diff options
Diffstat (limited to 'tests/safe.test')
-rw-r--r-- | tests/safe.test | 197 |
1 files changed, 92 insertions, 105 deletions
diff --git a/tests/safe.test b/tests/safe.test index a3def0a..fbcb2a1 100644 --- a/tests/safe.test +++ b/tests/safe.test @@ -10,13 +10,15 @@ # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. +package require Tcl 8.5 + if {[lsearch [namespace children] ::tcltest] == -1} { - package require tcltest + package require tcltest 2 namespace import -force ::tcltest::* } foreach i [interp slaves] { - interp delete $i + interp delete $i } set saveAutoPath $::auto_path @@ -33,7 +35,6 @@ test safe-1.1 {safe::interpConfigure syntax} { list [catch {safe::interpConfigure} msg] $msg; } {1 {no value given for parameter "slave" (use -help for full usage) : slave name () name of the slave}} - test safe-1.2 {safe::interpCreate syntax} { list [catch {safe::interpCreate -help} msg] $msg; } {1 {Usage information: @@ -47,15 +48,15 @@ test safe-1.2 {safe::interpCreate syntax} { -nestedLoadOk boolflag (false) allow nested loading -nested boolean (false) nested loading -deleteHook script () delete hook}} - test safe-1.3 {safe::interpInit syntax} { list [catch {safe::interpInit -noStatics} msg] $msg; } {1 {bad value "-noStatics" for parameter slave name () name of the slave}} -test safe-2.1 {creating interpreters, should have no aliases} { - interp aliases +test safe-2.1 {creating interpreters, should have no aliases} emptyTest { + # Disabled this test. It tests nothing sensible. [Bug 999612] + # interp aliases } "" test safe-2.2 {creating interpreters, should have no aliases} { catch {safe::interpDelete a} @@ -64,13 +65,13 @@ test safe-2.2 {creating interpreters, should have no aliases} { safe::interpDelete a set l } "" -test safe-2.3 {creating safe interpreters, should have no aliases} { +test safe-2.3 {creating safe interpreters, should have no unexpected aliases} { catch {safe::interpDelete a} interp create a -safe set l [a aliases] interp delete a - set l -} "" + lsort $l +} {::tcl::mathfunc::max ::tcl::mathfunc::min clock} test safe-3.1 {calling safe::interpInit is safe} { catch {safe::interpDelete a} @@ -86,7 +87,7 @@ test safe-3.2 {calling safe::interpCreate on trusted interp} { set l [lsort [a aliases]] safe::interpDelete a set l -} {encoding exit file load source} +} {::tcl::info::nameofexecutable clock encoding exit file glob load source} test safe-3.3 {calling safe::interpCreate on trusted interp} { catch {safe::interpDelete a} safe::interpCreate a @@ -114,25 +115,6 @@ test safe-4.2 {safe::interpDelete, indirectly} { a alias exit safe::interpDelete a a eval exit } "" -test safe-4.3 {safe::interpDelete, state array (not a public api)} { - catch {safe::interpDelete a} - namespace eval safe {set [InterpStateName a](foo) 33} - # not an error anymore to call it if interp is already - # deleted, to make trhings smooth if it's called twice... - catch {safe::interpDelete a} m1 - catch {namespace eval safe {set [InterpStateName a](foo)}} m2 - list $m1 $m2 -} "{}\ - {can't read \"[safe::InterpStateName a](foo)\": no such variable}" - - -test safe-4.4 {safe::interpDelete, state array, indirectly (not a public api)} { - catch {safe::interpDelete a} - safe::interpCreate a - namespace eval safe {set [InterpStateName a](foo) 33} - a eval exit - catch {namespace eval safe {set [InterpStateName a](foo)}} msg -} 1 test safe-4.5 {safe::interpDelete} { catch {safe::interpDelete a} @@ -158,43 +140,33 @@ test safe-5.1 {test auto-loading in safe interpreters} { } {0 -1} # test safe interps 'information leak' -proc SI {} { - global I - set I [interp create -safe]; -} -proc DI {} { - global I; - interp delete $I; +proc SafeEval {script} { + # Helper procedure that ensures the safe interp is cleaned up even if + # there is a failure in the script. + set SafeInterp [interp create -safe] + catch {$SafeInterp eval $script} msg opts + interp delete $SafeInterp + return -options $opts $msg } + test safe-6.1 {test safe interpreters knowledge of the world} { - SI; set r [lsort [$I eval {info globals}]]; DI; set