Pledge and unveil redbean's unit tests

2025-03-02 23:18:44 +00:00 · 2022-07-23 05:22:19 -07:00 · 2022-07-23 05:22:19 -07:00 · 31e4b0867b
commit 31e4b0867b
parent 513a659dd2
21 changed files with 44 additions and 6 deletions
--- a/test/tool/net/argon2_test.lua
+++ b/test/tool/net/argon2_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 assert(assert(argon2.hash_encoded("password", "somesalt", {
               variant = argon2.variants.argon2_i,
               m_cost = 65536,
--- a/test/tool/net/encodejson_test.lua
+++ b/test/tool/net/encodejson_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 assert(EncodeJson(nil) == "null")
 assert(EncodeJson(true) == "true")
 assert(EncodeJson(false) == "false")
--- a/test/tool/net/encodelua_test.lua
+++ b/test/tool/net/encodelua_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 assert(EncodeLua(nil) == "nil")
 assert(EncodeLua(true) == "true")
 assert(EncodeLua(false) == "false")
--- a/test/tool/net/jsonorg_fail_test.lua
+++ b/test/tool/net/jsonorg_fail_test.lua
@ -1,3 +1,5 @@
+unix.pledge("stdio")
+
 -- https://www.json.org/JSON_checker/test.zip
 -- JSON parsing sample test case: fail11.json
 assert(not DecodeJson([[
--- a/test/tool/net/jsonorg_pass_test.lua
+++ b/test/tool/net/jsonorg_pass_test.lua
@ -1,3 +1,5 @@
+unix.pledge("stdio")
+
 -- https://www.json.org/JSON_checker/test.zip
 -- JSON parsing sample test case: pass1.json
 assert(DecodeJson([[
--- a/test/tool/net/jsontestsuite_fail1_test.lua
+++ b/test/tool/net/jsontestsuite_fail1_test.lua
@ -26,6 +26,8 @@
 -- SOFTWARE.
 --

+unix.pledge("stdio")
+
 -- these test cases are prefixed with n_
 -- ljson should reject all of them as invalid

--- a/test/tool/net/jsontestsuite_fail2_test.lua
+++ b/test/tool/net/jsontestsuite_fail2_test.lua
@ -26,6 +26,8 @@
 -- SOFTWARE.
 --

+unix.pledge("stdio")
+
 -- these test cases are prefixed with n_
 -- ljson should reject all of them as invalid

--- a/test/tool/net/jsontestsuite_fail3_test.lua
+++ b/test/tool/net/jsontestsuite_fail3_test.lua
@ -26,6 +26,8 @@
 -- SOFTWARE.
 --

+unix.pledge("stdio")
+
 -- these test cases are prefixed with n_
 -- ljson should reject all of them as invalid

--- a/test/tool/net/jsontestsuite_fail4_test.lua
+++ b/test/tool/net/jsontestsuite_fail4_test.lua
@ -26,6 +26,8 @@
 -- SOFTWARE.
 --

+unix.pledge("stdio")
+
 -- these test cases are prefixed with n_
 -- ljson should reject all of them as invalid

--- a/test/tool/net/jsontestsuite_okay_test.lua
+++ b/test/tool/net/jsontestsuite_okay_test.lua
@ -26,6 +26,8 @@
 -- SOFTWARE.
 --

+unix.pledge("stdio")
+
 -- these test cases are prefixed with i_
 -- ljson is free to accept or reject,
 -- but we run them anyway to check for segfaults
--- a/test/tool/net/jsontestsuite_pass_test.lua
+++ b/test/tool/net/jsontestsuite_pass_test.lua
@ -26,6 +26,8 @@
 -- SOFTWARE.
 --

+unix.pledge("stdio")
+
 -- these test cases are prefixed with y_
 -- ljson should accept all of them as valid

--- a/test/tool/net/lfuncs_test.lua
+++ b/test/tool/net/lfuncs_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 x = Rdtsc()
 y = Rdtsc()
 assert(y > x)
--- a/test/tool/net/ljson_test.lua
+++ b/test/tool/net/ljson_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 assert(EncodeLua(assert(DecodeJson[[  0  ]])) ==  '0' )
 assert(EncodeLua(assert(DecodeJson[[ [1] ]])) == '{1}')
 assert(EncodeLua(assert(DecodeJson[[ 2.3 ]])) == '2.3')
--- a/test/tool/net/lre_test.lua
+++ b/test/tool/net/lre_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 assert(string.match("127.123.231.1", "%d+.%d+.%d+.%d+"))
 assert(re.search([[^\d{1,3}(\.\d{1,3}){3}$]], "127.123.231.1"))

