RubyGems - script_core - Versions diffs - 0.2.2 → 0.2.7 - Mend

script_core 0.2.2 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (376) hide show

data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2020 Red Hat <gscrivan@redhat.com>
+# Author: Giuseppe Scrivano <gscrivan@redhat.com>
+#
+test type: basic
+# Test command
+56-basic-iterate_syscalls

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c ADDED

@@ -0,0 +1,64 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <seccomp.h>
+#include "util.h"
+int main(int argc, char *argv[])
+{
+	int rc;
+	int fd;
+	scmp_filter_ctx ctx = NULL;
+	rc = seccomp_api_set(3);
+	if (rc != 0)
+		return EOPNOTSUPP;
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL) {
+		rc = ENOMEM;
+		goto out;
+	}
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_API_SYSRAWRC, 1);
+	if (rc != 0)
+		goto out;
+	/* we must use a closed/invalid fd for this to work */
+	fd = dup(2);
+	close(fd);
+	rc = seccomp_export_pfc(ctx, fd);
+	if (rc == -EBADF)
+		rc = 0;
+	else
+		rc = -1;
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py ADDED

@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+import argparse
+import sys
+import os
+import util
+from seccomp import *
+def test():
+    # this test really isn't conclusive, but considering how python does error
+    # handling it may be the best we can do
+    f = SyscallFilter(ALLOW)
+    dummy = open("/dev/null", "w")
+    os.close(dummy.fileno())
+    try:
+        f = f.export_pfc(dummy)
+    except RuntimeError:
+        pass
+test()
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;

data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2020 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+test type: basic
+# Test command
+57-basic-rawsysrc

data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c ADDED

@@ -0,0 +1,116 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <seccomp.h>
+#include <signal.h>
+#include <syscall.h>
+#include <errno.h>
+#include <stdlib.h>
+#include "util.h"
+#define MAGIC 0x1122334455667788UL
+int main(int argc, char *argv[])
+{
+	int rc, fd = -1, status;
+	struct seccomp_notif *req = NULL;
+	struct seccomp_notif_resp *resp = NULL;
+	scmp_filter_ctx ctx = NULL;
+	pid_t pid = 0;
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL)
+		return ENOMEM;
+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
+	if (rc)
+		goto out;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_NOTIFY, SCMP_SYS(getpid), 0, NULL);
+	if (rc)
+		goto out;
+	rc  = seccomp_load(ctx);
+	if (rc < 0)
+		goto out;
+	rc = seccomp_notify_fd(ctx);
+	if (rc < 0)
+		goto out;
+	fd = rc;
+	pid = fork();
+	if (pid == 0)
+		exit(syscall(SCMP_SYS(getpid)) != MAGIC);
+	rc = seccomp_notify_alloc(&req, &resp);
+	if (rc)
+		goto out;
+	rc = seccomp_notify_receive(fd, req);
+	if (rc)
+		goto out;
+	if (req->data.nr != SCMP_SYS(getpid)) {
+		rc = -EFAULT;
+		goto out;
+	}
+	rc = seccomp_notify_id_valid(fd, req->id);
+	if (rc)
+		goto out;
+	resp->id = req->id;
+	resp->val = MAGIC;
+	resp->error = 0;
+	resp->flags = 0;
+	rc = seccomp_notify_respond(fd, resp);
+	if (rc)
+		goto out;
+	if (waitpid(pid, &status, 0) != pid) {
+		rc = -EFAULT;
+		goto out;
+	}
+	if (!WIFEXITED(status)) {
+		rc = -EFAULT;
+		goto out;
+	}
+	if (WEXITSTATUS(status)) {
+		rc = -EFAULT;
+		goto out;
+	}
+out:
+	if (fd >= 0)
+		close(fd);
+	if (pid)
+		kill(pid, SIGKILL);
+	seccomp_notify_free(req, resp);
+	seccomp_release(ctx);
+	if (rc != 0)
+		return (rc < 0 ? -rc : rc);
+	return 160;
+}

