tcell_agent 2.0.0 → 2.5.0

data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb

@@ -1,6 +1,9 @@
+# rubocop:disable Style/HashSyntax
+
 require 'spec_helper'
 require 'securerandom'
 
+FILE_CONTENTS = "This is line one.\nThis is line two.\n".freeze
 describe 'IO' do
   before do
     native_agent = double('native_agent')
@@ -17,8 +20,9 @@ describe 'IO' do
     @file_contents = "This is line one.\nThis is line two.\n"
     @file_length = @file_contents.length
 
-    @new_file_name = '/tmp/' + SecureRandom.uuid
+    @new_file_name = NEW_FILE_NAME
     @new_file_contents_offset = "This OFFSETe one.\nThis is line two.\n"
+    @new_file_contents_offset_bytes = "\x00\x00\x00\x00\x00OFFSET"
   end
 
   describe '.binread' do
@@ -42,6 +46,7 @@ describe 'IO' do
             TCellAgent::PolicyTypes::LFI
           ).and_return(@local_files_policy)
           expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
         end
       end
 
@@ -49,23 +54,20 @@ describe 'IO' do
         result = IO.binread('|echo test')
         expect(result).to eq "test\n"
       end
-      context 'with a filename' do
-        it 'should still be able to read file' do
-          result = IO.binread(@filename)
-          expect(result).to eq @file_contents
-        end
+
+      it 'should read the file normally' do
+        result = IO.binread(@filename)
+        expect(result).to eq @file_contents
       end
-      context 'with a filename and a length of 20' do
-        it 'should read 20 bytes of the file' do
-          result = IO.binread(@filename, 20)
-          expect(result).to eq @file_contents[0..19]
-        end
+
+      it 'should read 20 bytes of the file' do
+        result = IO.binread(@filename, 20)
+        expect(result).to eq @file_contents[0..19]
       end
-      context 'with a filename and a length of 20 and an offset of 5' do
-        it 'should read 20 bytes starting from the 5th byte' do
-          result = IO.binread(@filename, 20, 5)
-          expect(result).to eq @file_contents[5..24]
-        end
+
+      it 'should read 20 bytes starting from the 5th byte' do
+        result = IO.binread(@filename, 20, 5)
+        expect(result).to eq @file_contents[5..24]
       end
     end
     context 'with a file blocked for read/write' do
@@ -75,33 +77,31 @@ describe 'IO' do
             TCellAgent::PolicyTypes::LFI
           ).and_return(@local_files_policy)
           expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
         end
       end
 
-      it 'should still be able to execute OS commands', :skip_before do
+      it 'should execute shell commands', :skip_before do
         result = IO.binread('|echo test')
         expect(result).to eq "test\n"
       end
-      context 'with a filename' do
-        it 'should not be able to read the file' do
-          expect do
-            IO.binread(@filename)
-          end.to raise_error(IOError)
-        end
+
+      it 'should receive an IOError' do
+        expect do
+          IO.binread(@filename)
+        end.to raise_error(IOError)
       end
-      context 'with a filename and a length of 20' do
-        it 'should not be able to read the file' do
-          expect do
-            IO.binread(@filename, 20)
-          end.to raise_error(IOError)
-        end
+
+      it 'should receive an IOError' do
+        expect do
+          IO.binread(@filename, 20)
+        end.to raise_error(IOError)
       end
-      context 'with a filename and a length of 20 and an offset of 5' do
-        it 'should not be able to read the file' do
-          expect do
-            IO.binread(@filename, 20, 5)
-          end.to raise_error(IOError)
-        end
+
+      it 'should receive an IOError' do
+        expect do
+          IO.binread(@filename, 20, 5)
+        end.to raise_error(IOError)
       end
     end
   end
@@ -120,6 +120,7 @@ describe 'IO' do
         end.to raise_error(ArgumentError)
       end
     end
+
     context 'with a file not blocked for read/write' do
       before do
         expect(TCellAgent).to receive(:policy).with(
@@ -128,28 +129,36 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
       end
 
-      context 'with a nonexistent filename and string' do
+      after(:each) do
+        File.delete(@new_file_name)
+      end
+
+      context 'with a non-existent file' do
         it 'should create the file' do
           IO.binwrite(@new_file_name, '')
           expect(File.exist?(@new_file_name)).to be_truthy
-          File.delete(@new_file_name)
         end
+
         it 'should write to the file' do
           expect(IO.binwrite(@new_file_name, @file_contents)).to eq @file_length
-          File.delete(@new_file_name)
         end
-      end
-      context 'with a nonexistent filename and string and offset' do
-        it 'should write to the file at the offset value 5' do
-          expect(TCellAgent).to receive(:policy).with(
-            TCellAgent::PolicyTypes::LFI
-          ).and_return(@local_files_policy, @local_files_policy)
-          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
 