r + lsort [SafeEval {info globals}] } {tcl_interactive tcl_patchLevel tcl_platform tcl_version} test safe-6.2 {test safe interpreters knowledge of the world} { - SI; set r [$I eval {info script}]; DI; set r + SafeEval {info script} } {} test safe-6.3 {test safe interpreters knowledge of the world} { - SI - set r [lsort [$I eval {array names tcl_platform}]] - DI + set r [lsort [SafeEval {array names tcl_platform}]] # If running a windows-debug shell, remove the "debug" element from r. - if {$tcl_platform(platform) == "windows" && \ - [lsearch $r "debug"] != -1} { + if {[testConstraint win] && ("debug" in $r)} { set r [lreplace $r 1 1] } set threaded [lsearch $r "threaded"] if {$threaded != -1} { set r [lreplace $r $threaded $threaded] } - set tip [lsearch $r "tip,268"] - if {$tip != -1} { - set r [lreplace $r $tip $tip] - } - set tip [lsearch $r "tip,280"] - if {$tip != -1} { - set r [lreplace $r $tip $tip] - } set r -} {byteOrder platform wordSize} +} {byteOrder platform pointerSize wordSize} # more test should be added to check that hostname, nameofexecutable, # aren't leaking infos, but they still do... @@ -211,8 +183,7 @@ test safe-7.1 {tests that everything works at high level} { safe::interpDelete $i set v } 1.0 - -test safe-7.2 {tests specific path and interpFind/AddToAccessPath} { +test safe-7.2 {tests specific path and interpFind/AddToAccessPath} -body { set i [safe::interpCreate -nostat -nested 1 -accessPath [list [info library]]]; # should not add anything (p0) set token1 [safe::interpAddToAccessPath $i [info library]] @@ -224,7 +195,7 @@ test safe-7.2 {tests specific path and interpFind/AddToAccessPath} { [catch {interp eval $i {package require http 1}} msg] $msg \ [safe::interpConfigure $i]\ [safe::interpDelete $i] -} "{\$p(:0:)} {\$p(:1:)} 1 {can't find package http 1} {-accessPath {[list $tcl_library /dummy/unixlike/test/path]} -statics 0 -nested 1 -deleteHook {}} {}" +} -match glob -result "{\$p(:0:)} {\$p(:*:)} 1 {can't find package http 1} {-accessPath {[list $tcl_library */dummy/unixlike/test/path]} -statics 0 -nested 1 -deleteHook {}} {}" # test source control on file name @@ -235,9 +206,7 @@ test safe-8.1 {safe source control on file} { list [catch {$i eval {source}} msg] \ $msg \ [safe::interpDelete $i] ; -} {1 {wrong # args: should be "source fileName"} {}} - -# test source control on file name +} {1 {wrong # args: should be "source ?-encoding E? fileName"} {}} test safe-8.2 {safe source control on file} { set i "a"; catch {safe::interpDelete $i} @@ -245,8 +214,7 @@ test safe-8.2 {safe source control on file} { list [catch {$i eval {source}} msg] \ $msg \ [safe::interpDelete $i] ; -} {1 {wrong # args: should be "source fileName"} {}} - +} {1 {wrong # args: should be "source ?-encoding E? fileName"} {}} test safe-8.3 {safe source control on file} { set i "a"; catch {safe::interpDelete $i} @@ -261,8 +229,6 @@ test safe-8.3 {safe source control on file} { [safe::setLogCmd $prevlog; unset log] \ [safe::interpDelete $i] ; } {1 {permission denied} {{ERROR for slave a : ".": is a directory}} {} {}} - - test safe-8.4 {safe source control on file} { set i "a"; catch {safe::interpDelete $i} @@ -277,8 +243,6 @@ test safe-8.4 {safe source control on file} { [safe::setLogCmd $prevlog; unset log] \ [safe::interpDelete $i] ; } {1 {permission denied} {{ERROR for slave a : "/abc/def": not in access_path}} {} {}} - - test safe-8.5 {safe source control on file} { # This tested filename == *.tcl or tclIndex, but that restriction # was removed in 8.4a4 - hobbs @@ -295,8 +259,6 @@ test safe-8.5 {safe source control on file} { [safe::setLogCmd $prevlog; unset log] \ [safe::interpDelete $i] ; } [list 1 {no such file or directory} [list "ERROR for slave a : [file join [info library] blah]:no such file or directory"] {} {}] - - test safe-8.6 {safe source control on file} { set i "a"; catch {safe::interpDelete $i} @@ -311,8 +273,6 @@ test safe-8.6 {safe source control on file} { [safe::setLogCmd $prevlog; unset log] \ [safe::interpDelete $i] ; } [list 1 {no such file or directory} [list "ERROR for