ echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" echo "TESTING: private whitelist (test/fs/private-whitelist.exp)" ./private-whitelist.exp +echo "TESTING: whitelist ~/Downloads (test/fs/whitelist-downloads.exp)" +./whitelist-downloads.exp + echo "TESTING: invalid filename (test/fs/invalid_filename.exp)" ./invalid_filename.exp diff --git a/test/fs/user-dirs.dirs b/test/fs/user-dirs.dirs new file mode 100644 index 000000000..0d19da4e4 --- /dev/null +++ b/test/fs/user-dirs.dirs @@ -0,0 +1,15 @@ +# This file is written by xdg-user-dirs-update +# If you want to change or add directories, just edit the line you're +# interested in. All local changes will be retained on the next run +# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped +# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an +# absolute path. No other format is supported. +# +XDG_DESKTOP_DIR="$HOME/Desktop" +XDG_DOWNLOAD_DIR="$HOME/Downloads" +XDG_TEMPLATES_DIR="$HOME/Templates" +XDG_PUBLICSHARE_DIR="$HOME/Public" +XDG_DOCUMENTS_DIR="$HOME/Documents" +XDG_MUSIC_DIR="$HOME/Music" +XDG_PICTURES_DIR="$HOME/Pictures" +XDG_VIDEOS_DIR="$HOME/Videos" diff --git a/test/fs/whitelist-downloads.exp b/test/fs/whitelist-downloads.exp new file mode 100755 index 000000000..6af318d2b --- /dev/null +++ b/test/fs/whitelist-downloads.exp @@ -0,0 +1,49 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "cp user-dirs.dirs /tmp/.\r" +after 100 + +send -- "firejail --private --noprofile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +after 100 + +send -- "firejail --force --profile=/etc/firejail/firefox.profile\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "cannot whitelist Downloads directory" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +after 100 + +send -- "exit\r" +after 100 + +send -- "cp /tmp/user-dirs.dirs ~/.config/.\r" +after 100 + +send -- "firejail --force --profile=/etc/firejail/firefox.profile\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "cannot whitelist Downloads directory" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +after 100 + +puts "\nall done\n" + diff --git a/test/utils/audit.exp b/test/utils/audit.exp new file mode 100755 index 000000000..931b46981 --- /dev/null +++ b/test/utils/audit.exp @@ -0,0 +1,79 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --audit\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Firejail Audit" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "is running in a PID namespace" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "container/sandbox firejail" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "seccomp BPF enabled" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "all capabilities are disabled" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "dev directory seems to be fully populated" +} +after 100 + + +send -- "firejail --audit=/usr/lib/firejail/faudit\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Firejail Audit" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "is running in a PID namespace" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "container/sandbox firejail" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "seccomp BPF enabled" +} +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "all capabilities are disabled" +} +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "dev directory seems to be fully populated" +} +after 100 + +send -- "firejail --audit=blablabla\r" +expect { + timeout {puts "TESTING ERROR 12\n";exit} + "cannot find the audit program" +} +after 100 + +send -- "firejail --audit=\r" +expect { + timeout {puts "TESTING ERROR 12\n";exit} + "invalid audit program" +} +after 100 + +puts "\nall done\n" diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 804e5ae0f..04702597f 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh @@ -6,6 +6,9 @@ export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) +echo "TESTING: audit (test/utils/audit.exp)" +./audit.exp + echo "TESTING: version (test/utils/version.exp)" ./version.exp -- cgit v1.2.3-54-g00ecf