test_orbit_manifest.lua (4997B)
1 -- Test file for OrbitManager.newFromManifest 2 3 local OrbitManager = require("OrbitManager") 4 5 print("=== OrbitManager.newFromManifest Test Suite ===\n") 6 7 -- Create a sandboxed environment 8 local sandbox = { 9 io = { 10 open = function(path, mode) 11 print("REAL io.open called with:", path, mode) 12 return "file_handle_mock" 13 end, 14 }, 15 os = { 16 clock = function() 17 print("REAL os.clock called") 18 return 12345.67 19 end, 20 execute = function(cmd) 21 print("REAL os.execute called with:", cmd) 22 return true 23 end, 24 } 25 } 26 27 -- Test manifest string 28 local manifestString = [[ 29 return { 30 name = "myapp"; 31 dev = "devname"; 32 perms = { 33 fs = true, 34 os = false, 35 network = true 36 }; 37 allowedPaths = { 38 "/tmp/*", 39 "/home/user/myapp/*" 40 }; 41 allowedDomains = { 42 "api.myapp.io", 43 "*.example.com" 44 } 45 } 46 ]] 47 48 -- Test 1: Create instance from manifest 49 print("1. Creating OrbitManager from manifest string...") 50 local orbit = OrbitManager.newFromManifest(sandbox, manifestString) 51 print(" ✓ OrbitManager created from manifest\n") 52 53 -- Test 2: Verify manifest metadata 54 print("2. Checking manifest metadata...") 55 local manifestData = orbit:getManifestData() 56 print(" App name:", manifestData.name) 57 print(" Developer:", manifestData.dev) 58 print(" ✓ Manifest metadata accessible\n") 59 60 -- Test 3: Test permissions were loaded correctly 61 print("3. Testing loaded permissions...") 62 local canRun, reason = orbit:canRun("io.open", "/tmp/test.txt") 63 print(" canRun('io.open', '/tmp/test.txt'):", canRun, reason) 64 65 canRun, reason = orbit:canRun("os.execute") 66 print(" canRun('os.execute'):", canRun, reason) 67 print() 68 69 -- Test 4: Test filesystem access with allowed path 70 print("4. Testing filesystem access with allowed paths...") 71 local success, err = pcall(function() 72 local result = sandbox.io.open("/tmp/test.txt", "r") 73 print(" ✓ io.open('/tmp/test.txt') succeeded, returned:", result) 74 end) 75 if not success then 76 print(" ✗ FAILED:", err) 77 end 78 79 success, err = pcall(function() 80 sandbox.io.open("/etc/passwd", "r") 81 end) 82 if not success then 83 print(" ✓ Blocked access to /etc/passwd:", err) 84 else 85 print(" ✗ FAILED: Should have blocked /etc/passwd") 86 end 87 print() 88 89 -- Test 5: Test path matching with wildcards 90 print("5. Testing wildcard path matching...") 91 canRun, reason = orbit:canRun("io.open", "/home/user/myapp/config.txt") 92 print(" canRun('io.open', '/home/user/myapp/config.txt'):", canRun, reason) 93 94 canRun, reason = orbit:canRun("io.open", "/home/user/other/file.txt") 95 print(" canRun('io.open', '/home/user/other/file.txt'):", canRun, reason) 96 print() 97 98 -- Test 6: Test OS permission (should be denied) 99 print("6. Testing OS permissions (should be denied)...") 100 success, err = pcall(function() 101 sandbox.os.execute("ls") 102 end) 103 if not success then 104 print(" ✓ Blocked os.execute (perms.os = false):", err) 105 else 106 print(" ✗ FAILED: Should have blocked os.execute") 107 end 108 print() 109 110 -- Test 7: Test metatable protection 111 print("7. Testing metatable protection...") 112 success, err = pcall(function() 113 local x = orbit.map 114 end) 115 if not success then 116 print(" ✓ Direct access to orbit.map blocked:", err) 117 else 118 print(" ✗ FAILED: Should not be able to access orbit.map") 119 end 120 121 success, err = pcall(function() 122 orbit.manifestData = {} 123 end) 124 if not success then 125 print(" ✓ Direct write to orbit.manifestData blocked:", err) 126 else 127 print(" ✗ FAILED: Should not be able to modify orbit.manifestData") 128 end 129 print() 130 131 -- Test 8: Test another manifest with different perms 132 print("8. Testing another manifest with different permissions...") 133 local manifest2 = [[ 134 return { 135 name = "systemtool"; 136 dev = "admin"; 137 perms = { 138 fs = false, 139 os = true 140 }; 141 allowedPaths = {}; 142 allowedDomains = {} 143 } 144 ]] 145 146 local orbit2 = OrbitManager.newFromManifest(nil, manifest2) 147 local data2 = orbit2:getManifestData() 148 print(" App name:", data2.name) 149 print(" Developer:", data2.dev) 150 151 canRun, reason = orbit2:canRun("os.clock") 152 print(" canRun('os.clock'):", canRun, reason) 153 154 canRun, reason = orbit2:canRun("io.open", "/tmp/test.txt") 155 print(" canRun('io.open', '/tmp/test.txt'):", canRun, reason) 156 print() 157 158 -- Test 9: Test invalid manifest handling 159 print("9. Testing invalid manifest handling...") 160 success, err = pcall(function() 161 local badOrbit = OrbitManager.newFromManifest(nil, "return 'not a table'") 162 end) 163 if not success then 164 print(" ✓ Rejected invalid manifest:", err) 165 else 166 print(" ✗ FAILED: Should have rejected manifest that doesn't return a table") 167 end 168 169 success, err = pcall(function() 170 local badOrbit = OrbitManager.newFromManifest(nil, "this is not valid lua") 171 end) 172 if not success then 173 print(" ✓ Rejected unparseable manifest:", err) 174 else 175 print(" ✗ FAILED: Should have rejected invalid Lua") 176 end 177 print() 178 179 print("=== All Tests Complete ===")