fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Testing #4

Merged
fedir merged 5 commits from Testing into main 2025-03-18 09:53:26 +01:00
Conversation 0 Commits 5 Files Changed 5 +62 -34
2 changed files with 62 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 64abb1ed52 - Show all commits

23
test/mock/zenity Executable file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
# fake-zenity: script that mocks the behavior of zenity based on the ./.fake-zenity-response file
if [[ $1 == "--set-fake-response" ]]; then
#someone knows we are fake :)
echo $2 >~/.fake_zenity_response
else
if [ -f ~/.fake_zenity_response ]; then
FAKE_ZENITY_RESPONSE=$(cat ~/.fake_zenity_response)
if [[ $FAKE_ZENITY_RESPONSE == "yes_tmp" ]]; then
printf "Allow this time\n"
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "no" ]]; then
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then
exit 0
fi
fi
fi
exit -1 # TODO: call actual zenity here

73
test/test.bash
View File

@@ -2,8 +2,14 @@
# clean what was left from previous tests
rm ./protected/first ./protected/second
touch ./protected/this-only ./protected/do-not-remove ./protected/should-be-removed
rm -rf ./protected
mkdir protected
touch ./protected/do-not-remove ./protected/should-be-removed
echo "Free code, free world." >./protected/this-only
# set up the fake-zenity
PATH="$(realpath ./mock/):$PATH"
# mount the filesystem
@@ -12,40 +18,36 @@ valgrind -s ../build/icfs -o default_permissions ./protected &
sleep 1
# set up the fake-zenity
#export PATH="$(realpath ./mock/):$PATH"
# Try to touch files in the directory
#echo \"manual\" >./protected/manual
#export FAKE_ZENITY_RESPONSE="0"
parallel ::: "echo \"first\" >./protected/first 2> /dev/null \
&& echo \"[ICFS-TEST]: echo can create protected/first despite access being denied!\" \
|| echo \"[ICFS-TEST]: OK\"" \
"sleep 0.7 && xdotool key Escape" # EACCESS
zenity --set-fake-response no
echo "first" >./protected/first 2>/dev/null &&
echo "[ICFS-TEST]: echo can create protected/first despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
parallel ::: "echo \"second\" >./protected/second 2> /dev/null \
&& echo \"[ICFS-TEST]: OK\" \
|| echo \"[ICFS-TEST]: echo cannot create protected/second despite access being permitted!\"" \
"sleep 0.7 && xdotool key KP_Enter" # OK
zenity --set-fake-response yes_tmp
echo "second" >./protected/second 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # OK
# Test whether permissons work
parallel ::: "cat ./protected/first > /dev/null 2> /dev/null \
&& echo \"[ICFS-TEST]: cat can read a non-existant file ./protected/first!\" \
|| echo \"[ICFS-TEST]: OK\"" # ENOENT
zenity --set-fake-response yes_tmp
cat ./protected/first >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: cat can read a non-existant file ./protected/first!" ||
echo "[ICFS-TEST]: OK" # ENOENT
parallel ::: "cat ./protected/second > /dev/null 2> /dev/null \
&& echo \"[ICFS-TEST]: OK\" \
|| echo \"[ICFS-TEST]: cat cannot open protected/second despite access being permitted!\"" \
"sleep 0.7 && xdotool key KP_Enter" # "second"
zenity --set-fake-response yes_tmp
cat ./protected/second >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: cat cannot open protected/second despite access being permitted!" # "second"
parallel ::: "cat ./protected/this-only > /dev/null 2> /dev/null \
&& echo \"[ICFS-TEST]: OK\" \
|| echo \"[ICFS-TEST]: echo cannot create protected/second despite access being permitted!\"" \
"sleep 0.7 && xdotool key KP_Enter" # "Free code, free world."
zenity --set-fake-response yes_tmp
cat ./protected/this-only >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # "Free code, free world."
#parallel ::: "cat ./protected/sudo-only > /dev/null 2> /dev/null \
# && echo \"[ICFS-TEST]: cat can access files owned by root!\" \
@@ -53,16 +55,19 @@ parallel ::: "cat ./protected/this-only > /dev/null 2> /dev/null \
# test the removal
parallel ::: "rm ./protected/do-not-remove > /dev/null 2> /dev/null \
&& echo \"[ICFS-TEST]: rm can unlink protected/do-not-remove despite access being denied!\" \
|| echo \"[ICFS-TEST]: OK\"" \
"sleep 0.7 && xdotool key Escape" # EACCESS
zenity --set-fake-response no
rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: rm can unlink protected/do-not-remove despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
parallel ::: "rm ./protected/should-be-removed > /dev/null 2> /dev/null \
&& echo \"[ICFS-TEST]: OK\" \
|| echo \"[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!\"" \
"sleep 0.7 && xdotool key KP_Enter" # OK
zenity --set-fake-response yes_tmp
rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
# unmount
sleep 0.5
#lsof +f -- $(realpath ./protected)
umount $(realpath ./protected)
sleep 0.5