# Sandbox Security Tests

Automated tests for the Mosis Lua sandbox security implementation.

## Prerequisites

- CMake 3.22+
- vcpkg with packages: `lua`, `nlohmann-json`
- MSVC or compatible C++23 compiler

## Build

```bash
# From sandbox-test directory
cd D:\Dev\Mosis\MosisService\sandbox-test

# Configure with vcpkg
cmake -B build -DCMAKE_TOOLCHAIN_FILE=%VCPKG_ROOT%/scripts/buildsystems/vcpkg.cmake

# Build
cmake --build build --config Debug
```

## Run Tests

### Run All Tests (Uber Command)

```bash
# Windows
.\run_tests.bat

# Or directly
.\build\Debug\sandbox-test.exe
```

### Run Specific Test

```bash
.\build\Debug\sandbox-test.exe --test DangerousGlobals
.\build\Debug\sandbox-test.exe --test Memory
.\build\Debug\sandbox-test.exe --test CPU
```

### Custom Output File

```bash
.\build\Debug\sandbox-test.exe --output my_results.json
```

## Test List

| Test Name | Description | Script |
|-----------|-------------|--------|
| `DangerousGlobalsRemoved` | Verifies os, io, debug, etc. are nil | `test_globals_removed.lua` |
| `BytecodeRejected` | Verifies binary Lua chunks are rejected | (C++ only) |
| `MemoryLimitEnforced` | Verifies memory allocation limit works | `test_memory_limit.lua` |
| `CPULimitEnforced` | Verifies instruction count limit works | `test_cpu_limit.lua` |
| `MetatableProtected` | Verifies _G and string metatable are frozen | `test_metatable_protected.lua` |
| `SafeOperationsWork` | Verifies normal Lua operations still work | `test_safe_operations.lua` |
| `StringDumpRemoved` | Verifies string.dump is nil | `test_string_dump_removed.lua` |
| `MemoryTracking` | Verifies memory usage is tracked | (C++ only) |
| `InstructionCounting` | Verifies instruction count is tracked | (C++ only) |
| `MultipleLoads` | Verifies multiple scripts can be loaded | (C++ only) |
| `ErrorRecovery` | Verifies sandbox recovers from errors | (C++ only) |

## Output Format

Tests produce a JSON report at `test_results.json`:

```json
{
  "name": "Lua Sandbox Security Tests",
  "timestamp": "2024-01-15T10:30:00Z",
  "summary": {
    "passed": 11,
    "failed": 0,
    "total": 11
  },
  "tests": [
    {
      "name": "DangerousGlobalsRemoved",
      "status": "passed",
      "duration_ms": 5
    }
  ]
}
```

## Exit Codes

- `0` - All tests passed
- `1` - One or more tests failed

## Adding New Tests

1. Create Lua script in `scripts/` directory
2. Add C++ test function in `main.cpp`:
   ```cpp
   bool Test_MyNewTest(std::string& error_msg) {
       LuaSandbox sandbox(TestContext());
       // ... test logic
       return true;
   }
   ```
3. Register in `main()`:
   ```cpp
   harness.AddTest("MyNewTest", Test_MyNewTest);
   ```

## Debugging Failed Tests

1. Run specific test: `--test TestName`
2. Check Lua script in `scripts/` for expected behavior
3. Check `test_results.json` for error details
4. Add print statements to Lua scripts (output goes to console)

## CI Integration

```bash
# In CI script
cd sandbox-test
cmake -B build -DCMAKE_TOOLCHAIN_FILE=$VCPKG_ROOT/scripts/buildsystems/vcpkg.cmake
cmake --build build --config Release
./build/Release/sandbox-test.exe --output ci_results.json

# Check exit code
if [ $? -ne 0 ]; then
    echo "Sandbox tests failed!"
    cat ci_results.json
    exit 1
fi
```