test_orbit.lua (3616B)
1 -- Test file for OrbitManager 2 3 local OrbitManager = require("OrbitManager") 4 5 print("=== OrbitManager Test Suite ===\n") 6 7 -- Create a sandboxed environment 8 local sandbox = { 9 io = { 10 open = function(path, mode) 11 print("REAL io.open called with:", path, mode) 12 return "file_handle_mock" 13 end, 14 }, 15 os = { 16 clock = function() 17 print("REAL os.clock called") 18 return 12345.67 19 end, 20 execute = function(cmd) 21 print("REAL os.execute called with:", cmd) 22 return true 23 end, 24 } 25 } 26 27 -- Create OrbitManager instance 28 print("1. Creating OrbitManager instance...") 29 local orbit = OrbitManager.new(sandbox, "perms.lua") 30 print(" ✓ OrbitManager created\n") 31 32 -- Test 1: Try to access protected properties (should fail) 33 print("2. Testing metatable protection...") 34 local success, err = pcall(function() 35 local x = orbit.map 36 end) 37 if not success then 38 print(" ✓ Direct access to orbit.map blocked:", err) 39 else 40 print(" ✗ FAILED: Should not be able to access orbit.map") 41 end 42 43 success, err = pcall(function() 44 orbit.perms = {} 45 end) 46 if not success then 47 print(" ✓ Direct write to orbit.perms blocked:", err) 48 else 49 print(" ✗ FAILED: Should not be able to modify orbit.perms") 50 end 51 print() 52 53 -- Test 2: Try to call functions without permissions (should fail) 54 print("3. Testing function calls without permissions...") 55 success, err = pcall(function() 56 sandbox.io.open("/tmp/test.txt", "r") 57 end) 58 if not success then 59 print(" ✓ Blocked io.open:", err) 60 else 61 print(" ✗ FAILED: Should have blocked io.open") 62 end 63 print() 64 65 -- Test 3: Grant permissions and test canRun 66 print("4. Testing canRun method...") 67 local canRun, reason = orbit:canRun("io.open", "/tmp/test.txt") 68 print(" canRun('io.open', '/tmp/test.txt'):", canRun, reason) 69 70 print(" Granting perms.fs permission...") 71 orbit:grantPermission("perms.fs") 72 73 canRun, reason = orbit:canRun("io.open", "/tmp/test.txt") 74 print(" canRun('io.open', '/tmp/test.txt'):", canRun, reason) 75 76 canRun, reason = orbit:canRun("io.open", "/etc/passwd") 77 print(" canRun('io.open', '/etc/passwd'):", canRun, reason) 78 print() 79 80 -- Test 4: Call functions with permissions (should succeed for allowed paths) 81 print("5. Testing function calls with permissions...") 82 success, err = pcall(function() 83 local result = sandbox.io.open("/tmp/test.txt", "r") 84 print(" ✓ io.open succeeded, returned:", result) 85 end) 86 if not success then 87 print(" ✗ FAILED:", err) 88 end 89 90 success, err = pcall(function() 91 sandbox.io.open("/etc/passwd", "r") 92 end) 93 if not success then 94 print(" ✓ Blocked access to non-allowed path:", err) 95 else 96 print(" ✗ FAILED: Should have blocked /etc/passwd") 97 end 98 print() 99 100 -- Test 5: Test OS permissions 101 print("6. Testing OS permissions...") 102 success, err = pcall(function() 103 sandbox.os.execute("ls") 104 end) 105 if not success then 106 print(" ✓ Blocked os.execute without perms.os:", err) 107 else 108 print(" ✗ FAILED: Should have blocked os.execute") 109 end 110 111 orbit:grantPermission("perms.os") 112 success, err = pcall(function() 113 sandbox.os.execute("ls") 114 print(" ✓ os.execute succeeded with perms.os granted") 115 end) 116 if not success then 117 print(" ✗ FAILED:", err) 118 end 119 print() 120 121 -- Test 6: Test adding allowed paths dynamically 122 print("7. Testing dynamic path management...") 123 orbit:addAllowedPath("/var/log/*") 124 canRun, reason = orbit:canRun("io.open", "/var/log/system.log") 125 print(" After adding /var/log/* - canRun('/var/log/system.log'):", canRun, reason) 126 print() 127 128 print("=== All Tests Complete ===")