UNPKG

jailkeeper

Version:

OFFICIALLY DEPRECATED =====================

JoshuaGross/jailkeeper

147 lines (144 loc) 4.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
var expect = require('expect.js'); var fs = require('fs'); var sinon = require('sinon'); var JailKeeper = require('../'); var spawn = require('child_process').spawn; var path = require('path'); describe('JailKeeper', function () { it('should allow simple harmless echo', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('./echoHello', [], { cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (code) { jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(false); done(); }); }); it('should allow writing within jail dir', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('./echoHelloRedir', [], { cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (code) { jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(false); done(); }); }); it('should allow reading within jail dir', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('./readRedirFile', [], { env: { PATH: '/usr/bin:/opt/local/bin' }, cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (code) { jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(false); done(); }); }); it('should prevent reading test source', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('cat', ['../test.js'], { cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (code) { jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(true); done(); }); }); it('should prevent reading package.json', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('cat', ['../../package.json'], { cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (data) { expect(data.mode).to.be('read'); expect(data.file).to.be(path.resolve('package.json')); jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(true); done(); }); }); it('should prevent reading password file', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('./readPasswordFile', [], { cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (data) { expect(data.mode).to.be('read'); expect(data.file).to.be('/etc/passwd'); jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(true); done(); }); }); it('should prevent writing to parent directory', function (done) { this.timeout(0); fs.stat('test/parentDirWrite.txt', function (deetz) { if (deetz) { fs.unlinkSync('test/parentDirWrite.txt'); } var jail = new JailKeeper(); var childProcess = jail.spawn('./writeToParentDirectory', [], { cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (data) { expect(data.mode).to.be('write'); expect(data.file).to.be(path.resolve('test/parentDirWrite.txt')); jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(true); fs.stat('test/parentDirWrite.txt', function (deetz) { expect(deetz).to.be(null); done(); }); }); }); }); it('should prevent writing to system binary', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('./writeToSystemBinary', [], { cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (data) { expect(data.mode).to.be('write'); expect(data.file).to.be('/bin/bashOrSomethingLikeIt'); jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(true); done(); }); }); // This test is failing on Mac, but I think my copy of dtruss is failing it('should prevent writing to system binary via child process', function (done) { this.timeout(0); var jail = new JailKeeper(); var childProcess = jail.spawn('./writeToSystemBinaryViaChild', [], { env: { PATH: '/usr/bin:/opt/local/bin' }, cwd: './test/fixtures' }); var jailbroken = false; jail.on('jailbreak', function (data) { expect(data.mode).to.be('write'); expect(data.file).to.be('/bin/bashOrSomethingLikeIt'); jailbroken = true; }); jail.on('exit', function (code) { expect(jailbroken).to.be(true); done(); }); }); });