-          IO.binwrite(@new_file_name, @file_contents)
-          IO.binwrite(@new_file_name, 'OFFSET', 5)
-          expect(IO.binread(@new_file_name)).to eq @new_file_contents_offset
-          File.delete(@new_file_name)
+        context 'using offset, perm' do
+          after :each do
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('444')
+
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::LFI
+            ).and_return(@local_files_policy)
+            expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+            expect(File.open(@new_file_name).read).to eq @new_file_contents_offset_bytes
+          end
+
+          test_ruby2_ruby3_keywords(IO,
+                                    'binwrite',
+                                    [NEW_FILE_NAME, 'OFFSET', 5],
+                                    { perm: 0o444 },
+                                    6)
         end
       end
     end
@@ -161,19 +170,10 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
       end
 
-      context 'with a nonexistent filename and a string' do
-        it 'should not be able to write to the file' do
-          expect do
-            IO.binwrite(@new_file_name, @file_contents)
-          end.to raise_error(IOError)
-        end
-      end
-      context 'with a nonexistent filename and a string and an offset' do
-        it 'should not be able to write to the file' do
-          expect do
-            IO.binwrite(@new_file_name, @file_contents)
-          end.to raise_error(IOError)
-        end
+      it 'should not be able to create and write to a file' do
+        expect do
+          IO.binwrite(@new_file_name, @file_contents)
+        end.to raise_error(IOError)
       end
     end
   end
@@ -194,20 +194,18 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
       end
 
-      context 'with a filename' do
-        it 'should be able to read the file' do
-          result = ''
-          IO.foreach(@filename) { |line| result << line }
-          expect(result).to eq @file_contents
-        end
+      it 'should be able to read the file' do
+        result = ''
+        IO.foreach(@filename) { |line| result << line }
+        expect(result).to eq @file_contents
       end
-      context 'with a filename and a limit 16' do
-        it 'should split each line to a max length of 16' do
-          result = ''
-          IO.foreach(@filename, 16) { |line| result << line }
-          expect(result).to eq @file_contents
-        end
+
+      it 'should split each line to a max length of 16' do
+        result = ''
+        IO.foreach(@filename, 16) { |line| result << line }
+        expect(result).to eq @file_contents
       end
+
       context 'with a filename and sep' do
         # TODO: no documentation on how to use sep
       end
@@ -223,14 +221,18 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
       end
 
-      context 'with a filename' do
-        it 'should not be able to read the file' do
-          expect do
-            result = ''
-            IO.foreach(@filename) { |line| result << line }
-            expect(result).to eq @file_contents
-          end.to raise_error(IOError)
-        end
+      it 'returns an IOError' do
+        expect do
+          result = ''
+          IO.foreach(@filename) { |line| result << line }
+        end.to raise_error(IOError)
+      end
+
+      it 'returns an IOError if it is non-existent' do
+        expect do
+          result = ''
+          IO.foreach('/tmp/bad-file-name') { |line| result << line }
+        end.to raise_error(IOError)
       end
     end
   end
@@ -254,30 +256,26 @@ describe 'IO' do
           ).and_return(@local_files_policy)
 
           expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
         end
       end
 
-      it 'should still be able to execute OS commands', :skip_before do
+      it 'executes OS commands', :skip_before do
         result = IO.read('|echo test')
         expect(result).to eq "test\n"
       end
-      context 'with a filename' do
-        it 'should read the file' do
-          result = IO.read(@filename)
-          expect(result).to eq @file_contents
-        end
-      end
-      context 'with a filename and a length of 20' do
-        it 'should read 20 bytes of the file' do
-          result = IO.read(@filename, 20)
-          expect(result).to eq @file_contents[0..19]
-        end
+
+      it 'returns the file contents' do
+        result = IO.read(@filename)
+        expect(result).to eq @file_contents
       end
-      context 'with a filename and a length of 20 and an offset of 5' do
-        it 'should read 20 bytes starting from the 5th byte' do
-          result = IO.read(@filename, 20, 5)
-          expect(result).to eq @file_contents[5..24]
-        end
+
+      context 'using length, offset, mode' do
+        test_ruby2_ruby3_keywords(IO,
+                                  'read',
+                                  [get_test_resource_path('lfi_sample_file.txt'), 20, 5],
+                                  { mode: 'rb' },
+                                  FILE_CONTENTS[5..24])
       end
     end
     context 'with a file blocked for read/write' do
@@ -288,33 +286,28 @@ describe 'IO' do
           ).and_return(@local_files_policy)
 
           expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
         end
       end
 
-      it 'should still be able to execute OS commands', :skip_before do
+      it 'executes OS commands', :skip_before do
         result = IO.read('|echo test')
         expect(result).to eq "test\n"
       end
-      context 'with a filename' do
-        it 'should not be able to read the file' do
-          expect do
-            IO.read(@filename)
-          end.to raise_error(IOError)
-        end
+      it 'receeive an IOError' do
+        expect do
+          IO.read(@filename)
+        end.to raise_error(IOError)
       end
-      context 'with a filename and a length 20' do
-        it 'should not be able to read the file' do
-          expect do
-            IO.read(@filename, 20)
-          end.to raise_error(IOError)
-        end
+      it 'receeive an IOError' do
+        expect do
+          IO.read(@filename, 20)
+        end.to raise_error(IOError)
       end
-      context 'with a filename and a length and an offset 5' do
-        it 'should not be able to read the file' do
-          expect do
-            IO.read(@filename, 20, 5)
-          end.to raise_error(IOError)
-        end
+      it 'receeive an IOError' do
+        expect do
+          IO.read(@filename, 20, 5)
+        end.to raise_error(IOError)
       end
     end
   end
@@ -338,24 +331,34 @@ describe 'IO' do
           ).and_return(@local_files_policy)
 
           expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
         end
       end
 
-      context 'with a filename' do
-        it 'should read the file' do
-          result = IO.readlines(@filename)
-          expect(result[0] + result[1]).to eq @file_contents
-        end
+      it 'reads the file normally' do
+        result = IO.readlines(@filename)
+        expect(result[0] + result[1]).to eq @file_contents
       end
-      context 'with a filename and a limit 20' do
-        it 'should read 20 bytes of the file' do
+
+      context 'using limit, separator' do
+        it 'splits the file and splits it into 5 char chunks' do
           exp_result = ['This ', 'is li', 'ne on', "e.\n", 'This ', 'is li', 'ne tw', "o.\n"]
           result = IO.readlines(@filename, 5)
           expect(result).to eq exp_result
         end
-      end
-      context 'with a filename and a limit of 20 and sep' do
-        # TODO
+
+        it 'splits the file based on the sep and limit' do
+          exp_result = ['This ', 'is ', 'line ', "one.\n", 'This ', 'is ', 'line ', "two.\n"]
+          result = IO.readlines(@filename, ' ', 5)
+          expect(result).to eq exp_result
+        end
+
+        test_ruby2_ruby3_keywords(IO,
+                                  'readlines',
+                                  [get_test_resource_path('lfi_sample_file.txt'), ' ', 5],
+                                  { chomp: true },
+                                  ['This', 'is', 'line', "one.\n", 'This', 'is', 'line', "two.\n"],
+                                  '2.4.0')
       end
     end
     context 'with a file blocked for read/write' do
@@ -366,6 +369,7 @@ describe 'IO' do
           ).and_return(@local_files_policy)
 
           expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
         end
       end
 
@@ -373,12 +377,11 @@ describe 'IO' do
         result = IO.readlines('|echo test')[0]
         expect(result).to eq "test\n"
       end
-      context 'with a filename' do
-        it 'should not be able to read the file' do
-          expect do
-            IO.readlines(@filename)
-          end.to raise_error(IOError)
-        end
+
+      it 'should not be able to read the file' do
+        expect do
+          IO.readlines(@filename)
+        end.to raise_error(IOError)
       end
     end
   end
@@ -397,16 +400,7 @@ describe 'IO' do
         end.to raise_error(Errno::ENOENT)
       end
     end
-    context 'with a nonexistent file' do
-      context 'with mode r' do
-        it 'should raise an error' do
-        end
-      end
-      context 'with mode w' do
-        it 'should return an integer' do
-        end
-      end
-    end
+
     context 'with a file not blocked for read/write' do
       before do
         expect(TCellAgent).to receive(:policy).with(
@@ -415,27 +409,27 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
       end
 
-      context 'with a filename' do
-        it 'should return an integer' do
-          fd = IO.sysopen(@filename)
-          expect(fd).to be_a(Integer)
-        end
-        it 'should open the file for read' do
-          fd = IO.sysopen(@filename)
-          expect(IO.new(fd).read).to eq @file_contents
-        end
+      it 'returns an integer' do
+        fd = IO.sysopen(@filename)
+        expect(fd).to be_a(Integer)
       end
-      context 'with a filename and mode w' do
-        it 'should return an integer' do
-          fd = IO.sysopen(@new_file_name, 'w')
-          expect(fd).to be_a(Integer)
-        end
-        it 'should open the file for write' do
-          fd = IO.sysopen(@new_file_name, 'w')
-          file = IO.new(fd, 'w')
-          file.puts @file_contents
-          file.rewind
-        end
+      it 'opens the file for read' do
+        fd = IO.sysopen(@filename)
+        expect(IO.new(fd).read).to eq @file_contents
+      end
+      it 'uses the mode when set' do
+        fd = IO.sysopen(@new_file_name, 'w')
+        expect(fd).to be_a(Integer)
+
+        file = IO.new(fd, 'w')
+        file.puts @file_contents
+        file.rewind
+      end
+      it 'should open the file for write' do
+        fd = IO.sysopen(@new_file_name, 'w')
+        file = IO.new(fd, 'w')
+        file.puts @file_contents
+        file.rewind
       end
     end
     context 'with a file blocked for read/write' do
@@ -446,19 +440,16 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
       end
 
