From 25219587c0ac2239d42fb82ad32f6c86d2da6e27 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 28 Dec 2019 21:27:45 -0800 Subject: Test shared memory is disabled Co-authored-by: 0xf0f <0x0meta@gmail.com> --- tests/test_nsjail.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'tests') diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py index bb176d9..00ca89c 100644 --- a/tests/test_nsjail.py +++ b/tests/test_nsjail.py @@ -122,3 +122,30 @@ class NsJailTests(unittest.TestCase): "INFO:snekbox.nsjail:pid=20 ([STANDALONE MODE]) exited with status: 2, (PIDs left: 0)", log.output ) + + def test_shm_and_tmp_not_mounted(self): + for path in ("/dev/shm", "/run/shm", "/tmp"): + with self.subTest(path=path): + code = dedent(f""" + with open('{path}/test', 'wb') as file: + file.write(bytes([255])) + """).strip() + + result = self.nsjail.python3(code) + self.assertEqual(result.returncode, 1) + self.assertIn("No such file or directory", result.stdout) + self.assertEqual(result.stderr, None) + + def test_multiprocessing_shared_memory_disabled(self): + code = dedent(""" + from multiprocessing.shared_memory import SharedMemory + try: + SharedMemory('test', create=True, size=16) + except FileExistsError: + pass + """).strip() + + result = self.nsjail.python3(code) + self.assertEqual(result.returncode, 1) + self.assertIn("Function not implemented", result.stdout) + self.assertEqual(result.stderr, None) -- cgit v1.2.3 From 58477b8a96773da0de428e45ed56a7b1b44c0ab6 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 28 Dec 2019 21:45:40 -0800 Subject: Test root and direct children are read-only --- tests/test_nsjail.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'tests') diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py index 00ca89c..e439c15 100644 --- a/tests/test_nsjail.py +++ b/tests/test_nsjail.py @@ -56,14 +56,17 @@ class NsJailTests(unittest.TestCase): self.assertEqual(result.stderr, None) def test_read_only_file_system(self): - code = dedent(""" - open('hello', 'w').write('world') - """).strip() + for path in ("/", "/etc", "/lib", "/lib64", "/snekbox", "/usr"): + with self.subTest(path=path): + code = dedent(f""" + with open('{path}/hello', 'w') as f: + f.write('world') + """).strip() - result = self.nsjail.python3(code) - self.assertEqual(result.returncode, 1) - self.assertIn("Read-only file system", result.stdout) - self.assertEqual(result.stderr, None) + result = self.nsjail.python3(code) + self.assertEqual(result.returncode, 1) + self.assertIn("Read-only file system", result.stdout) + self.assertEqual(result.stderr, None) def test_forkbomb_resource_unavailable(self): code = dedent(""" -- cgit v1.2.3 From da8a1752dde8d8a8afb1a4f64d7678f80e802dab Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 28 Dec 2019 21:49:33 -0800 Subject: Add test for importing numpy This is a test for #53, which fixed numpy failing to import due to using multiple threads by default. --- tests/test_nsjail.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'tests') diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py index e439c15..f04d317 100644 --- a/tests/test_nsjail.py +++ b/tests/test_nsjail.py @@ -152,3 +152,9 @@ class NsJailTests(unittest.TestCase): self.assertEqual(result.returncode, 1) self.assertIn("Function not implemented", result.stdout) self.assertEqual(result.stderr, None) + + def test_numpy_import(self): + result = self.nsjail.python3("import numpy") + self.assertEqual(result.returncode, 0) + self.assertEqual(result.stdout, "") + self.assertEqual(result.stderr, None) -- cgit v1.2.3 From 83f1c49ab6ed6ff0b04f32f5031e4838131302d1 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 11 Jan 2020 13:50:47 -0800 Subject: Fix #56: stdout and stderr outputs in wrong order --- scripts/.profile | 2 +- snekbox.cfg | 2 +- snekbox/nsjail.py | 2 +- tests/test_nsjail.py | 16 ++++++++++++++++ 4 files changed, 19 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/scripts/.profile b/scripts/.profile index 47ee141..73fbb28 100644 --- a/scripts/.profile +++ b/scripts/.profile @@ -17,5 +17,5 @@ nsjpy() { nsjail \ --config "${NSJAIL_CFG:-/snekbox/snekbox.cfg}" \ $nsj_args -- \ - /snekbox/.venv/bin/python3 -Iq -c "$@" + /snekbox/.venv/bin/python3 -Iqu -c "$@" } diff --git a/snekbox.cfg b/snekbox.cfg index 4cb58de..1d58ea5 100644 --- a/snekbox.cfg +++ b/snekbox.cfg @@ -93,5 +93,5 @@ iface_no_lo: true exec_bin { path: "/snekbox/.venv/bin/python3" - arg: "-Iq" + arg: "-Iqu" } diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index 83d3b8d..df69e7a 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -128,7 +128,7 @@ class NsJail: "--cgroup_pids_mount", str(CGROUP_PIDS_PARENT.parent), "--cgroup_pids_parent", CGROUP_PIDS_PARENT.name, "--", - self.python_binary, "-Iq", "-c", code + self.python_binary, "-Iqu", "-c", code ) msg = "Executing code..." diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py index f04d317..0b755b2 100644 --- a/tests/test_nsjail.py +++ b/tests/test_nsjail.py @@ -158,3 +158,19 @@ class NsJailTests(unittest.TestCase): self.assertEqual(result.returncode, 0) self.assertEqual(result.stdout, "") self.assertEqual(result.stderr, None) + + def test_output_order(self): + stdout_msg = "greetings from stdout!" + stderr_msg = "hello from stderr!" + code = dedent(f""" + print({stdout_msg!r}) + raise ValueError({stderr_msg!r}) + """).strip() + + result = self.nsjail.python3(code) + self.assertLess( + result.stdout.find(stdout_msg), + result.stdout.find(stderr_msg), + msg="stdout does not come before stderr" + ) + self.assertEqual(result.stderr, None) -- cgit v1.2.3