data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py ADDED

@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+import argparse
+import os
+import signal
+import sys
+import util
+from seccomp import *
+def test():
+    magic = os.getuid() + 1
+    f = SyscallFilter(ALLOW)
+    f.set_attr(Attr.CTL_TSYNC, 1)
+    f.add_rule(NOTIFY, "getuid")
+    f.load()
+    pid = os.fork()
+    if pid == 0:
+        val = os.getuid()
+        if val != magic:
+            raise RuntimeError("Response return value failed")
+            quit(1)
+        quit(0)
+    else:
+        notify = f.receive_notify()
+        if notify.syscall != resolve_syscall(Arch(), "getuid"):
+            raise RuntimeError("Notification failed")
+        f.respond_notify(NotificationResponse(notify, magic, 0, 0))
+        wpid, rc = os.waitpid(pid, 0)
+        if os.WIFEXITED(rc) == 0:
+            raise RuntimeError("Child process error")
+        if os.WEXITSTATUS(rc) != 0:
+            raise RuntimeError("Child process error")
+        quit(160)
+test()
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;

data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests ADDED

@@ -0,0 +1,11 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+test type: live
+# Testname		API	Result
+58-live-tsync_notify	6	ALLOW

data/ext/enterprise_script_service/libseccomp/tests/Makefile.am CHANGED

@@ -57,7 +57,7 @@ check_PROGRAMS = \
 	15-basic-resolver \
 	16-sim-arch_basic \
 	17-sim-arch_merge \
-	18-sim-basic_whitelist \
+	18-sim-basic_allowlist \
 	19-sim-missing_syscalls \
 	20-live-basic_die \
 	21-live-basic_allow \
@@ -73,7 +73,7 @@ check_PROGRAMS = \
 	31-basic-version_check \
 	32-live-tsync_allow \
 	33-sim-socket_syscalls_be \
-	34-sim-basic_blacklist \
+	34-sim-basic_denylist \
 	35-sim-negative_one \
 	36-sim-ipc_syscalls \
 	37-sim-ipc_syscalls_be \
@@ -89,7 +89,15 @@ check_PROGRAMS = \
 	47-live-kill_process \
 	48-sim-32b_args \
 	49-sim-64b_comparisons \
-	50-sim-hash_collision
+	50-sim-hash_collision \
+	51-live-user_notification \
+	52-basic-load \
+	53-sim-binary_tree \
+	54-live-binary_tree \
+	55-basic-pfc_binary_tree \
+	56-basic-iterate_syscalls \
+	57-basic-rawsysrc \
+	58-live-tsync_notify
 EXTRA_DIST_TESTPYTHON = \
 	util.py \
@@ -110,7 +118,7 @@ EXTRA_DIST_TESTPYTHON = \
 	15-basic-resolver.py \
 	16-sim-arch_basic.py \
 	17-sim-arch_merge.py \
-	18-sim-basic_whitelist.py \
+	18-sim-basic_allowlist.py \
 	19-sim-missing_syscalls.py \
 	20-live-basic_die.py \
 	21-live-basic_allow.py \
@@ -126,7 +134,7 @@ EXTRA_DIST_TESTPYTHON = \
 	31-basic-version_check.py \
 	32-live-tsync_allow.py \
 	33-sim-socket_syscalls_be.py \
-	34-sim-basic_blacklist.py \
+	34-sim-basic_denylist.py \
 	35-sim-negative_one.py \
 	36-sim-ipc_syscalls.py \
 	37-sim-ipc_syscalls_be.py \
@@ -141,7 +149,14 @@ EXTRA_DIST_TESTPYTHON = \
 	47-live-kill_process.py \
 	48-sim-32b_args.py \
 	49-sim-64b_comparisons.py \
-	50-sim-hash_collision.py
+	50-sim-hash_collision.py \
+	51-live-user_notification.py \
+	52-basic-load.py \
+	53-sim-binary_tree.py \
+	54-live-binary_tree.py \
+	56-basic-iterate_syscalls.py \
+	57-basic-rawsysrc.py \
+	58-live-tsync_notify.py
 EXTRA_DIST_TESTCFGS = \
 	01-sim-allow.tests \
@@ -161,7 +176,7 @@ EXTRA_DIST_TESTCFGS = \
 	15-basic-resolver.tests \
 	16-sim-arch_basic.tests \
 	17-sim-arch_merge.tests \
-	18-sim-basic_whitelist.tests \
+	18-sim-basic_allowlist.tests \
 	19-sim-missing_syscalls.tests \
 	20-live-basic_die.tests \
 	21-live-basic_allow.tests \
@@ -177,7 +192,7 @@ EXTRA_DIST_TESTCFGS = \
 	31-basic-version_check.tests \
 	32-live-tsync_allow.tests \
 	33-sim-socket_syscalls_be.tests \
-	34-sim-basic_blacklist.tests \
+	34-sim-basic_denylist.tests \
 	35-sim-negative_one.tests \
 	36-sim-ipc_syscalls.tests \
 	37-sim-ipc_syscalls_be.tests \
@@ -193,10 +208,19 @@ EXTRA_DIST_TESTCFGS = \
 	47-live-kill_process.tests \
 	48-sim-32b_args.tests \
 	49-sim-64b_comparisons.tests \
-	50-sim-hash_collision.tests
+	50-sim-hash_collision.tests \
+	51-live-user_notification.tests \
+	52-basic-load.tests \
+	53-sim-binary_tree.tests \
+	54-live-binary_tree.tests \
+	55-basic-pfc_binary_tree.tests \
+	56-basic-iterate_syscalls.tests \
+	57-basic-rawsysrc.tests \
+	58-live-tsync_notify.tests
 EXTRA_DIST_TESTSCRIPTS = \
-	38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc
+	38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc \
+	55-basic-pfc_binary_tree.sh 55-basic-pfc_binary_tree.pfc
 EXTRA_DIST_TESTTOOLS = regression testdiff testgen

