Revision: 4411 http://trac.macosforge.org/projects/ruby/changeset/4411 Author: pthomson@apple.com Date: 2010-08-06 13:57:15 -0700 (Fri, 06 Aug 2010) Log Message: ----------- More tests, moved some assertions out into a shared unit. Modified Paths: -------------- MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb Added Paths: ----------- MacRuby/trunk/spec/macruby/core/sandbox/fixtures/ MacRuby/trunk/spec/macruby/core/sandbox/fixtures/sample_file.txt MacRuby/trunk/spec/macruby/core/sandbox/shared/ MacRuby/trunk/spec/macruby/core/sandbox/shared/no_write.rb Added: MacRuby/trunk/spec/macruby/core/sandbox/fixtures/sample_file.txt =================================================================== --- MacRuby/trunk/spec/macruby/core/sandbox/fixtures/sample_file.txt (rev 0) +++ MacRuby/trunk/spec/macruby/core/sandbox/fixtures/sample_file.txt 2010-08-06 20:57:15 UTC (rev 4411) @@ -0,0 +1 @@ +This is some text. Modified: MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb =================================================================== --- MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb 2010-08-06 20:13:44 UTC (rev 4410) +++ MacRuby/trunk/spec/macruby/core/sandbox/pure_spec.rb 2010-08-06 20:57:15 UTC (rev 4411) @@ -1,4 +1,5 @@ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper') +require File.expand_path('../shared/no_write', __FILE__) describe "Sandbox.pure_computation" do @@ -6,50 +7,10 @@ # Eventually the tests themselves will be farmed out to /sandbox/shared # and all sandbox specs will just be aggregations of should_behave_like calls. - before(:all) do - @filename = File.expand_path(File.dirname(__FILE__) + '/../../spec_helper.rb') - end + it_behaves_like :sandbox_no_write, :no_write - before(:each) do - @code = "Sandbox.pure_computation.apply!; " + before do + @code << "Sandbox.pure_computation.apply!; " end - it "should disallow spawning new processes" do - @code << "IO.popen('whoami')" - ruby_exe(@code).should =~ /posix_spawn\(\) failed/ - end - - it "should disallow open()" do - @code << "open('/dev/null')" - ruby_exe(@code).should =~ /open\(\) failed/ - end - - it "should disallow IO.read" do - @code << "p IO.read('/dev/urandom')" - ruby_exe(@code).should =~ /open\(\) failed/ - end - - it "should disallow most NSFileManager methods" do - @code << "p NSFileManager.defaultManager.currentDirectoryPath" - ruby_exe(@code).should =~ /nil/ - end - - it "should disallow NSString.stringWithContentsOfFile" do - @code << "p NSString.stringWithContentsOfFile('#{@filename}')" - ruby_exe(@code).should =~ /nil/ - end - - it "should disallow NSString.writeToFile" do - @code << "p 'hello'.writeToFile('#{@filename}', atomically:true)" - ruby_exe(@code).should =~ /0/ - end - - it "should disallow most NSWorkspace methods" do - @code = "framework 'Cocoa'; " + @code + "p NSWorkspace.sharedWorkspace.launchApplication('Finder')" - ruby_exe(@code).should =~ /false/ - end - - it "should be frozen" do - Sandbox.pure_computation.frozen?.should be_true - end end \ No newline at end of file Added: MacRuby/trunk/spec/macruby/core/sandbox/shared/no_write.rb =================================================================== --- MacRuby/trunk/spec/macruby/core/sandbox/shared/no_write.rb (rev 0) +++ MacRuby/trunk/spec/macruby/core/sandbox/shared/no_write.rb 2010-08-06 20:57:15 UTC (rev 4411) @@ -0,0 +1,22 @@ +describe :sandbox_no_write, :shared => true do + + before do + @code = "error = Pointer.new_with_type('@'); " + @filename = fixture('spec/macruby/core/sandbox/shared', 'sample_file.txt') + end + + it "prevents Objective-C methods from writing to a file" do + @code << "print 'hello'.writeToFile('#{@filename}', atomically:true)" + ruby_exe(@code).to_i.should == 0 + end + + it "prevents Ruby methods from writing to a file" do + @code << "open('#{@filename}'); file.puts 'this must fail'" + ruby_exe(@code).should =~ /Errno::EPERM/ + end + + it "prevents otherwise changing file attributes through the File module" do + @code << "File.chmod(0777, '#{@filename}')" + ruby_exe(@code).should =~ /Errno::EPERM/ + end +end