コード例 #1
0
        public void CreateSandboxedProcessInfoWithExplicitReporting()
        {
            var instance    = CreateSandboxExecRunner();
            var processInfo = SandboxExecRunner.CreateSandboxedProcessInfo("/usr/bin/touch", instance);

            // Make sure the SandboxExec sandboxed process info is always gerenated to explicitly report all file accesses
            XAssert.IsTrue(processInfo.FileAccessManifest.ReportFileAccesses);
            XAssert.IsFalse(processInfo.FileAccessManifest.FailUnexpectedFileAccesses);
        }
コード例 #2
0
        public void TestParseArgsWithDoubleDashInProcArgs()
        {
            var procArgs = new string[] { "/bin/cat", "--" };
            var args     = new[] { "--" }.Concat(procArgs).ToArray();
            var result   = SandboxExecRunner.ParseArgs(args);

            XAssert.AreEqual(Defaults, result.toolOptions);
            XAssert.ArrayEqual(procArgs, result.procArgs);
        }
コード例 #3
0
        public void TestParseArgsWithTwoToolArgs(string arg1, string arg2, bool?expectedVerboseValue, int?expectedQueueSizeValue)
        {
            var procArgs = new string[] { "/bin/cat", "--" };
            var args     = new[] { arg1, arg2, "--" }.Concat(procArgs).ToArray();
            var result   = SandboxExecRunner.ParseArgs(args);

            XAssert.AreEqual(expectedVerboseValue ?? Defaults.Verbose, result.toolOptions.Verbose);
            XAssert.AreEqual(expectedQueueSizeValue ?? (int)Defaults.ReportQueueSizeMB, (int)result.toolOptions.ReportQueueSizeMB);
            XAssert.ArrayEqual(procArgs, result.procArgs);
        }
コード例 #4
0
        public void TestParseArgsNoToolArgs(bool withSeparator)
        {
            var procArgs = new string[] { "/bin/ls", "-l" };
            var args     = withSeparator
                ? new[] { "--" }.Concat(procArgs).ToArray()
                : procArgs;
            var result = SandboxExecRunner.ParseArgs(args);

            XAssert.AreEqual(Defaults, result.toolOptions);
            XAssert.ArrayEqual(procArgs, result.procArgs);
        }
コード例 #5
0
        public void CommandLineArgumentsGetParsedCorrectly()
        {
            var input     = new string[] { "/usr/bin/clang", "test.c", "-o", "test", "'a b c'", "/a/b/c/d e f.app" };
            var arguments = SandboxExecRunner.ExtractAndEscapeCommandLineArguments(input);

            if (OperatingSystemHelper.IsUnixOS)
            {
                XAssert.AreEqual("'test.c' '-o' 'test' ''\\''a b c'\\''' '/a/b/c/d e f.app'", arguments);
            }
            else
            {
                XAssert.AreEqual("test.c -o test 'a b c' /a/b/c/d e f.app", arguments);
            }
        }
コード例 #6
0
        public void TestSandboxConnectionNotInTestMode()
        {
            if (OperatingSystemHelper.IsMacOS)
            {
                return; // doesn't work with the kext
            }

            using var sandboxConnection = CreateSandboxConnection(isInTestMode: false);
            var instance    = new SandboxExecRunner(sandboxConnection);
            var processInfo = SandboxExecRunner.CreateSandboxedProcessInfo("/usr/bin/touch", instance);

            // Make sure the SandboxExec sandboxed process info is always generated to explicitly report all file accesses
            XAssert.IsTrue(processInfo.FileAccessManifest.ReportFileAccesses);
            XAssert.IsFalse(processInfo.FileAccessManifest.FailUnexpectedFileAccesses);
        }
コード例 #7
0
        public async Task CheckForFileAccessReportsWhenRunningProcessWithKextLoaded()
        {
            try
            {
                var instance = CreateSandboxExecRunner();
                var process  = await SandboxExecRunner.ExecuteAsync(instance, new string[] { "/bin/ls", "." }, TestOutputDirectory);

                var result = await process.GetResultAsync();

                var distinctAccessReports = instance.DedupeAccessReports(
                    result.FileAccesses,
                    result.ExplicitlyReportedFileAccesses,
                    result.AllUnexpectedFileAccesses);

                XAssert.IsTrue(distinctAccessReports.Count > 0);
                XAssert.IsTrue(distinctAccessReports.Contains(" R  /bin/ls"));
            }
            catch (Exception ex)
            {
                // This should not happen if the sandbox is loaded and non of the report processing did throw
                XAssert.Fail("CheckForFileAccessReportsWhenRunningProcessWithKextLoaded, threw an exception: {0}", ex);
            }
        }