-      context 'with a filename' do
-        it 'should not be able to open the file for read' do
-          expect do
-            IO.sysopen(@filename)
-          end.to raise_error(IOError)
-        end
+      it 'should not be able to open the file for read' do
+        expect do
+          IO.sysopen(@filename)
+        end.to raise_error(IOError)
       end
-      context 'with a filename and mode' do
-        it 'should not be able to open the file for read' do
-          expect do
-            IO.sysopen(@filename, 'r')
-          end.to raise_error(IOError)
-        end
+
+      it 'should not be able to open the file for read' do
+        expect do
+          IO.sysopen(@filename, 'r')
+        end.to raise_error(IOError)
       end
     end
   end
@@ -485,48 +476,49 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
       end
 
-      context 'with a filename that doe not exist' do
-        it 'should create the file' do
-          IO.write(@new_file_name, @file_contents)
-          expect(File.exist?(@new_file_name)).to be_truthy
-          File.delete(@new_file_name)
-        end
-        it 'should write to the file' do
-          expect(TCellAgent).to receive(:policy).with(
-            TCellAgent::PolicyTypes::LFI
-          ).and_return(@local_files_policy)
-          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      after :each do
+        File.delete(@new_file_name)
+      end
+      it 'creates the file' do
+        IO.write(@new_file_name, @file_contents)
+        expect(File.exist?(@new_file_name)).to be_truthy
+      end
+      it 'writes to the file' do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
 
-          IO.write(@new_file_name, @file_contents)
-          expect(IO.read(@new_file_name)).to eq @file_contents
-          File.delete(@new_file_name)
-        end
+        IO.write(@new_file_name, @file_contents)
+        expect(File.open(@new_file_name).read).to eq @file_contents
       end
-      context 'with a filename that does exist' do
-        it 'should overwrite the file' do
-          expect(TCellAgent).to receive(:policy).with(
-            TCellAgent::PolicyTypes::LFI
-          ).and_return(@local_files_policy)
-          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
 
-          IO.write(@new_file_name, @file_contents)
-          expect(IO.read(@new_file_name)).to eq @file_contents
-          File.delete(@new_file_name)
-        end
+      it 'writes over the file' do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+
+        IO.write(@new_file_name, @file_contents)
+        expect(File.open(@new_file_name).read).to eq @file_contents
       end
-      context 'with a filename that does exist and an offset 5' do
-        it 'should overwrite the file starting at the offset value' do
+
+      context 'using offset, perm' do
+        after :each do
+          expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('444')
+
           expect(TCellAgent).to receive(:policy).with(
             TCellAgent::PolicyTypes::LFI
-          ).and_return(@local_files_policy, @local_files_policy)
-          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
-
-          exp_results = @file_contents.dup
-          exp_results[1..6] = 'OFFSET'
-          IO.write(@new_file_name, @file_contents)
-          IO.write(@new_file_name, 'OFFSET', 1)
-          expect(IO.read(@new_file_name)).to eq exp_results
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(File.open(@new_file_name).read).to eq @new_file_contents_offset_bytes
         end
+
+        test_ruby2_ruby3_keywords(IO,
+                                  'write',
+                                  [NEW_FILE_NAME, 'OFFSET', 5],
+                                  { perm: 0o444 },
+                                  6)
       end
     end
     context 'with a file blocked for read/write' do
@@ -537,20 +529,18 @@ describe 'IO' do
         expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
       end
 
-      context 'with a filename that does not exist' do
-        it 'should not be able to write to the file' do
-          expect do
-            IO.write(@new_file_name, '')
-          end.to raise_error(IOError)
-        end
+      it 'raises an IOError' do
+        expect do
+          IO.write(@new_file_name, '')
+        end.to raise_error(IOError)
       end
-      context 'with a filename that does exist' do
-        it 'should not be able to write to the file' do
-          expect do
-            IO.write(@filename, @file_contents)
-          end.to raise_error(IOError)
-        end
+      it 'should not be able to create and write to the file' do
+        expect do
+          IO.write(@filename, @file_contents)
+        end.to raise_error(IOError)
       end
     end
   end
 end
+
+# rubocop:enable Style/HashSyntax