[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] scratch/merge-cedet-tests 3a7b458 110/316: Fixes for secur
From: |
Edward John Steere |
Subject: |
[Emacs-diffs] scratch/merge-cedet-tests 3a7b458 110/316: Fixes for security tests |
Date: |
Fri, 27 Jan 2017 20:03:32 +0000 (UTC) |
branch: scratch/merge-cedet-tests
commit 3a7b458e4129d98c312d46521cb858875214f5aa
Author: Eric Ludlam <address@hidden>
Commit: Edward John Steere <address@hidden>
Fixes for security tests
* test/manual/cedet/cedet/ede/secure-utest.el: (ede-security-entry):
Remove init-state, with[out]-permission
slots. (ede-security-project-entries): Add generic config based
projects. (ede-security-test-one-entry): Add long test for
configuration loading, and the security steps involved in making the
config load.
---
test/manual/cedet/cedet/ede/secure-utest.el | 148 +++++++++++++++++++++------
1 file changed, 115 insertions(+), 33 deletions(-)
diff --git a/test/manual/cedet/cedet/ede/secure-utest.el
b/test/manual/cedet/cedet/ede/secure-utest.el
index 32016b6..0283741 100644
--- a/test/manual/cedet/cedet/ede/secure-utest.el
+++ b/test/manual/cedet/cedet/ede/secure-utest.el
@@ -45,10 +45,6 @@ loaded the first time.")
"Non-nil if this entry has a config file. These projects
are considered SAFE, but will skip loading thier config file until explicitly
permitted.")
- ;; RESULTS
- (init-state :initform nil)
- (without-permission :initform nil)
- (with-permission :initform nil)
)
"A testing entry for the security unit tests.")
@@ -58,7 +54,18 @@ permitted.")
:classp 'ede-proj-project-p
:hazzard t
:has-config nil)
-
+ (ede-security-entry "generic make" :file "src/generic/gen_make/sub/test.cpp"
+ :classp 'ede-generic-makefile-project-p
+ :hazzard nil
+ :has-config t)
+ (ede-security-entry "generic scons" :file
"src/generic/gen_scons/sub/test.cpp"
+ :classp 'ede-generic-scons-project-p
+ :hazzard nil
+ :has-config t)
+ (ede-security-entry "generic cmake" :file
"src/generic/gen_cmake/sub/test.cpp"
+ :classp 'ede-generic-cmake-project-p
+ :hazzard nil
+ :has-config t)
)
"List of project test entries to try.")
@@ -131,34 +138,109 @@ permitted.")
(save-excursion
(set-buffer b)
- ;; Run the EDE detection code. Firing up the mode isn't really needed.
- ;; Don't protect this as with the detect-utest.el stuff. That should
- ;; have vetted these projects. Now we are only testing if they
detected.
- (ede-initialize-state-current-buffer)
- (when (not (eq b (current-buffer)))
- (error "Buffer changed during init!"))
-
- (when ede-object-root-project
- (error "Unsafe project was loaded without asking!"))
-
- ;; Now do the same thing again, but this time by using the
- ;; security fcn direcly, which is similar to forcing EDE to
- ;; load the project by using the `ede' function. Say NO when
- ;; it wants to ask the security question.
- (setq ede-check-project-query-fcn 'ede-security-question-no)
- (if (ede-check-project-directory default-directory)
- (error "Unsafe project would have loaded even though we said no!"))
-
- ;; Try again, this time really try to load the project, and also
- ;; say YES when it asks the question.
- (setq ede-check-project-query-fcn 'ede-security-question-yes)
- (ede default-directory)
-
- (when (not ede-object-root-project)
- (error "Unsafe project was NOT loaded even though we said yes!"))
-
- (unless (member (directory-file-name default-directory)
ede-project-directories)
- (error "We asked to make it safe, but it wasn't added to the safe
dirs list."))
+ (when (oref fle :hazzard)
+ ;; Projects that might load dangerous code should be protected.
+ ;; This section makes sure it doesn't load.
+
+ ;; Run the EDE detection code. Firing up the mode isn't really
needed.
+ ;; Don't protect this as with the detect-utest.el stuff. That should
+ ;; have vetted these projects. Now we are only testing if they
detected.
+ (ede-initialize-state-current-buffer)
+ (when (not (eq b (current-buffer)))
+ (error "Buffer changed during init!"))
+
+ (when ede-object-root-project
+ (error "Unsafe project was loaded without asking!"))
+
+ ;; Now do the same thing again, but this time by using the
+ ;; security fcn direcly, which is similar to forcing EDE to
+ ;; load the project by using the `ede' function. Say NO when
+ ;; it wants to ask the security question.
+ (setq ede-check-project-query-fcn 'ede-security-question-no)
+ (if (ede-check-project-directory default-directory)
+ (error "Unsafe project would have loaded even though we said
no!"))
+
+ (when (member (directory-file-name default-directory)
ede-project-directories)
+ (error "We asked to not load this project, but it was added to the
project directories."))
+
+ ;; Try again, this time really try to load the project, and also
+ ;; say YES when it asks the question.
