extrasafe 0.5.1

Make your code extrasafe by reducing what it can access.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

use extrasafe::builtins::SystemIO;
use extrasafe::syscalls::Sysno;
use extrasafe::*;

use std::collections::HashMap;

struct JustWrite;
impl RuleSet for JustWrite {
    fn simple_rules(&self) -> Vec<Sysno> {
        vec![Sysno::write]
    }

    fn conditional_rules(&self) -> HashMap<Sysno, Vec<SeccompRule>> {
        HashMap::new()
    }

    fn name(&self) -> &'static str {
        "JustWrite"
    }
}

#[test]
/// Check that adding a simple rule and a conditional rule with the same sysno fails.
/// (This is because the simple rule would override the conditional one)
fn invalid_combination_new_simple() {
    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::nothing()
            .allow_stdout()).unwrap()
        .enable(SystemIO::everything());

    assert!(
        res.is_err(),
        "Extrasafe didn't fail when adding conflicting rules"
    );

    let err = res.unwrap_err();
    assert_eq!(err.to_string(), "A conditional rule on syscall `write` from RuleSet `SystemIO` would be overridden by a simple rule from RuleSet `SystemIO`.");
}

#[test]
fn invalid_combination_new_conditional() {
    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::everything()).unwrap()
        .enable(SystemIO::nothing()
            .allow_stdout());
    assert!(res.is_err(), "Extrasafe didn't fail when adding conflicting rules");

    let err = res.unwrap_err();
    assert_eq!(err.to_string(), "A conditional rule on syscall `write` from RuleSet `SystemIO` would be overridden by a simple rule from RuleSet `SystemIO`.");
}

#[test]
/// same as above but with different rulesets to check the error message
fn invalid_combination_new_simple_different_name() {
    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::nothing()
            .allow_stdout()).unwrap()
        .enable(JustWrite);
    assert!(
        res.is_err(),
        "Extrasafe didn't fail when adding conflicting rules"
    );

    let err = res.unwrap_err();
    assert_eq!(err.to_string(), "A conditional rule on syscall `write` from RuleSet `SystemIO` would be overridden by a simple rule from RuleSet `JustWrite`.");
}

#[test]
fn invalid_combination_new_conditional_different_name() {
    let res = extrasafe::SafetyContext::new()
        .enable(JustWrite).unwrap()
        .enable(SystemIO::nothing()
            .allow_stdout());
    assert!(res.is_err(), "Extrasafe didn't fail when adding conflicting rules");

    let err = res.unwrap_err();
    assert_eq!(err.to_string(), "A conditional rule on syscall `write` from RuleSet `SystemIO` would be overridden by a simple rule from RuleSet `JustWrite`.");
}

#[test]
/// Test that adding a conditional and simple rule in the same `RuleSet` produces an error
fn invalid_combination_read_and_stdin() {

    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::nothing()
            .allow_read()
            .allow_stdin()
        );
    assert!(res.is_err(), "Extrasafe didn't fail when adding conflicting rules");

    let err = res.unwrap_err();
    assert_eq!(err.to_string(), "A conditional rule on syscall `read` from RuleSet `SystemIO` would be overridden by a simple rule from RuleSet `SystemIO`.");
}

#[test]
/// Test that adding duplicate simple rules in the same `RuleSet` doesn't produce an error
fn not_invalid_combination_duplicate_simple() {

    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::nothing()
            .allow_read()
            .allow_read()
        );
    assert!(res.is_ok());

    let res = res.unwrap().apply_to_current_thread();
    assert!(res.is_ok());
}

#[test]
/// Test that adding duplicate simple rules in the same `RuleSet` doesn't produce an error
fn not_invalid_combination_duplicate_simple2() {

    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::nothing()
            .allow_read()).unwrap()
        .enable(SystemIO::nothing()
            .allow_read()
        );
    assert!(res.is_ok());

    let res = res.unwrap().apply_to_current_thread();
    assert!(res.is_ok());
}

#[test]
/// Test that adding duplicate conditional rules in the same `RuleSet` doesn't produce an error
fn not_invalid_combination_duplicate_conditional() {

    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::nothing()
            .allow_stdin()
            .allow_stdin()
        );
    assert!(res.is_ok());

    let res = res.unwrap().apply_to_current_thread();
    assert!(res.is_ok());
}

#[test]
/// Test that adding duplicate conditional rules from different `RuleSet`s doesn't produce an error
fn not_invalid_combination_duplicate_conditional2() {

    let res = extrasafe::SafetyContext::new()
        .enable(SystemIO::nothing()
            .allow_stdin()
        ).unwrap()
        .enable(SystemIO::nothing()
            .allow_stdin()
        );
    assert!(res.is_ok());

    let res = res.unwrap().apply_to_current_thread();
    assert!(res.is_ok());
}