Files
2026-07-13 13:00:08 +08:00

299 lines
11 KiB
Go

package builtin
import (
"context"
"encoding/json"
"strings"
"testing"
"reasonix/internal/event"
"reasonix/internal/jobs"
"reasonix/internal/sandbox"
)
type fakeSandboxEscapeApprover struct {
allow bool
reason string
sessionAllowed bool
calls []sandbox.EscapeRequest
sessionChecks []sandbox.EscapeRequest
}
func (f *fakeSandboxEscapeApprover) ApproveSandboxEscape(ctx context.Context, req sandbox.EscapeRequest) (bool, string, error) {
f.calls = append(f.calls, req)
return f.allow, f.reason, nil
}
func (f *fakeSandboxEscapeApprover) SandboxEscapeSessionAllowed(ctx context.Context, req sandbox.EscapeRequest) bool {
f.sessionChecks = append(f.sessionChecks, req)
return f.sessionAllowed
}
func TestBashSandboxUnavailableCanEscapeOnceWithApproval(t *testing.T) {
restore := forceWindowsSandboxEscapeTestMode(t)
defer restore()
sh := sandbox.ResolveShell("", "", nil)
oldCommand := bashSandboxCommand
bashSandboxCommand = func(spec sandbox.Spec, sh sandbox.Shell, command string) ([]string, bool) {
return unconfinedShellArgv(sh, command), false
}
defer func() { bashSandboxCommand = oldCommand }()
approver := &fakeSandboxEscapeApprover{allow: true}
ctx := sandbox.WithEscapeApprover(context.Background(), approver)
args := argsJSON(t, map[string]any{"command": echoForShell(sh, "escaped")})
out, err := (bash{sb: sandbox.Spec{Mode: "enforce"}, shell: sh}).Execute(ctx, args)
if err != nil {
t.Fatalf("Execute returned error after approved escape: %v (out=%q)", err, out)
}
if !strings.Contains(out, "escaped") {
t.Fatalf("output = %q, want escaped command output", out)
}
if len(approver.calls) != 1 {
t.Fatalf("approval calls = %d, want 1", len(approver.calls))
}
if approver.calls[0].Command != echoForShell(sh, "escaped") {
t.Fatalf("approval command = %q", approver.calls[0].Command)
}
if !json.Valid(approver.calls[0].Args) {
t.Fatalf("approval args are not valid JSON: %q", approver.calls[0].Args)
}
}
func TestBashSandboxUnavailableStaysClosedWithoutApprover(t *testing.T) {
restore := forceWindowsSandboxEscapeTestMode(t)
defer restore()
sh := sandbox.ResolveShell("", "", nil)
oldCommand := bashSandboxCommand
bashSandboxCommand = func(spec sandbox.Spec, sh sandbox.Shell, command string) ([]string, bool) {
return unconfinedShellArgv(sh, command), false
}
defer func() { bashSandboxCommand = oldCommand }()
out, err := (bash{sb: sandbox.Spec{Mode: "enforce"}, shell: sh}).Execute(context.Background(), argsJSON(t, map[string]any{"command": echoForShell(sh, "escaped")}))
if err == nil {
t.Fatalf("Execute succeeded without escape approver, out=%q", out)
}
if !strings.Contains(err.Error(), "sandbox requested but unavailable") {
t.Fatalf("error = %v, want unavailable sandbox message", err)
}
}
func TestBashSandboxEscapeDenialBlocksUnconfinedRun(t *testing.T) {
restore := forceWindowsSandboxEscapeTestMode(t)
defer restore()
sh := sandbox.ResolveShell("", "", nil)
oldCommand := bashSandboxCommand
bashSandboxCommand = func(spec sandbox.Spec, sh sandbox.Shell, command string) ([]string, bool) {
return unconfinedShellArgv(sh, command), false
}
defer func() { bashSandboxCommand = oldCommand }()
approver := &fakeSandboxEscapeApprover{allow: false, reason: "declined escape"}
ctx := sandbox.WithEscapeApprover(context.Background(), approver)
out, err := (bash{sb: sandbox.Spec{Mode: "enforce"}, shell: sh}).Execute(ctx, argsJSON(t, map[string]any{"command": echoForShell(sh, "escaped")}))
if err == nil {
t.Fatalf("Execute succeeded after denied escape, out=%q", out)
}
if !strings.Contains(err.Error(), "declined escape") {
t.Fatalf("error = %v, want denial reason", err)
}
