testing

onny · Nov 21, 2016 · 13ef7fb · 13ef7fb
1 parent 62b9173
commit 13ef7fb
Show file tree

Hide file tree

Showing 6 changed files with 174 additions and 22 deletions.
diff --git a/test/environment/dns.exp b/test/environment/dns.exp
@@ -4,6 +4,31 @@ set timeout 30
 spawn $env(SHELL)
 match_max 100000
 
+send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r"
+expect {
+ timeout {puts "TESTING ERROR 2.1\n";exit}
+ "Child process initialized"
+}
+sleep 1
+
+send -- "cat /etc/resolv.conf\r"
+expect {
+ timeout {puts "TESTING ERROR 2.2\n";exit}
+ "nameserver 8.8.4.4"
+}
+expect {
+ timeout {puts "TESTING ERROR 2.3\n";exit}
+ "nameserver 8.8.8.8"
+}
+expect {
+ timeout {puts "TESTING ERROR 2.4\n";exit}
+ "nameserver 4.2.2.1"
+}
+after 100
+send -- "exit\r"
+after 100
+
+
 # no chroot
 send -- "firejail --trace --dns=208.67.222.222 wget -q debian.org\r"
 expect {
@@ -27,28 +52,6 @@ after 100
 send -- "rm index.html\r"
 after 100
 send -- "exit\r"
-sleep 1
-
-send -- "firejail --dns=8.8.4.4 --dns=8.8.8.8 --dns=4.2.2.1\r"
-expect {
- timeout {puts "TESTING ERROR 2.1\n";exit}
- "Child process initialized"
-}
-sleep 1
-
-send -- "cat /etc/resolv.conf\r"
-expect {
- timeout {puts "TESTING ERROR 2.2\n";exit}
- "nameserver 8.8.4.4"
-}
-expect {
- timeout {puts "TESTING ERROR 2.3\n";exit}
- "nameserver 8.8.8.8"
-}
-expect {
- timeout {puts "TESTING ERROR 2.4\n";exit}
- "nameserver 4.2.2.1"
-}
 after 100
 
 puts "\nall done\n"
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
@@ -61,6 +61,9 @@ echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)"
 echo "TESTING: private whitelist (test/fs/private-whitelist.exp)"
 ./private-whitelist.exp
 
+echo "TESTING: whitelist ~/Downloads (test/fs/whitelist-downloads.exp)"
+./whitelist-downloads.exp
+
 echo "TESTING: invalid filename (test/fs/invalid_filename.exp)"
 ./invalid_filename.exp
 

diff --git a/test/fs/user-dirs.dirs b/test/fs/user-dirs.dirs
@@ -0,0 +1,15 @@
+# This file is written by xdg-user-dirs-update
+# If you want to change or add directories, just edit the line you're
+# interested in. All local changes will be retained on the next run
+# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
+# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
+# absolute path. No other format is supported.
+# 
+XDG_DESKTOP_DIR="$HOME/Desktop"
+XDG_DOWNLOAD_DIR="$HOME/Downloads"
+XDG_TEMPLATES_DIR="$HOME/Templates"
+XDG_PUBLICSHARE_DIR="$HOME/Public"
+XDG_DOCUMENTS_DIR="$HOME/Documents"
+XDG_MUSIC_DIR="$HOME/Music"
+XDG_PICTURES_DIR="$HOME/Pictures"
+XDG_VIDEOS_DIR="$HOME/Videos"
diff --git a/test/fs/whitelist-downloads.exp b/test/fs/whitelist-downloads.exp
@@ -0,0 +1,49 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "cp user-dirs.dirs /tmp/.\r"
+after 100
+
+send -- "firejail --private --noprofile\r"
+expect {
+ timeout {puts "TESTING ERROR 0\n";exit}
+ "Child process initialized"
+}
+after 100
+
+send -- "firejail --force --profile=/etc/firejail/firefox.profile\r"
+expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "cannot whitelist Downloads directory"
+}
+expect {
+ timeout {puts "TESTING ERROR 2\n";exit}
+ "Child process initialized"
+}
+after 100
+
+send -- "exit\r"
+after 100
+
+send -- "cp /tmp/user-dirs.dirs ~/.config/.\r"
+after 100
+
+send -- "firejail --force --profile=/etc/firejail/firefox.profile\r"
+expect {
+ timeout {puts "TESTING ERROR 3\n";exit}
+ "cannot whitelist Downloads directory"
+}
+expect {
+ timeout {puts "TESTING ERROR 4\n";exit}
+ "Child process initialized"
+}
+after 100
+
+puts "\nall done\n"
+
diff --git a/test/utils/audit.exp b/test/utils/audit.exp
@@ -0,0 +1,79 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail --audit\r"
+expect {
+ timeout {puts "TESTING ERROR 0\n";exit}
+ "Firejail Audit"
+}
+expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "is running in a PID namespace"
+}
+expect {
+ timeout {puts "TESTING ERROR 2\n";exit}
+ "container/sandbox firejail"
+}
+expect {
+ timeout {puts "TESTING ERROR 3\n";exit}
+ "seccomp BPF enabled"
+}
+expect {
+ timeout {puts "TESTING ERROR 4\n";exit}
+ "all capabilities are disabled"
+}
+expect {
+ timeout {puts "TESTING ERROR 5\n";exit}
+ "dev directory seems to be fully populated"
+}
+after 100
+
+
+send -- "firejail --audit=/usr/lib/firejail/faudit\r"
+expect {
+ timeout {puts "TESTING ERROR 6\n";exit}
+ "Firejail Audit"
+}
+expect {
+ timeout {puts "TESTING ERROR 7\n";exit}
+ "is running in a PID namespace"
+}
+expect {
+ timeout {puts "TESTING ERROR 8\n";exit}
+ "container/sandbox firejail"
+}
+expect {
+ timeout {puts "TESTING ERROR 9\n";exit}
+ "seccomp BPF enabled"
+}
+expect {
+ timeout {puts "TESTING ERROR 10\n";exit}
+ "all capabilities are disabled"
+}
+expect {
+ timeout {puts "TESTING ERROR 11\n";exit}
+ "dev directory seems to be fully populated"
+}
+after 100
+
+send -- "firejail --audit=blablabla\r"
+expect {
+ timeout {puts "TESTING ERROR 12\n";exit}
+ "cannot find the audit program"
+}
+after 100
+
+send -- "firejail --audit=\r"
+expect {
+ timeout {puts "TESTING ERROR 12\n";exit}
+ "invalid audit program"
+}
+after 100
+
+puts "\nall done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
@@ -6,6 +6,9 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 
+echo "TESTING: audit (test/utils/audit.exp)"
+./audit.exp
+
 echo "TESTING: version (test/utils/version.exp)"
 ./version.exp