tests: Add tests for no world writable dirs & no setuid files

2017-06-19 19:41:00 +02:00 · 2017-06-19 19:41:00 +02:00 · 0bbb8354dc
parent 67ffd9a0b6
commit 0bbb8354dc
2 changed files with 39 additions and 1 deletions
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@ -139,6 +139,14 @@ assert_not_file_has_content () {
    fi
 }

+assert_file_has_mode () {
+    mode=$(stat -c '%a' $1)
+    if [ "$mode" != "$2" ]; then
+        echo 1>&2 "File '$1' has wrong mode: expected $2, but got $mode"
+        exit 1
+    fi
+}
+
 assert_not_has_dir () {
    if test -d "$1"; then
 	echo 1>&2 "Directory '$1' exists"; exit 1
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@ -24,7 +24,7 @@ set -euo pipefail
 skip_without_bwrap
 skip_without_user_xattrs

-echo "1..10"
+echo "1..12"

 setup_repo
 install_repo
@ -338,3 +338,33 @@ ${FLATPAK} build-export ${FL_GPGARGS} repos/test ${DIR}
 ${FLATPAK} ${U} update org.test.OldVersion

 echo "ok version checks"
+
+rm -rf app
+flatpak build-init app org.test.Writable org.test.Platform org.test.Platform
+mkdir -p app/files/a-dir
+chmod a+rwx app/files/a-dir
+flatpak build-finish --command=hello.sh app
+ostree --repo=repos/test commit  ${FL_GPGARGS} --branch=app/org.test.Writable/$ARCH/master app
+update_repo
+
+${FLATPAK} ${U} install test-repo org.test.Writable
+
+assert_file_has_mode $FL_DIR/app/org.test.Writable/$ARCH/master/active/files/a-dir 775
+
+echo "ok no world writable dir"
+
+rm -rf app
+flatpak build-init app org.test.Setuid org.test.Platform org.test.Platform
+mkdir -p app/files/
+touch app/files/exe
+chmod u+s app/files/exe
+flatpak build-finish --command=hello.sh app
+ostree --repo=repos/test commit  ${FL_GPGARGS} --branch=app/org.test.Setuid/$ARCH/master app
+update_repo
+
+if ${FLATPAK} ${U} install test-repo org.test.Setuid &> err2.txt; then
+    assert_not_reached "Should not be able to install with setuid file"
+fi
+assert_file_has_content err2.txt [Ii]nvalid
+
+echo "ok no setuid"