if len(approver.calls) != 1 {
t.Fatalf("approval calls = %d, want 1", len(approver.calls))
}
}
func TestBashWindowsSandboxRuntimeFailureCanRerunUnconfinedOnce(t *testing.T) {
restore := forceWindowsSandboxEscapeTestMode(t)
defer restore()
sh := sandbox.ResolveShell("", "", nil)
oldCommand := bashSandboxCommand
bashSandboxCommand = func(spec sandbox.Spec, sh sandbox.Shell, command string) ([]string, bool) {
return unconfinedShellArgv(sh, windowsSandboxFailureForShell(sh)), true
}
defer func() { bashSandboxCommand = oldCommand }()
oldRuntimeFailure := bashWindowsSandboxRuntimeFailure
bashWindowsSandboxRuntimeFailure = func(_ []string, out string, err error) bool {
return err != nil && strings.Contains(out, "windows sandbox: boom")
}
defer func() { bashWindowsSandboxRuntimeFailure = oldRuntimeFailure }()
approver := &fakeSandboxEscapeApprover{allow: true}
ctx := sandbox.WithEscapeApprover(context.Background(), approver)
out, err := (bash{sb: sandbox.Spec{Mode: "enforce"}, shell: sh}).Execute(ctx, argsJSON(t, map[string]any{"command": echoForShell(sh, "rerun")}))
if err != nil {
t.Fatalf("Execute returned error after runtime escape: %v (out=%q)", err, out)
}
if !strings.Contains(out, "rerun") {
t.Fatalf("output = %q, want unconfined rerun output", out)
}
if strings.Contains(out, "windows sandbox: boom") {
t.Fatalf("output should come from rerun only, got %q", out)
}
if len(approver.calls) != 1 {
t.Fatalf("approval calls = %d, want 1", len(approver.calls))
}
}
func TestBashSandboxEscapeSessionGrantRunsForegroundUnconfinedBeforeHelper(t *testing.T) {
restore := forceWindowsSandboxEscapeTestMode(t)
defer restore()
sh := sandbox.ResolveShell("", "", nil)
oldCommand := bashSandboxCommand
bashSandboxCommand = func(spec sandbox.Spec, sh sandbox.Shell, command string) ([]string, bool) {
if spec.Enforce() {
return unconfinedShellArgv(sh, windowsSandboxFailureForShell(sh)), true
}
return unconfinedShellArgv(sh, command), false
}
defer func() { bashSandboxCommand = oldCommand }()
oldRuntimeFailure := bashWindowsSandboxRuntimeFailure
bashWindowsSandboxRuntimeFailure = func(_ []string, out string, err error) bool {
return err != nil && strings.Contains(out, "windows sandbox: boom")
}
defer func() { bashWindowsSandboxRuntimeFailure = oldRuntimeFailure }()
approver := &fakeSandboxEscapeApprover{sessionAllowed: true}
ctx := sandbox.WithEscapeApprover(context.Background(), approver)
out, err := (bash{sb: sandbox.Spec{Mode: "enforce"}, shell: sh}).Execute(ctx, argsJSON(t, map[string]any{"command": echoForShell(sh, "session-rerun")}))
if err != nil {
t.Fatalf("Execute returned error with session escape: %v (out=%q)", err, out)
}
if !strings.Contains(out, "session-rerun") {
t.Fatalf("output = %q, want unconfined command output", out)
}
if strings.Contains(out, "windows sandbox: boom") {
t.Fatalf("output should not come from sandbox helper, got %q", out)
}
if len(approver.calls) != 0 {
t.Fatalf("fresh approval calls = %d, want 0", len(approver.calls))
}
if len(approver.sessionChecks) != 1 {
t.Fatalf("session checks = %d, want 1", len(approver.sessionChecks))
}
}
func TestBashSandboxEscapeSessionGrantRunsBackgroundUnconfinedBeforeHelper(t *testing.T) {
restore := forceWindowsSandboxEscapeTestMode(t)
defer restore()
sh := sandbox.ResolveShell("", "", nil)
oldCommand := bashSandboxCommand
bashSandboxCommand = func(spec sandbox.Spec, sh sandbox.Shell, command string) ([]string, bool) {
if spec.Enforce() {
return unconfinedShellArgv(sh, windowsSandboxFailureForShell(sh)), true
}
return unconfinedShellArgv(sh, command), false
}
defer func() { bashSandboxCommand = oldCommand }()
approver := &fakeSandboxEscapeApprover{sessionAllowed: true}