slave a : [file join [info library] blah.tcl]:no such file or directory"] {} {}] - - test safe-8.7 {safe source control on file} { # This tested length of filename, but that restriction # was removed in 8.4a4 - hobbs @@ -330,7 +290,6 @@ test safe-8.7 {safe source control on file} { [safe::setLogCmd $prevlog; unset log] \ [safe::interpDelete $i] ; } [list 1 {no such file or directory} [list "ERROR for slave a : [file join [info library] xxxxxxxxxxx.tcl]:no such file or directory"] {} {}] - test safe-8.8 {safe source forbids -rsrc} { set i "a"; catch {safe::interpDelete $i} @@ -338,8 +297,18 @@ test safe-8.8 {safe source forbids -rsrc} { list [catch {$i eval {source -rsrc Init}} msg] \ $msg \ [safe::interpDelete $i] ; -} {1 {wrong # args: should be "source fileName"} {}} - +} {1 {wrong # args: should be "source ?-encoding E? fileName"} {}} +test safe-8.9 {safe source and return} -setup { + set returnScript [makeFile {return "ok"} return.tcl] + catch {safe::interpDelete $i} +} -body { + safe::interpCreate $i + set token [safe::interpAddToAccessPath $i [file dirname $returnScript]] + $i eval [list source $token/[file tail $returnScript]] +} -cleanup { + catch {safe::interpDelete $i} + removeFile $returnScript +} -result ok test safe-9.1 {safe interps' deleteHook} { set i "a"; @@ -355,7 +324,6 @@ test safe-9.1 {safe interps' deleteHook} { safe::interpCreate $i -deleteHook "testDelHook arg1 arg2"; list [interp eval $i exit] $res } {{} {arg1 arg2 a}} - test safe-9.2 {safe interps' error in deleteHook} { set i "a"; catch {safe::interpDelete $i} @@ -378,22 +346,18 @@ test safe-9.2 {safe interps' error in deleteHook} { $log \ [safe::setLogCmd $prevlog; unset log]; } {{} {arg1 arg2 a} {{NOTICE for slave a : About to delete} {ERROR for slave a : Delete hook error (being catched)} {NOTICE for slave a : Deleted}} {}} - - test safe-9.3 {dual specification of statics} { list [catch {safe::interpCreate -stat true -nostat} msg] $msg } {1 {conflicting values given for -statics and -noStatics}} - test safe-9.4 {dual specification of statics} { # no error shall occur safe::interpDelete [safe::interpCreate -stat false -nostat] } {} - test safe-9.5 {dual specification of nested} { list [catch {safe::interpCreate -nested 0 -nestedload} msg] $msg } {1 {conflicting values given for -nested and -nestedLoadOk}} -test safe-9.6 {interpConfigure widget like behaviour} { +test safe-9.6 {interpConfigure widget like behaviour} -body { # this test shall work, don't try to "fix it" unless # you *really* know what you are doing (ie you are me :p) -- dl list [set i [safe::interpCreate \ @@ -410,47 +374,40 @@ test safe-9.6 {interpConfigure widget like behaviour} { safe::interpConfigure $i]\ [safe::interpConfigure $i -deleteHook toto -nosta -nested 0; safe::interpConfigure $i] -} {{-accessPath /foo/bar -statics 0 -nested 1 -deleteHook {foo bar}} {-accessPath /foo/bar} {-nested 1} {-statics 0} {-deleteHook {foo bar}} {-accessPath /blah -statics 1 -nested 1 -deleteHook {foo bar}} {-accessPath /blah -statics 0 -nested 0 -deleteHook toto}} - +} -match glob -result {{-accessPath * -statics 0 -nested 1 -deleteHook {foo bar}} {-accessPath *} {-nested 1} {-statics 0} {-deleteHook {foo bar}} {-accessPath * -statics 1 -nested 1 -deleteHook {foo bar}} {-accessPath * -statics 0 -nested 0 -deleteHook toto}} # testing that nested and statics do what is advertised # (we use a static package : Tcltest) if {[catch {package require Tcltest} msg]} { - puts "This application hasn't been compiled with Tcltest" - puts "skipping remining safe test that relies on it." + testConstraint TcltestPackage 0 } else { - + testConstraint TcltestPackage 1 # we use the Tcltest package , which has no Safe_Init +} -test safe-10.1 {testing statics loading} { +test safe-10.1 {testing statics loading} TcltestPackage { set i [safe::interpCreate] list \ [catch {interp eval $i {load {} Tcltest}} msg] \ $msg \ [safe::interpDelete $i]; } {1 {can't use package in a safe interpreter: no Tcltest_SafeInit procedure} {}} - -test safe-10.2 {testing statics loading / -nostatics} { +test