tcell_agent 0.2.29 → 0.4.0

data/spec/lib/tcell_agent/cmdi_spec.rb

@@ -0,0 +1,748 @@
+require 'spec_helper'
+
+module TCellAgent
+
+  module Cmdi
+    describe ".parse_command" do
+      context "with env" do
+        before(:each) do
+          @env = {"TCELL_VAR" => "enabled"}
+        end
+
+        context "with string command" do
+          it "should parse the command properly" do
+            cmd = TCellAgent::Cmdi.parse_command(@env, "echo")
+            expect(cmd).to eq("echo")
+
+            cmd = TCellAgent::Cmdi.parse_command(@env, "echo", :unsetenv_others => true)
+            expect(cmd).to eq("echo")
+          end
+        end
+
+        context "with string command and arguments" do
+          it "should parse the command" do
+            cmd = TCellAgent::Cmdi.parse_command(@env, "echo", "test", :unsetenv_others => true)
+            expect(cmd).to eq("echo test")
+
+            cmd = TCellAgent::Cmdi.parse_command(@env, "echo", "test", "one", :unsetenv_others => true)
+            expect(cmd).to eq("echo test one")
+
+            cmd = TCellAgent::Cmdi.parse_command(
+              @env,
+              "magick",
+              "-size",
+              "320x85",
+              "canvas:none",
+              "-font",
+              "Bookman-DemiItalic",
+              "-draw",
+              "\"text 25,60 \'Magick\'\"",
+              :unsetenv_others => true)
+            expect(cmd).to eq(
+              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
+            )
+          end
+        end
+
+        context "with array command" do
+          it "should parse the command properly" do
+            cmd = TCellAgent::Cmdi.parse_command(@env, ["echo", "argv0"], :unsetenv_others => true)
+            expect(cmd).to eq("echo")
+          end
+        end
+
+        context "with array command and arguments" do
+          it "should parse the command properly" do
+            cmd = TCellAgent::Cmdi.parse_command(@env, ["echo", "argv0"], "test", :unsetenv_others => true)
+            expect(cmd).to eq("echo test")
+
+            cmd = TCellAgent::Cmdi.parse_command(@env, ["echo", "argv0"], "test", "one", :unsetenv_others => true)
+            expect(cmd).to eq("echo test one")
+
+            cmd = TCellAgent::Cmdi.parse_command(
+              @env,
+              ["magick", "argv0"],
+              "-size",
+              "320x85",
+              "canvas:none",
+              "-font",
+              "Bookman-DemiItalic",
+              "-draw",
+              "\"text 25,60 \'Magick\'\"",
+              :unsetenv_others => true)
+            expect(cmd).to eq(
+              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
+            )
+          end
+        end
+      end
+
+      context "without env" do
+        context "with string command" do
+          it "should parse the command properly" do
+            cmd = TCellAgent::Cmdi.parse_command("echo")
+            expect(cmd).to eq("echo")
+
+            cmd = TCellAgent::Cmdi.parse_command("echo", :unsetenv_others => true)
+            expect(cmd).to eq("echo")
+          end
+        end
+
+        context "with string command and arguments" do
+          it "should parse the command" do
+            cmd = TCellAgent::Cmdi.parse_command("echo", "test", :unsetenv_others => true)
+            expect(cmd).to eq("echo test")
+
+            cmd = TCellAgent::Cmdi.parse_command("echo", "test", "one", :unsetenv_others => true)
+            expect(cmd).to eq("echo test one")
+
+            cmd = TCellAgent::Cmdi.parse_command(
+              "magick",
+              "-size",
+              "320x85",
+              "canvas:none",
+              "-font",
+              "Bookman-DemiItalic",
+              "-draw",
+              "\"text 25,60 \'Magick\'\"",
+              :unsetenv_others => true)
+            expect(cmd).to eq(
+              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
+            )
+          end
+        end
+
+        context "with array command" do
+          it "should parse the command properly" do
+            cmd = TCellAgent::Cmdi.parse_command(["echo", "argv0"], :unsetenv_others => true)
+            expect(cmd).to eq("echo")
+          end
+        end
+
+        context "with array command and arguments" do
+          it "should parse the command properly" do
+            cmd = TCellAgent::Cmdi.parse_command(["echo", "argv0"], "test", :unsetenv_others => true)
+            expect(cmd).to eq("echo test")
+
+            cmd = TCellAgent::Cmdi.parse_command(["echo", "argv0"], "test", "one", :unsetenv_others => true)
+            expect(cmd).to eq("echo test one")
+
+            cmd = TCellAgent::Cmdi.parse_command(
+              ["magick", "argv0"],
+              "-size",
+              "320x85",
+              "canvas:none",
+              "-font",
+              "Bookman-DemiItalic",
+              "-draw",
+              "\"text 25,60 \'Magick\'\"",
+              :unsetenv_others => true)
+            expect(cmd).to eq(
+              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
+            )
+          end
+        end
+      end
+    end
+  end
+
+  describe IO do
+    describe ".popen" do
+      context "empty command" do
+        it "should raise an error" do
+          expect {
+            IO.popen()
+          }.to raise_error(ArgumentError)
+          expect {
+            IO.popen(nil)
+          }.to raise_error(TypeError)
+          expect {
+            IO.popen("")
+          }.to raise_error(Errno::ENOENT)
+        end
+      end
+
+      context "non existent command" do
+        it "should return nil" do
+          expect {
+            IO.popen("foobar")
+          }.to raise_error(Errno::ENOENT)
+        end
+      end
+
+      context "with a valid command" do
+        it "should execute command" do
+          expect(IO.popen("echo test").read.chomp).to eq("test")
+        end
+      end
+
+      context "with a non blocked command present" do
+        context "with no command injection" do
+          it "should execute the command" do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(nil)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:enabled)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:block?)
