blob: 6a8932a896c1bf7d39c5b974f2efc74a548e16c2 [file] [log] [blame] [edit]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "src/sys/appmgr/allow_list.h"
#include <fcntl.h>
#include <lib/syslog/cpp/macros.h>
#include <unistd.h>
#include <string>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include "src/lib/files/directory.h"
#include "src/lib/files/file.h"
#include "src/lib/files/path.h"
#include "src/lib/files/scoped_temp_dir.h"
#include "src/lib/fxl/strings/substitute.h"
namespace component {
namespace {
class AllowListTest : public ::testing::Test {
protected:
std::string NewFile(const std::string& dir, const std::string& contents) {
const std::string file = fxl::Substitute("$0/file$1", dir, std::to_string(unique_id_++));
if (!files::WriteFile(file, contents.data(), contents.size())) {
return "";
}
return file;
}
files::ScopedTempDir tmp_dir_;
static bool IsAllowed(const AllowList& al, const std::string& url_str) {
FuchsiaPkgUrl url;
FX_CHECK(url.Parse(url_str)) << "Invalid URL in test: " << url_str;
return al.IsAllowed(url);
}
private:
int unique_id_ = 1;
};
TEST_F(AllowListTest, Parse) {
static constexpr char kFile[] = R"F(
fuchsia-pkg://fuchsia.com/test_one#meta/test_one.cmx
fuchsia-pkg://fuchsia.com/test_two#meta/test_two.cmx)F";
std::string dir;
ASSERT_TRUE(tmp_dir_.NewTempDir(&dir));
fbl::unique_fd dirfd(open(dir.c_str(), O_RDONLY));
auto filename = NewFile(dir, kFile);
AllowList allowlist(dirfd, filename);
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_one#meta/test_one.cmx"));
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_two#meta/test_two.cmx"));
EXPECT_FALSE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_one#meta/other.cmx"));
}
TEST_F(AllowListTest, MissingFile) {
fbl::unique_fd dirfd(open(".", O_RDONLY));
AllowList allowlist(dirfd, "/does/not/exist");
EXPECT_FALSE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_one#meta/test_one.cmx"));
EXPECT_FALSE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_two#meta/test_two.cmx"));
}
TEST_F(AllowListTest, IgnoreVariantAndHash) {
static constexpr char kFile[] = R"F(
fuchsia-pkg://fuchsia.com/foo#meta/foo.cmx)F";
std::string dir;
ASSERT_TRUE(tmp_dir_.NewTempDir(&dir));
fbl::unique_fd dirfd(open(dir.c_str(), O_RDONLY));
auto filename = NewFile(dir, kFile);
AllowList allowlist(dirfd, filename);
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/foo/1#meta/foo.cmx"));
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/foo?hash=1234#meta/foo.cmx"));
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/foo/1?hash=1234#meta/foo.cmx"));
}
TEST_F(AllowListTest, WildcardAllow) {
static constexpr char kFile[] = R"F(
# Some comment about why we allow everything in this build
*)F";
std::string dir;
ASSERT_TRUE(tmp_dir_.NewTempDir(&dir));
fbl::unique_fd dirfd(open(dir.c_str(), O_RDONLY));
auto filename = NewFile(dir, kFile);
AllowList allowlist(dirfd, filename);
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/foo#meta/foo.cmx"));
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/bar#meta/bar.cmx"));
}
TEST_F(AllowListTest, CommentsAreIgnored) {
static constexpr char kFile[] = R"F(
#foo
fuchsia-pkg://fuchsia.com/test_one#meta/test_one.cmx
#bar
fuchsia-pkg://fuchsia.com/test_two#meta/test_two.cmx
#fuchsia-pkg://fuchsia.com/test_one#meta/other.cmx)F";
std::string dir;
ASSERT_TRUE(tmp_dir_.NewTempDir(&dir));
fbl::unique_fd dirfd(open(dir.c_str(), O_RDONLY));
auto filename = NewFile(dir, kFile);
AllowList allowlist(dirfd, filename);
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_one#meta/test_one.cmx"));
EXPECT_TRUE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_two#meta/test_two.cmx"));
EXPECT_FALSE(IsAllowed(allowlist, "fuchsia-pkg://fuchsia.com/test_one#meta/other.cmx"));
}
} // namespace
} // namespace component