safe-10.2 {testing statics loading / -nostatics} TcltestPackage { set i [safe::interpCreate -nostatics] list \ [catch {interp eval $i {load {} Tcltest}} msg] \ $msg \ [safe::interpDelete $i]; } {1 {permission denied (static package)} {}} - - - -test safe-10.3 {testing nested statics loading / no nested by default} { +test safe-10.3 {testing nested statics loading / no nested by default} TcltestPackage { set i [safe::interpCreate] list \ [catch {interp eval $i {interp create x; load {} Tcltest x}} msg] \ $msg \ [safe::interpDelete $i]; } {1 {permission denied (nested load)} {}} - - -test safe-10.4 {testing nested statics loading / -nestedloadok} { +test safe-10.4 {testing nested statics loading / -nestedloadok} TcltestPackage { set i [safe::interpCreate -nestedloadok] list \ [catch {interp eval $i {interp create x; load {} Tcltest x}} msg] \ @@ -458,17 +415,13 @@ test safe-10.4 {testing nested statics loading / -nestedloadok} { [safe::interpDelete $i]; } {1 {can't use package in a safe interpreter: no Tcltest_SafeInit procedure} {}} - -} - test safe-11.1 {testing safe encoding} { set i [safe::interpCreate] list \ [catch {interp eval $i encoding} msg] \ $msg \ [safe::interpDelete $i]; -} {1 {wrong # args: should be "encoding option ?arg ...?"} {}} - +} {1 {wrong # args: should be "encoding option ..."} {}} test safe-11.2 {testing safe encoding} { set i [safe::interpCreate] list \ @@ -476,7 +429,6 @@ test safe-11.2 {testing safe encoding} { $msg \ [safe::interpDelete $i]; } {1 {wrong # args: should be "encoding system"} {}} - test safe-11.3 {testing safe encoding} { set i [safe::interpCreate] set result [catch { @@ -484,7 +436,6 @@ test safe-11.3 {testing safe encoding} { } msg] list $result $msg [safe::interpDelete $i] } {0 1 {}} - test safe-11.4 {testing safe encoding} { set i [safe::interpCreate] set result [catch { @@ -492,7 +443,6 @@ test safe-11.4 {testing safe encoding} { } msg] list $result $msg [safe::interpDelete $i] } {0 1 {}} - test safe-11.5 {testing safe encoding} { set i [safe::interpCreate] list \ @@ -500,8 +450,6 @@ test safe-11.5 {testing safe encoding} { $msg \ [safe::interpDelete $i]; } {0 foobar {}} - - test safe-11.6 {testing safe encoding} { set i [safe::interpCreate] list \ @@ -509,7 +457,6 @@ test safe-11.6 {testing safe encoding} { $msg \ [safe::interpDelete $i]; } {0 foobar {}} - test safe-11.7 {testing safe encoding} { set i [safe::interpCreate] list \ @@ -517,8 +464,6 @@ test safe-11.7 {testing safe encoding} { $msg \ [safe::interpDelete $i]; } {1 {wrong # args: should be "encoding convertfrom ?encoding? data"} {}} - - test safe-11.8 {testing safe encoding} { set i [safe::interpCreate] list \ @@ -527,6 +472,48 @@ test safe-11.8 {testing safe encoding} { [safe::interpDelete $i]; } {1 {wrong # args: should be "encoding convertto ?encoding? data"} {}} +test safe-12.1 {glob is restricted [Bug 2906841]} -setup { + set i [safe::interpCreate] +} -body { + $i eval glob ../* +} -returnCodes error -cleanup { + safe::interpDelete $i +} -result "permission denied" +test safe-12.2 {glob is restricted [Bug 2906841]} -setup { + set i [safe::interpCreate] +} -body { + $i eval glob -directory .. * +} -returnCodes error -cleanup { + safe::interpDelete $i +} -result "permission denied" +test safe-12.3 {glob is restricted [Bug 2906841]} -setup { + set i [safe::interpCreate] +} -body { + $i eval glob -join .. * +} -returnCodes error -cleanup { + safe::interpDelete $i +} -result "permission denied" +test safe-12.4 {glob is restricted [Bug 2906841]} -setup { + set i [safe::interpCreate] +} -body { + $i eval glob -nocomplain ../* +} -cleanup { + safe::interpDelete $i +} -result {} +test safe-12.5 {glob is restricted [Bug 2906841]} -setup { + set i [safe::interpCreate] +} -body { + $i eval glob -directory .. -nocomplain * +} -cleanup { + safe::interpDelete $i +} -result {} +test safe-12.6 {glob is restricted [Bug 2906841]} -setup { + set i [safe::interpCreate] +} -body { + $i eval glob -nocomplain -join .. * +} -cleanup { + safe::interpDelete $i +} -result {} set ::auto_path $saveAutoPath # cleanup |