+
+            IO.popen("echo test")
+          end
+        end
+
+        context "with command injection disabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            expect(command_injection_policy.enabled).to eq(false)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to_not receive(:block?)
+
+            IO.popen("echo test")
+          end
+        end
+
+        context "with command injection enabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(false)
+
+            IO.popen("echo test")
+          end
+        end
+      end
+
+      context "with a blocked command present" do
+        context "with command injection enabled" do
+          it "should raise a Errno::ENOENT" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(true)
+
+            expect {
+              IO.popen("echo test")
+            }.to raise_error(Errno::ENOENT)
+          end
+        end
+      end
+
+      context "with env" do
+        before(:each) do
+          @env = {"TCELL_VAR" => "enabled"}
+        end
+
+        context "with string command" do
+          it "should execute the command" do
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, "echo", "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, "echo", "w+", :unsetenv_others => true)
+          end
+        end
+
+        context "with string command and arguments" do
+          it "should parse the command" do
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, "echo test")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, "echo test", "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, "echo test", :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, "echo test", "w+", :unsetenv_others => true)
+          end
+        end
+
+        context "with array command" do
+          it "should parse the command properly" do
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, [["echo", "argv0"]], "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, [["echo", "argv0"]], :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, [["echo", "argv0"]], "w+", :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, ["echo"], "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, ["echo"], :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo")
+            IO.popen(@env, ["echo"], "w+", :unsetenv_others => true)
+          end
+        end
+
+        context "with array command and arguments" do
+          it "should parse the command properly" do
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, [["echo", "argv0"], "test"])
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, [["echo", "argv0"], "test"], "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, [["echo", "argv0"], "test"], :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, [["echo", "argv0"], "test"], "w+", :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, ["echo", "test"])
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, ["echo", "test"], "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, ["echo", "test"], :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, ["echo", "test"], "w+", :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen([@env, "echo", "test", :unsetenv_others => true], "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(@env, [@env, "echo", "test", :unsetenv_others => true], "w+", :err=>[:child, :out])
+          end
+        end
+      end
+
+      context "without env" do
+        context "with array command and arguments" do
+          it "should parse the command properly" do
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen([["echo", "argv0"], "test"])
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen([["echo", "argv0"], "test"], "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen([["echo", "argv0"], "test"], :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen([["echo", "argv0"], "test"], "w+", :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(["echo", "test"])
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(["echo", "test"], "w+")
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(["echo", "test"], :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with("echo test")
+            IO.popen(["echo", "test"], "w+", :unsetenv_others => true)
+
+            expect(TCellAgent::Cmdi).to receive(:block_command?).with(
+              "echo -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
+            )
+            IO.popen(
+              [["echo", "argv0"],
+              "-size",
+              "320x85",
+              "canvas:none",
+              "-font",
+              "Bookman-DemiItalic",
+              "-draw",
+              "\"text 25,60 \'Magick\'\""],
+              :unsetenv_others => true)
+          end
+        end
+      end
+    end
+  end
+
+  describe Kernel do
+
+    describe ".backtick" do
+      context "empty command" do
+        it "should raise Errno::ENOENT" do
+          expect {
+            ``
+          }.to raise_error(Errno::ENOENT)
+        end
+      end
+
+      context "with a non blocked command present" do
+        context "with no command injection" do
+          it "should execute the command" do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(nil)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:enabled)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:block?)
+
+            `echo test`
+          end
+        end
+
+        context "with command injection disabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            expect(command_injection_policy.enabled).to eq(false)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to_not receive(:block?)
+
+            `echo test`
+          end
+        end
+
+        context "with command injection enabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(false)
+
+            `echo test`
+          end
+        end
+      end
+
+      context "with a blocked command present" do
+        context "with command injection enabled" do
+          it "should raise a Errno::ENOENT" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(true)
+
+            expect {
+              `echo test`
+            }.to raise_error(Errno::ENOENT)
+          end
+        end
+      end
+    end
+
+    describe "%x methods" do
+      context "empty command" do
+        it "should raise Errno::ENOENT" do
+          expect {
+            %x{}
+          }.to raise_error(Errno::ENOENT)
+        end
+      end
+
+      context "with a non blocked command present" do
+        context "with no command injection" do
+          it "should execute the command" do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(nil)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:enabled)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:block?)
