1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
import logging
import unittest
from textwrap import dedent
from snekbox.nsjail import MEM_MAX, NsJail
class NsJailTests(unittest.TestCase):
def setUp(self):
super().setUp()
self.nsjail = NsJail()
self.nsjail.DEBUG = False
self.logger = logging.getLogger("snekbox.nsjail")
def test_print_returns_0(self):
result = self.nsjail.python3("print('test')")
self.assertEqual(result.returncode, 0)
self.assertEqual(result.stdout, "test\n")
self.assertEqual(result.stderr, None)
def test_timeout_returns_137(self):
code = dedent("""
while True:
pass
""").strip()
with self.assertLogs(self.logger) as log:
result = self.nsjail.python3(code)
self.assertEqual(result.returncode, 137)
self.assertEqual(result.stdout, "")
self.assertEqual(result.stderr, None)
self.assertIn("run time >= time limit", "\n".join(log.output))
def test_memory_returns_137(self):
# Add a kilobyte just to be safe.
code = dedent(f"""
x = ' ' * {MEM_MAX + 1000}
""").strip()
result = self.nsjail.python3(code)
self.assertEqual(result.returncode, 137)
self.assertEqual(result.stdout, "")
self.assertEqual(result.stderr, None)
def test_subprocess_resource_unavailable(self):
code = dedent("""
import subprocess
print(subprocess.check_output('kill -9 6', shell=True).decode())
""").strip()
result = self.nsjail.python3(code)
self.assertEqual(result.returncode, 1)
self.assertIn("Resource temporarily unavailable", result.stdout)
self.assertEqual(result.stderr, None)
def test_read_only_file_system(self):
code = dedent("""
open('hello', 'w').write('world')
""").strip()
result = self.nsjail.python3(code)
self.assertEqual(result.returncode, 1)
self.assertIn("Read-only file system", result.stdout)
self.assertEqual(result.stderr, None)
def test_forkbomb_resource_unavailable(self):
code = dedent("""
import os
while 1:
os.fork()
""").strip()
result = self.nsjail.python3(code)
self.assertEqual(result.returncode, 1)
self.assertIn("Resource temporarily unavailable", result.stdout)
self.assertEqual(result.stderr, None)
def test_sigsegv_returns_139(self): # In honour of Juan.
code = dedent("""
import ctypes
ctypes.string_at(0)
""").strip()
result = self.nsjail.python3(code)
self.assertEqual(result.returncode, 139)
self.assertEqual(result.stdout, "")
self.assertEqual(result.stderr, None)
def test_null_byte_value_error(self):
result = self.nsjail.python3("\0")
self.assertEqual(result.returncode, None)
self.assertEqual(result.stdout, "ValueError: embedded null byte")
self.assertEqual(result.stderr, None)
def test_log_parser(self):
log_lines = (
"[D][2019-06-22T20:07:00+0000][16] void foo::bar()():100 This is a debug message.",
"[I][2019-06-22T20:07:48+0000] pid=20 ([STANDALONE MODE]) "
"exited with status: 2, (PIDs left: 0)",
"[W][2019-06-22T20:06:04+0000][14] void cmdline::logParams(nsjconf_t*)():250 "
"Process will be UID/EUID=0 in the global user namespace, and will have user "
"root-level access to files",
"[W][2019-06-22T20:07:00+0000][16] void foo::bar()():100 This is a warning!",
"[E][2019-06-22T20:07:00+0000][16] bool "
"cmdline::setupArgv(nsjconf_t*, int, char**, int)():316 No command-line provided",
"[F][2019-06-22T20:07:00+0000][16] int main(int, char**)():204 "
"Couldn't parse cmdline options",
"Invalid Line"
)
with self.assertLogs(self.logger, logging.DEBUG) as log:
self.nsjail._parse_log(log_lines)
self.assertIn("DEBUG:snekbox.nsjail:This is a debug message.", log.output)
self.assertIn("ERROR:snekbox.nsjail:Couldn't parse cmdline options", log.output)
self.assertIn("ERROR:snekbox.nsjail:No command-line provided", log.output)
self.assertIn("WARNING:snekbox.nsjail:Failed to parse log line 'Invalid Line'", log.output)
self.assertIn("WARNING:snekbox.nsjail:This is a warning!", log.output)
self.assertIn(
"INFO:snekbox.nsjail:pid=20 ([STANDALONE MODE]) exited with status: 2, (PIDs left: 0)",
log.output
)
|