--- a/test/tool/net/lua_test.lua
+++ b/test/tool/net/lua_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 -- test redbean lua language extensions
 assert(0b100 == 4)
 assert(0200 == 128)
--- a/test/tool/net/lunix_test.lua
+++ b/test/tool/net/lunix_test.lua
@ -151,6 +151,9 @@ end

 function main()
   assert(unix.makedirs(tmpdir))
+   unix.unveil(tmpdir, "rwc")
+   unix.unveil(nil, nil)
+   unix.pledge("stdio rpath wpath cpath proc")
   ok, err = pcall(UnixTest)
   if ok then
      assert(unix.rmrf(tmpdir))
--- a/test/tool/net/path_test.lua
+++ b/test/tool/net/path_test.lua
@ -13,6 +13,8 @@
 -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 -- PERFORMANCE OF THIS SOFTWARE.

+unix.pledge("stdio")
+
 assert("/usr/lib" == path.dirname("/usr/lib/foo.bar"))
 assert("/usr" == path.dirname("/usr/lib"))
 assert("usr" == path.dirname("usr/lib"))
--- a/test/tool/net/slurp_test.lua
+++ b/test/tool/net/slurp_test.lua
@ -38,6 +38,9 @@ end

 local function main()
   assert(unix.makedirs(tmpdir))
+   unix.unveil(tmpdir, "rwc")
+   unix.unveil(nil, nil)
+   unix.pledge("stdio rpath wpath cpath")
   ok, err = pcall(SlurpTest)
   if ok then
      assert(unix.rmrf(tmpdir))
--- a/third_party/lua/lauxlib.c
+++ b/third_party/lua/lauxlib.c
@ -216,7 +216,7 @@ LUALIB_API void luaL_traceback (lua_State *L, lua_State *L1,


 /**
- * Improved Lua traceback.
+ * [jart] Improved Lua traceback.
 * @see https://luyuhuang.tech/2020/12/01/lua-traceback-with-parameters.html
 * @author Luyu Huang
 */
--- a/third_party/lua/lunix.c
+++ b/third_party/lua/lunix.c
@ -1382,13 +1382,13 @@ static int LuaUnixPledge(lua_State *L) {
                    pledge(luaL_checkstring(L, 1), luaL_optstring(L, 2, 0)));
 }

-// sandbox.unveil(path:str, permissions:str)
+// sandbox.unveil([path:str[, permissions:str]])
 //     ├─→ true
 //     └─→ nil, unix.Errno
 static int LuaUnixUnveil(lua_State *L) {
  int olderr = errno;
  return SysretBool(L, "unveil", olderr,
-                    unveil(luaL_checkstring(L, 1), luaL_checkstring(L, 2)));
+                    unveil(luaL_optstring(L, 1, 0), luaL_optstring(L, 2, 0)));
 }

 // unix.gethostname()
--- a/tool/net/help.txt
+++ b/tool/net/help.txt
@ -3965,14 +3965,14 @@ UNIX MODULE

        unix.unveil(".", "r");     -- current dir + children visible
        unix.unveil("/etc", "r");  -- make /etc readable too
-        unix.unveil(0, 0);         -- commit and lock policy
+        unix.unveil(nil, nil);     -- commit and lock policy

    Unveiling restricts a thread's view of the filesystem to a set of
    allowed paths with specific privileges.

    Once you start using unveil(), the entire file system is considered
    hidden. You then specify, by repeatedly calling unveil(), which paths
-    should become unhidden. When you're finished, you call `unveil(0,0)`
+    should become unhidden. When you're finished, you call `unveil(nil,nil)`
    which commits your policy, after which further use is forbidden, in
    the current thread, as well as any threads or processes it spawns.

@ -3981,7 +3981,7 @@ UNIX MODULE
    1. Build your policy and lock it in one go. On OpenBSD, policies take
       effect immediately and may evolve as you continue to call unveil()
       but only in a more restrictive direction. On Linux, nothing will
-       happen until you call `unveil(0,0)` which commits and locks.
+       happen until you call `unveil(nil,nil)` which commits and locks.

    2. Try not to overlap directory trees. On OpenBSD, if directory trees
       overlap, then the most restrictive policy will be used for a given