+
+            %x{echo test}
+          end
+        end
+
+        context "with command injection disabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            expect(command_injection_policy.enabled).to eq(false)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to_not receive(:block?)
+
+            %x{echo test}
+          end
+        end
+
+        context "with command injection enabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(false)
+
+            %x{echo test}
+          end
+        end
+      end
+
+      context "with a blocked command present" do
+        context "with command injection enabled" do
+          it "should raise a Errno::ENOENT" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(true)
+
+            expect {
+              %x{echo test}
+            }.to raise_error(Errno::ENOENT)
+          end
+        end
+      end
+    end
+
+    describe ".system" do
+      context "empty command" do
+        it "should raise an error" do
+          expect {
+            system()
+          }.to raise_error(ArgumentError)
+          expect {
+            system(nil)
+          }.to raise_error(TypeError)
+
+          expect(system("")).to be_nil
+        end
+      end
+
+      context "non existent command" do
+        it "should return nil" do
+          expect(system("foobar")).to be_nil
+        end
+      end
+
+      context "with a valid command" do
+        it "should execute command" do
+          pid = system("echo test > /dev/null 2>&1")
+          expect(pid).to eq(true)
+
+          pid = system(RbConfig.ruby, "-e'Hello World!'",  ">", "/dev/null", "2>&1")
+          expect(pid).to eq(true)
+        end
+      end
+
+      context "with a non blocked command present" do
+        context "with no command injection" do
+          it "should execute the command" do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(nil)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:enabled)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:block?)
+
+            system("echo test > /dev/null 2>&1")
+          end
+        end
+
+        context "with command injection disabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            expect(command_injection_policy.enabled).to eq(false)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to_not receive(:block?)
+
+            system("echo test > /dev/null 2>&1")
+          end
+        end
+
+        context "with command injection enabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test > /dev/null 2>&1", nil).and_return(false)
+
+            system("echo test > /dev/null 2>&1")
+          end
+        end
+      end
+
+      context "with a blocked command present" do
+        context "with command injection enabled" do
+          it "should raise a Errno::ENOENT" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(true)
+
+            expect {
+              system("echo test")
+            }.to raise_error(Errno::ENOENT)
+          end
+        end
+      end
+    end
+
+    describe ".spawn" do
+      context "empty command" do
+        it "should raise an error" do
+          expect {
+            spawn()
+          }.to raise_error(ArgumentError)
+          expect {
+            spawn(nil)
+          }.to raise_error(TypeError)
+          expect {
+            spawn("")
+          }.to raise_error(Errno::ENOENT)
+        end
+      end
+
+      context "non existent command" do
+        it "should raise error" do
+          expect {
+            spawn("foobar")
+          }.to raise_error(Errno::ENOENT)
+        end
+      end
+
+      context "with a valid command" do
+        it "should execute command" do
+          pid = spawn("echo test > /dev/null 2>&1")
+          expect(pid).to_not be_nil
+
+          pid = spawn(RbConfig.ruby, "-e'Hello World!'",  ">", "/dev/null", "2>&1")
+          expect(pid).to_not be_nil
+        end
+      end
+
+      context "with a non blocked command present" do
+        context "with no command injection" do
+          it "should execute the command" do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(nil)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:enabled)
+            expect_any_instance_of(TCellAgent::Policies::CommandInjectionPolicy).to_not receive(:block?)
+
+            spawn("echo test > /dev/null 2>&1")
+          end
+        end
+
+        context "with command injection disabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            expect(command_injection_policy.enabled).to eq(false)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to_not receive(:block?)
+
+            spawn("echo test > /dev/null 2>&1")
+          end
+        end
+
+        context "with command injection enabled" do
+          it "should execute the command" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test > /dev/null 2>&1", nil).and_return(false)
+
+            spawn("echo test > /dev/null 2>&1")
+          end
+        end
+      end
+
+      context "with a blocked command present" do
+        context "with command injection enabled" do
+          it "should raise a Errno::ENOENT" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(true)
+
+            expect {
+              spawn("echo test")
+            }.to raise_error(Errno::ENOENT)
+          end
+        end
+      end
+    end
+
+    describe ".exec" do
+      # can only test this case since exec replaces current process with new process
+      context "with a blocked command present" do
+        context "with command injection enabled" do
+          it "should raise a Errno::ENOENT" do
+            command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new
+            command_injection_policy.enabled = true
+            expect(command_injection_policy.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::CommandInjection
+            ).and_return(command_injection_policy)
+            expect(command_injection_policy).to receive(:enabled).and_call_original
+            expect(command_injection_policy).to receive(:block?).with("echo test", nil).and_return(true)
+
+            expect {
+              exec("echo test")
+            }.to raise_error(Errno::ENOENT)
+          end
+        end
+      end
+    end
+  end
+end