From 1fb1bfe20fbde64d769e846b1581ce021d03e864 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 1 Apr 2018 07:48:11 -0400 Subject: testing --- src/fnetfilter/main.c | 41 ++++----- test/environment/csh.exp | 14 +++ test/environment/zsh.exp | 14 +++ test/network/netfilter-template.exp | 23 +++++ test/utils/audit.exp | 60 +++++++++++++ test/utils/command.exp | 23 +++++ test/utils/name.exp | 174 ++++++++++++++++++++++++++++++++++++ test/utils/profile_print.exp | 27 ++++++ test/utils/utils.sh | 9 ++ 9 files changed, 361 insertions(+), 24 deletions(-) create mode 100755 test/utils/command.exp create mode 100755 test/utils/name.exp create mode 100755 test/utils/profile_print.exp diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c index 828b30d40..ba58ba3c9 100644 --- a/src/fnetfilter/main.c +++ b/src/fnetfilter/main.c @@ -50,19 +50,20 @@ static void usage(void) { printf("\tfnetfilter netfilter-command destination-file\n"); } +static void err_exit_cannot_open_file(const char *fname) { + fprintf(stderr, "Error fnetfilter: cannot open %s\n", fname); + exit(1); +} + static void copy(const char *src, const char *dest) { FILE *fp1 = fopen(src, "r"); - if (!fp1) { - fprintf(stderr, "Error fnetfilter: cannot open %s\n", src); - exit(1); - } + if (!fp1) + err_exit_cannot_open_file(src); FILE *fp2 = fopen(dest, "w"); - if (!fp2) { - fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest); - exit(1); - } + if (!fp2) + err_exit_cannot_open_file(dest); char buf[MAXBUF]; while (fgets(buf, MAXBUF, fp1)) @@ -106,16 +107,12 @@ for (i = 0; i < argcnt; i++) // open the files FILE *fp1 = fopen(src, "r"); - if (!fp1) { - fprintf(stderr, "Error fnetfilter: cannot open %s\n", src); - exit(1); - } + if (!fp1) + err_exit_cannot_open_file(src); FILE *fp2 = fopen(dest, "w"); - if (!fp2) { - fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest); - exit(1); - } + if (!fp2) + err_exit_cannot_open_file(dest); int line = 0; char buf[MAXBUF]; @@ -186,19 +183,15 @@ printf("\n"); //printf("destfile %s\n", destfile); // destfile is a real filename int len = strlen(destfile); - if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) { - fprintf(stderr, "Error fnetfilter: invalid destination file in netfilter command\n"); - exit(1); - } + if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) + err_exit_cannot_open_file(destfile); // handle default config (command = NULL, destfile) if (command == NULL) { // create a default filter file FILE *fp = fopen(destfile, "w"); - if (!fp) { - fprintf(stderr, "Error fnetfilter: cannot open %s\n", destfile); - exit(1); - } + if (!fp) + err_exit_cannot_open_file(destfile); fprintf(fp, "%s\n", default_filter); fclose(fp); } diff --git a/test/environment/csh.exp b/test/environment/csh.exp index 7b9fe7dc4..10a278ebc 100755 --- a/test/environment/csh.exp +++ b/test/environment/csh.exp @@ -30,6 +30,20 @@ expect { "/bin/csh" } send -- "exit\r" +sleep 1 + +send -- "firejail --shell=none --csh\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "shell=none was already specified" +} +after 100 + +send -- "firejail --csh --shell=none\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "a shell was already specified" +} after 100 puts "\n" diff --git a/test/environment/zsh.exp b/test/environment/zsh.exp index 65fe440c7..e7f610e98 100755 --- a/test/environment/zsh.exp +++ b/test/environment/zsh.exp @@ -30,6 +30,20 @@ expect { "/bin/zsh" } send -- "exit\r" +sleep 1 + +send -- "firejail --shell=none --zsh\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "shell=none was already specified" +} +after 100 + +send -- "firejail --zsh --shell=none\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "a shell was already specified" +} after 100 puts "\nall done\n" diff --git a/test/network/netfilter-template.exp b/test/network/netfilter-template.exp index 1ad28a103..5a15152d3 100755 --- a/test/network/netfilter-template.exp +++ b/test/network/netfilter-template.exp @@ -7,6 +7,14 @@ set timeout 10 spawn $env(SHELL) match_max 100000 + +send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/blablabla\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "invalid network filter file" +} +sleep 1 + send -- "firejail --net=br1 --ip=10.10.30.10 --name=test1 --netfilter=/etc/firejail/tcpserver.net,5555 ./tcpserver 5555\r" expect { timeout {puts "TESTING ERROR 1\n";exit} @@ -15,6 +23,21 @@ expect { sleep 1 spawn $env(SHELL) +send -- "firejail --netfilter.print=test1\r" +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "Chain INPUT" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "Chain FORWARD" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "Chain OUTPUT" +} +sleep 