From 23a0d9ffb1cbef6020bd2ba8ce462443e6176f45 Mon Sep 17 00:00:00 2001 From: Jillian Vogel Date: Mon, 6 Dec 2021 12:06:25 +1030 Subject: [PATCH] test: fixes safe_exec test TestSafeOrNot so that both tests succeed on local devstack and in CI. --- .../capa/safe_exec/tests/test_safe_exec.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/common/lib/capa/capa/safe_exec/tests/test_safe_exec.py b/common/lib/capa/capa/safe_exec/tests/test_safe_exec.py index 68db41feec..ea0b9ea67e 100644 --- a/common/lib/capa/capa/safe_exec/tests/test_safe_exec.py +++ b/common/lib/capa/capa/safe_exec/tests/test_safe_exec.py @@ -82,20 +82,29 @@ class TestSafeExec(unittest.TestCase): # lint-amnesty, pylint: disable=missing- class TestSafeOrNot(unittest.TestCase): # lint-amnesty, pylint: disable=missing-class-docstring def test_cant_do_something_forbidden(self): + ''' + Demonstrates that running unsafe code inside the code jail + throws SafeExecException, protecting the calling process. + ''' # Can't test for forbiddenness if CodeJail isn't configured for python. if not jail_code.is_configured("python"): pytest.skip() g = {} with pytest.raises(SafeExecException) as cm: - safe_exec("import os; files = os.listdir('/')", g) - assert "OSError" in text_type(cm.exception) - assert "Permission denied" in text_type(cm.exception) + safe_exec('import sys; sys.exit(1)', g) + assert "SystemExit" not in text_type(cm) + assert "Couldn't execute jailed code" in text_type(cm) def test_can_do_something_forbidden_if_run_unsafely(self): + ''' + Demonstrates that running unsafe code outside the code jail + can cause issues directly in the calling process. + ''' g = {} - safe_exec("import os; files = os.listdir('/')", g, unsafely=True) - assert g['files'] == os.listdir('/') + with pytest.raises(SystemExit) as cm: + safe_exec('import sys; sys.exit(1)', g, unsafely=True) + assert "SystemExit" in text_type(cm) class TestLimitConfiguration(unittest.TestCase):