+ (setq ede-check-project-query-fcn 'ede-security-question-yes)
+ (ede default-directory)
+
+ (when (not ede-object-root-project)
+ (error "Unsafe project was NOT loaded even though we said yes!"))
+
+ (unless (member (directory-file-name default-directory)
ede-project-directories)
+ (error "We asked to make it safe, but it wasn't added to the safe
dirs list."))
+ )
+
+ (when (not (oref fle :hazzard))
+ ;; Code that is not hazzardous should get created automatically
+ ;; during buffer initialization.
+
+ ;; Run the EDE detection code. Firing up the mode isn't really
needed.
+ ;; This should load one of these non-hazzard modes.
+ (ede-initialize-state-current-buffer)
+ (when (not (eq b (current-buffer)))
+ (error "Buffer changed during init!"))
+
+ (unless ede-object-root-project
+ (error "Safe project was not loaded!"))
+ )
+
+ (when (oref fle :has-config)
+ ;; In both cases (hazzard and non-hazzard projects) the project should
+ ;; be loaded now. Next, we need to force the configuration to get
+ ;; loaded from disk
+
+ (let ((config (ede-config-get-configuration ede-object-root-project)))
+
+ ;; Make sure there is a config
+ (when (not config)
+ (error "No configuration for project %S"
+ (eieio-object-name ede-object-root-project)))
+
+ ;; Make sure the config was automatically ignored.
+ (unless (and (oref config ignored-file)
+ (eq (oref config ignored-file) 'auto))
+ (error "Configuration was not auto-ignored."))
+
+ ;; Force loading a project, but say no.
+ (setq ede-check-project-query-fcn 'ede-security-question-no)
+ (project-rescan ede-object-root-project)
+ (setq config (ede-config-get-configuration ede-object-root-project))
+
+ ;; Make sure there is a config
+ (when (not config)
+ (error "No configuration (part 2) for project %S"
+ (eieio-object-name ede-object-root-project)))
+
+ ;; Make sure the config was manually ignored via our NO fcn.
+ (unless (and (oref config ignored-file)
+ (eq (oref config ignored-file) 'manual))
+ (error "Configuration was not manually-ignored."))
+
+
+ ;; Now agree to load the config.
+ (setq ede-check-project-query-fcn 'ede-security-question-yes)
+ (project-rescan ede-object-root-project)
+ (setq config (ede-config-get-configuration ede-object-root-project))
+
+ ;; Make sure there is a config
+ (when (not config)
+ (error "No configuration (part 3) for project %S"
+ (eieio-object-name ede-object-root-project)))
+
+ ;; Make sure the config was manually ignored via our NO fcn.
+ (when (oref config ignored-file)
+ (error "Configuration was ignored instead of loaded."))
+
+ (unless (and (oref config c-preprocessor-table)
+ (string= "TEST" (car (car (oref config
c-preprocessor-table)))))
+ (error "Config claimed to be loaded, but stored setting was
ignored."))
+
+ ))
)
;; If it wasn't already in memory, whack it.
- [Emacs-diffs] scratch/merge-cedet-tests 4131d23 046/316: Fix typo in last commit., (continued)
- [Emacs-diffs] scratch/merge-cedet-tests 4131d23 046/316: Fix typo in last commit., Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 6a63635 090/316: ("ede-proj-project"): Add scripts/cit-test.sh, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests e20716d 097/316: ("Lisp"): Added cogre as an aux package., Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 68ea5e3 098/316: (Lisp): Use preload compiler., Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests b94f97e 101/316: (Lisp): Add cit-externaldb.el, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 30a0375 099/316: ("cit"): Add cit-dist.el, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 7f97008 102/316: (Lisp): Add cit-android.el, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 007464d 104/316: (cit/Lisp): Add cit-projvar.el, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests ded1e9b 109/316: EDE security tests, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests f91e2ce 114/316: New pretend system include for cpproot test., Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 3a7b458 110/316: Fixes for security tests,
Edward John Steere <=
- [Emacs-diffs] scratch/merge-cedet-tests 302b4d7 107/316: eieio: Move to obsolete and use the one that ships with Emacs, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 0e41dab 116/316: Move tests in cedet/semantic, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 309ef34 124/316: Move tests in cedet/semantic, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 800b575 081/316: Move tests in cedet/semantic, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 702d44d 139/316: Fix how the target file name is created, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 8d32d3a 160/316: Fix parsing of default values and display them in default formatter, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests a4e395c 156/316: Add a final call to ede list sanity check, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 9ec7a1b 161/316: Move tests in cedet/semantic, Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests 0927d4a 180/316: (cedet-integ-test-Make, cedet-integ-test-Automake, cedet-integ-test-GNUStep): New (cedet-integ-test-proj): Take a make-type argumemt. Misc tests needed on new argument. Change how ede creates projects based on make-type. Remove spaces from the project name. (cit-finish-message): Ending message now includes the make type., Edward John Steere, 2017/01/27
- [Emacs-diffs] scratch/merge-cedet-tests b804ecf 166/316: Move tests in cedet/semantic, Edward John Steere, 2017/01/27