[Emacs-diffs] scratch/merge-cedet-tests ded1e9b 109/316: EDE security tests

[Edward John Steere]

branch: scratch/merge-cedet-tests
commit ded1e9be9c3068c027f0939b596edc35fbea2b8f
Author: Eric Ludlam <address@hidden>
Commit: Edward John Steere <address@hidden>

    EDE security tests
    
    Tests for the security system in EDE that marks some project types as
    unsafe.  This makes sure that the user isn't pestered too much, and
    that if they say yes or no the right thing happens.
---
 test/manual/cedet/cedet/ede/secure-utest.el |  173 +++++++++++++++++++++++++++
 1 file changed, 173 insertions(+)

diff --git a/test/manual/cedet/cedet/ede/secure-utest.el 
b/test/manual/cedet/cedet/ede/secure-utest.el
new file mode 100644
index 0000000..32016b6
--- /dev/null
+++ b/test/manual/cedet/cedet/ede/secure-utest.el
@@ -0,0 +1,173 @@
+;;; secure-utest.el --- Test the security features of EDE.
+;;
+;; Copyright (C) 2014 Eric Ludlam
+;;
+;; Author: Eric Ludlam <address@hidden>
+;;
+;; This program is free software; you can redistribute it and/or
+;; modify it under the terms of the GNU General Public License as
+;; published by the Free Software Foundation, either version 3 of the
+;; License, or (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful, but
+;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+;; General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with this program.  If not, see http://www.gnu.org/licenses/.
+
+;;; Commentary:
+;;
+;; EDE has several security features that prevents it from
+;; accidentally loading malicious code.
+
+;;; Code:
+
+(defclass ede-security-entry ()
+  ((file :initarg :file
+        :documentation
+        "The file to load in and test.")
+
+   (classp :initarg :classp
+          :documentation
+          "Class test predicate.  It is passed the root project found.
+Use this to see if a project was loaded or not.  Unsecure projects should
+not be loaded.")
+
+   (hazzard :initarg :hazzard
+           :documentation
+           "Non-nil if this entry is considered HAZARDOUS and shouldn't be
+loaded the first time.")
+
+   (has-config :initarg :has-config
+              :documentation
+              "Non-nil if this entry has a config file.  These projects
+are considered SAFE, but will skip loading thier config file until explicitly
+permitted.")
+   ;; RESULTS
+   (init-state :initform nil)
+   (without-permission :initform nil)
+   (with-permission :initform nil)
+   )
+  "A testing entry for the security unit tests.")
+
+(defvar ede-security-project-entries
+  (list
+   (ede-security-entry "proj" :file "src/proj/TEST"
+                      :classp 'ede-proj-project-p
+                      :hazzard t
+                      :has-config nil)
+
+   )
+  "List of project test entries to try.")
+
+(defun ede-security-question-yes (&rest R)
+  "Return that we want to add the project."
+  t)
+
+(defun ede-security-question-no (&rest R)
+  "Return that we DO NOT want to add the project."
+  nil)
+
+(defun ede-security-question-err (&rest R)
+  "Throw an error if the user is being pestered at the wrong time."
+  (error "Query posed at the wrong time!"))
+
+(defun ede-security-utest ()
+  "Execute security unit tests."
+  (interactive)
+  (save-excursion
+
+    ;; Protect from previous tests.  Flush all project caches, and all known 
projects.
+    (ede-flush-directory-hash)
+    (ede-flush-project-hash)
+    (setq ede-projects nil) ;; Whack all known projects.
+
+    ;; Enable the generic EDE project types so we can test them.
+    (ede-enable-generic-projects)
+
+    ;; Start Logging
+    (cedet-utest-log-setup "EDE SECURITY")
+
+    (set-buffer (semantic-find-file-noselect
+                (expand-file-name "cedet/ede/detect.el"
+                                  cedet-utest-root)))
+
+    (let ((ede-project-directories nil) ;; Force us to ADD projects.
+         (errlog nil)
+         )
+
+      (dolist (fle ede-security-project-entries)
+
+       (ede-security-test-one-entry fle)
+
+       )
+
+      ;; Close out the test suite.
+      (cedet-utest-log-shutdown
+       "EDE SECURITY"
+       (when errlog
+        (format "%s Failures found." (length errlog)))))
+
+    ))
+
+(defun ede-security-test-one-entry (entry)
+  "Test a project ENTRY.  Use QUERYFCN as the replacement user query fcn."
+  (let ((ede-check-project-query-fcn 'ede-security-question-err)
+       )
+
+    ;; Make sure we have the files we think we have.
+    (when (not (file-exists-p (oref fle :file)))
+      (error "Cannot find unit test; file not found: %s" (oref fle :file)))
+
+    ;; Notes:
+    (message "  Security Test for: %S" (oref fle :file))
+
+    ;; Do the load
+    (let ((fb (find-buffer-visiting (oref fle :file)))
+         (b (semantic-find-file-noselect (oref fle :file))))
+
+      (save-excursion
+       (set-buffer b)
+
+       ;; Run the EDE detection code.  Firing up the mode isn't really needed.
+       ;; Don't protect this as with the detect-utest.el stuff.  That should
+       ;; have vetted these projects.  Now we are only testing if they 
detected.
+       (ede-initialize-state-current-buffer)
+       (when (not (eq b (current-buffer)))
+         (error "Buffer changed during init!"))
+
+       (when ede-object-root-project
+         (error "Unsafe project was loaded without asking!"))
+
+       ;; Now do the same thing again, but this time by using the
+       ;; security fcn direcly, which is similar to forcing EDE to
+       ;; load the project by using the `ede' function.  Say NO when
+       ;; it wants to ask the security question.
+       (setq ede-check-project-query-fcn 'ede-security-question-no)
+       (if (ede-check-project-directory default-directory)
+           (error "Unsafe project would have loaded even though we said no!"))
+
+       ;; Try again, this time really try to load the project, and also
+       ;; say YES when it asks the question.
+       (setq ede-check-project-query-fcn 'ede-security-question-yes)
+       (ede default-directory)
+
+       (when (not ede-object-root-project)
+         (error "Unsafe project was NOT loaded even though we said yes!"))
+
+       (unless (member (directory-file-name default-directory) 
ede-project-directories)
+         (error "We asked to make it safe, but it wasn't added to the safe 
dirs list."))
+
+       )
+      ;; If it wasn't already in memory, whack it.
+      (when (and b (not fb))
+       (kill-buffer b))
+      ))
+  )
+
+
+(provide 'cedet/ede/secure-utest)
+
+;;; secure-utest.el ends here