data/ext/enterprise_script_service/libseccomp/tests/regression CHANGED

@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \
 	x86 x86_64 x32 \
 	arm aarch64 \
 	mipsel mipsel64 mipsel64n32 \
-	ppc64le"
+	ppc64le \
+	riscv64"
 GLBL_ARCH_BE_SUPPORT=" \
 	mips mips64 mips64n32 \
 	parisc parisc64 \
@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \
 	mips64 \
 	parisc64 \
 	ppc64 \
+	riscv64 \
 	s390x"
 GLBL_SYS_ARCH="../tools/scmp_arch_detect"
@@ -94,6 +96,7 @@ libseccomp regression test automation script
 optional arguments:
   -h             show this help message and exit
   -m MODE        specified the test mode [c (default), python]
+                  can also be set via LIBSECCOMP_TSTCFG_MODE_LIST env variable
   -a             specifies all tests are to be run
   -b BATCH_NAME  specifies batch of tests to be run
   -l [LOG]       specifies log file to write test results to
@@ -269,7 +272,8 @@ function generate_random_data() {
 	else
 		rcount=$[ ($RANDOM % 8) + 1 ]
 	fi
-	rdata=$(echo $(</dev/urandom tr -dc A-Za-z0-9 | head -c"$rcount"))
+	rdata=$(dd if=/dev/urandom bs=64 count=1 status=none | \
+		md5sum | awk '{ print $1 }' | head -c"$rcount")
 	echo "$rdata"
 }
@@ -776,7 +780,7 @@ function run_test_live() {
 	# setup the arch specific return values
 	case "$arch" in
-	x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
+	x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64)
 		rc_kill_process=159
 		rc_kill=159
 		rc_allow=160
@@ -1025,6 +1029,9 @@ while getopts "ab:gl:m:s:t:T:vh" opt; do
 	esac
 done
+# use mode list from environment if provided
+[[ -z $mode_list && -n $LIBSECCOMP_TSTCFG_MODE_LIST ]] && mode_list=$LIBSECCOMP_TSTCFG_MODE_LIST
 # determine the mode test automatically
 if [[ -z $mode_list ]]; then
 	# always perform the native c tests