diff --git a/actions/__init__.py b/actions/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/actions/privilegedactions_test.py b/actions/privilegedactions_test.py deleted file mode 100644 index 2b90b821a..000000000 --- a/actions/privilegedactions_test.py +++ /dev/null @@ -1,101 +0,0 @@ -#! /usr/bin/env python -# -*- mode: python; mode: auto-fill; fill-column: 80 -*- - -import sys -from actions.privilegedactions import privilegedaction_run -import unittest - -class TestPrivileged(unittest.TestCase): - """Verify that privileged actions perform as expected: - - 1. Privileged actions run as root. - - 2. Only whitelisted privileged actions can run. - - A. Actions can't be used to run other actions: - - $ action="echo 'hi'; rm -rf /" - $ $action - - B. Options can't be used to run other actions: - - $ options="hi'; rm -rf /;'" - $ "echo " + "'$options'" - - C. Scripts in a directory above the actions directory can't be run. - - D. Scripts in a directory beneath the actions directory can't be run. - - 3. The actions directory can't be changed at run time. - - """ - def test_run_as_root(self): - """1. Privileged actions run as root. - - """ - self.assertEqual( - "0", # user 0 is root - privilegedaction_run("id", "-ur")[0].strip()) - - def test_breakout_actions_dir(self): - """2. The actions directory can't be changed at run time. - - Can't currently be tested, as the actions directory is hardcoded. - - """ - pass - - def test_breakout_up(self): - """3A. Users can't call actions above the actions directory. - - Tests both a relative and a literal path. - - """ - options="hi" - - for arg in ("../echo", "/bin/echo"): - with self.assertRaises(ValueError): - privilegedaction_run(arg, options) - - def test_breakout_down(self): - """3B. Users can't call actions beneath the actions directory.""" - action="directory/echo" - - self.assertRaises(ValueError, privilegedaction_run, action) - - def test_breakout_actions(self): - """3C. Actions can't be used to run other actions. - - If multiple actions are specified, bail out. - - """ - # counting is safer than actual badness. - actions = ("echo ''; echo $((1+1))", - "echo '' && echo $((1+1))", - "echo '' || echo $((1+1))") - options = ("good", "") - - for action in actions: - for option in options: - with self.assertRaises(ValueError): - output = privilegedaction_run(action, option) - - print(output) - - # if it doesn't error, we'd better not evaluate the data. - self.assertFalse("2" in output[0]) - - def test_breakout_options(self): - """3D. Options can't be used to run other actions.""" - - action = "echo" - # counting is safer than actual badness. - options = "good; echo $((1+1))" - - output, error = privilegedaction_run(action, options) - - self.assertFalse("2" in output) - -if __name__ == "__main__": - unittest.main() - diff --git a/test.sh b/test.sh index cce176a58..d1526c4c3 100755 --- a/test.sh +++ b/test.sh @@ -10,8 +10,21 @@ PYTHONPATH=vendor:$PYTHONPATH PYTHONPATH=.:$PYTHONPATH export PYTHONPATH +for arg in "$@" +do + if [ "$arg" = "--pause" ] + then + pause=1 + fi +done + for file in tests/*.py do echo "Testing ${file}:" python $file + + if [ "$pause" = 1 ] + then + read X + fi done diff --git a/tests/test_privelegedactions.py b/tests/privelegedactions_test.py similarity index 98% rename from tests/test_privelegedactions.py rename to tests/privelegedactions_test.py index dc8cb0e72..8ba646da3 100644 --- a/tests/test_privelegedactions.py +++ b/tests/privelegedactions_test.py @@ -2,7 +2,7 @@ # -*- mode: python; mode: auto-fill; fill-column: 80 -*- import sys -from actions.privilegedactions import privilegedaction_run +from privilegedactions import privilegedaction_run import unittest class TestPrivileged(unittest.TestCase): @@ -117,4 +117,3 @@ class TestPrivileged(unittest.TestCase): if __name__ == "__main__": unittest.main() - diff --git a/tests/test_user_store.py b/tests/user_store_test.py similarity index 100% rename from tests/test_user_store.py rename to tests/user_store_test.py