1 + send -- "telnet 10.10.30.10 5555\r" expect { timeout {puts "TESTING ERROR 2\n";exit} diff --git a/test/utils/audit.exp b/test/utils/audit.exp index 684886af7..6352dc62d 100755 --- a/test/utils/audit.exp +++ b/test/utils/audit.exp @@ -96,4 +96,64 @@ expect { } after 100 +# test seccomp +send -- "firejail --seccomp.drop=mkdir --audit\r" +expect { + timeout {puts "TESTING ERROR 17\n";exit} + "Firejail Audit" +} +expect { + timeout {puts "TESTING ERROR 18\n";exit} + "GOOD: seccomp BPF enabled" +} +expect { + timeout {puts "TESTING ERROR 19\n";exit} + "UGLY: mount syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 20\n";exit} + "UGLY: umount2 syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 21\n";exit} + "UGLY: ptrace syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 22\n";exit} + "UGLY: swapon syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 23\n";exit} + "UGLY: swapoff syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 24\n";exit} + "UGLY: init_module syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 25\n";exit} + "UGLY: delete_module syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 26\n";exit} + "UGLY: chroot syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 27\n";exit} + "UGLY: pivot_root syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 28\n";exit} + "UGLY: iopl syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 29\n";exit} + "UGLY: ioperm syscall permitted" +} +expect { + timeout {puts "TESTING ERROR 30\n";exit} + "GOOD: all capabilities are disabled" +} +after 100 + puts "\nall done\n" diff --git a/test/utils/command.exp b/test/utils/command.exp new file mode 100755 index 000000000..3b18540db --- /dev/null +++ b/test/utils/command.exp @@ -0,0 +1,23 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2018 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --quiet --private-etc=passwd,group -c ls -al /etc\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "cron" {puts "TESTING ERROR 2\n";exit} + "group" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "passwd" +} + + +after 100 +puts "\nall done\n" diff --git a/test/utils/name.exp b/test/utils/name.exp new file mode 100755 index 000000000..f00b5866e --- /dev/null +++ b/test/utils/name.exp @@ -0,0 +1,174 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2018 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + + +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 12\n";exit} + ":ftest:" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + ":ftest-1:" +} +expect { + timeout {puts "TESTING ERROR 14\n";exit} + ":ftest-2:" +} +expect { + timeout {puts "TESTING ERROR 15\n";exit} + ":ftest-3:" +} +expect { + timeout {puts "TESTING ERROR 16\n";exit} + ":ftest-4:" +} +expect { + timeout {puts "TESTING ERROR 17\n";exit} + ":ftest-5:" +} +expect { + timeout {puts "TESTING ERROR 18\n";exit} + ":ftest-6:" +} +expect { + timeout {puts "TESTING ERROR 19\n";exit} + ":ftest-7:" +} +expect { + timeout {puts "TESTING ERROR 20\n";exit} + ":ftest-8:" +} +expect { + timeout {puts "TESTING ERROR 21\n";exit} + ":ftest-9:" +} +expect { + timeout {puts "TESTING ERROR 22\n";exit} + ":ftest-" +} +expect { + timeout {puts "TESTING ERROR 23\n";exit} + ":ftest-" +} +after 100 + +send -- "firejail --shutdown=ftest-5\r" +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "Sending SIGTERM" +} +sleep 1 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 12\n";exit} + ":ftest-5:" {puts "TESTING ERROR 15\n";exit} + ":ftest-9:" +} + +after 100 +puts "all done\n" diff --git a/test/utils/profile_print.exp b/test/utils/profile_print.exp new file mode 100755 index 000000000..20d88a264 --- /dev/null +++ b/test/utils/profile_print.exp @@ -0,0 +1,27 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2018 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + + +send -- "firejail --name=ftest\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +after 100 + +spawn $env(SHELL) +send -- "firejail --profile.print=ftest\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "/etc/firejail/default.profile" +} + + +after 100 +puts "all done\n" diff --git a/test/utils/utils.sh b/test/utils/utils.sh index d72cc2269..9259ee33a 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh @@ -20,6 +20,15 @@ rm -f ~/firejail-test-file-7699 echo "TESTING: audit (test/utils/audit.exp)" ./audit.exp +echo "TESTING: name (test/utils/name.exp)" +./name.exp + +echo "TESTING: command (test/utils/command.exp)" +./command.exp + +echo "TESTING: profile.print (test/utils/profile_print.exp)" +./profile_print.exp + echo "TESTING: version (test/utils/version.exp)" ./version.exp -- cgit v1.2.3-54-g00ecf