jm := jobs.NewManager(event.Discard)
defer jm.Close()
ctx := jobs.WithManager(context.Background(), jm)
ctx = jobs.WithSession(ctx, "session-a")
ctx = sandbox.WithEscapeApprover(ctx, approver)
out, err := (bash{sb: sandbox.Spec{Mode: "enforce"}, shell: sh}).Execute(ctx, argsJSON(t, map[string]any{
"command": echoForShell(sh, "background-real"),
"run_in_background": true,
}))
if err != nil {
t.Fatalf("Execute returned error starting background job with session escape: %v (out=%q)", err, out)
}
jobID := backgroundJobIDFromStartOutput(t, out)
results := jm.WaitForSession(context.Background(), "session-a", []string{jobID}, 5)
if len(results) != 1 {
t.Fatalf("wait results = %d, want 1", len(results))
}
if results[0].Status != jobs.Done {
t.Fatalf("job status = %s, want %s (output=%q)", results[0].Status, jobs.Done, results[0].Output)
}
if !strings.Contains(results[0].Output, "background-real") {
t.Fatalf("job output = %q, want unconfined command output", results[0].Output)
}
if strings.Contains(results[0].Output, "windows sandbox: boom") {
t.Fatalf("job output should not come from sandbox helper, got %q", results[0].Output)
}
if len(approver.calls) != 0 {
t.Fatalf("fresh approval calls = %d, want 0", len(approver.calls))
}
if len(approver.sessionChecks) != 1 {
t.Fatalf("session checks = %d, want 1", len(approver.sessionChecks))
}
}
func TestBashWindowsSandboxRuntimeFailureRequiresHelperMarker(t *testing.T) {
restore := forceWindowsSandboxEscapeTestMode(t)
defer restore()
payload := "encoded-payload"
argv := []string{"reasonix", sandbox.WindowsHelperCommand, payload, "--", "cmd"}
marker := sandbox.WindowsSandboxFailureMarker(payload)
err := exit126Error(t)
if !isWindowsSandboxRuntimeFailure(argv, marker+" windows sandbox: boom", err) {
t.Fatalf("runtime failure with helper marker was not detected")
}
if isWindowsSandboxRuntimeFailure(argv, "windows sandbox: boom", err) {
t.Fatalf("child output without helper marker should not trigger runtime escape")
}
if isWindowsSandboxRuntimeFailure([]string{"cmd"}, marker+" windows sandbox: boom", err) {
t.Fatalf("non-helper argv should not trigger runtime escape")
}
if isWindowsSandboxRuntimeFailure(argv, marker+" windows sandbox: boom", nil) {
t.Fatalf("successful command should not trigger runtime escape")
}
}
func forceWindowsSandboxEscapeTestMode(t *testing.T) func() {
t.Helper()
old := bashSandboxEscapePromptEnabled
bashSandboxEscapePromptEnabled = func() bool { return true }
return func() { bashSandboxEscapePromptEnabled = old }
}
func echoForShell(sh sandbox.Shell, text string) string {
if sh.Kind == sandbox.ShellPowerShell {
return "Write-Output " + text
}
return "printf " + text
}
func exit126Error(t *testing.T) error {
t.Helper()
sh := sandbox.ResolveShell("", "", nil)
_, err := (bash{shell: sh}).runForeground(context.Background(), bashParams{Command: "exit 126"}, sh, unconfinedShellArgv(sh, "exit 126"), false, nil)
if err == nil {
t.Fatalf("exit 126 command unexpectedly succeeded")
}
return err
}
func windowsSandboxFailureForShell(sh sandbox.Shell) string {
if sh.Kind == sandbox.ShellPowerShell {
return "Write-Error 'windows sandbox: boom'; exit 126"
}
return "printf 'windows sandbox: boom\\n' >&2; exit 126"
}
func backgroundJobIDFromStartOutput(t *testing.T, out string) string {
t.Helper()
const prefix = `Started background job "`
start := strings.Index(out, prefix)
if start < 0 {
t.Fatalf("start output = %q, want background job id", out)
}
rest := out[start+len(prefix):]
end := strings.IndexByte(rest, '"')
if end < 0 {
t.Fatalf("start output = %q, want closing quote for background job id", out)
}
return rest[:end]
}