133 lines
3.2 KiB
Markdown
133 lines
3.2 KiB
Markdown
# Sandbox Security Tests
|
|
|
|
Automated tests for the Mosis Lua sandbox security implementation.
|
|
|
|
## Prerequisites
|
|
|
|
- CMake 3.22+
|
|
- vcpkg with packages: `lua`, `nlohmann-json`
|
|
- MSVC or compatible C++23 compiler
|
|
|
|
## Build
|
|
|
|
```bash
|
|
# From sandbox-test directory
|
|
cd D:\Dev\Mosis\MosisService\sandbox-test
|
|
|
|
# Configure with vcpkg
|
|
cmake -B build -DCMAKE_TOOLCHAIN_FILE=%VCPKG_ROOT%/scripts/buildsystems/vcpkg.cmake
|
|
|
|
# Build
|
|
cmake --build build --config Debug
|
|
```
|
|
|
|
## Run Tests
|
|
|
|
### Run All Tests (Uber Command)
|
|
|
|
```bash
|
|
# Windows
|
|
.\run_tests.bat
|
|
|
|
# Or directly
|
|
.\build\Debug\sandbox-test.exe
|
|
```
|
|
|
|
### Run Specific Test
|
|
|
|
```bash
|
|
.\build\Debug\sandbox-test.exe --test DangerousGlobals
|
|
.\build\Debug\sandbox-test.exe --test Memory
|
|
.\build\Debug\sandbox-test.exe --test CPU
|
|
```
|
|
|
|
### Custom Output File
|
|
|
|
```bash
|
|
.\build\Debug\sandbox-test.exe --output my_results.json
|
|
```
|
|
|
|
## Test List
|
|
|
|
| Test Name | Description | Script |
|
|
|-----------|-------------|--------|
|
|
| `DangerousGlobalsRemoved` | Verifies os, io, debug, etc. are nil | `test_globals_removed.lua` |
|
|
| `BytecodeRejected` | Verifies binary Lua chunks are rejected | (C++ only) |
|
|
| `MemoryLimitEnforced` | Verifies memory allocation limit works | `test_memory_limit.lua` |
|
|
| `CPULimitEnforced` | Verifies instruction count limit works | `test_cpu_limit.lua` |
|
|
| `MetatableProtected` | Verifies _G and string metatable are frozen | `test_metatable_protected.lua` |
|
|
| `SafeOperationsWork` | Verifies normal Lua operations still work | `test_safe_operations.lua` |
|
|
| `StringDumpRemoved` | Verifies string.dump is nil | `test_string_dump_removed.lua` |
|
|
| `MemoryTracking` | Verifies memory usage is tracked | (C++ only) |
|
|
| `InstructionCounting` | Verifies instruction count is tracked | (C++ only) |
|
|
| `MultipleLoads` | Verifies multiple scripts can be loaded | (C++ only) |
|
|
| `ErrorRecovery` | Verifies sandbox recovers from errors | (C++ only) |
|
|
|
|
## Output Format
|
|
|
|
Tests produce a JSON report at `test_results.json`:
|
|
|
|
```json
|
|
{
|
|
"name": "Lua Sandbox Security Tests",
|
|
"timestamp": "2024-01-15T10:30:00Z",
|
|
"summary": {
|
|
"passed": 11,
|
|
"failed": 0,
|
|
"total": 11
|
|
},
|
|
"tests": [
|
|
{
|
|
"name": "DangerousGlobalsRemoved",
|
|
"status": "passed",
|
|
"duration_ms": 5
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
## Exit Codes
|
|
|
|
- `0` - All tests passed
|
|
- `1` - One or more tests failed
|
|
|
|
## Adding New Tests
|
|
|
|
1. Create Lua script in `scripts/` directory
|
|
2. Add C++ test function in `main.cpp`:
|
|
```cpp
|
|
bool Test_MyNewTest(std::string& error_msg) {
|
|
LuaSandbox sandbox(TestContext());
|
|
// ... test logic
|
|
return true;
|
|
}
|
|
```
|
|
3. Register in `main()`:
|
|
```cpp
|
|
harness.AddTest("MyNewTest", Test_MyNewTest);
|
|
```
|
|
|
|
## Debugging Failed Tests
|
|
|
|
1. Run specific test: `--test TestName`
|
|
2. Check Lua script in `scripts/` for expected behavior
|
|
3. Check `test_results.json` for error details
|
|
4. Add print statements to Lua scripts (output goes to console)
|
|
|
|
## CI Integration
|
|
|
|
```bash
|
|
# In CI script
|
|
cd sandbox-test
|
|
cmake -B build -DCMAKE_TOOLCHAIN_FILE=$VCPKG_ROOT/scripts/buildsystems/vcpkg.cmake
|
|
cmake --build build --config Release
|
|
./build/Release/sandbox-test.exe --output ci_results.json
|
|
|
|
# Check exit code
|
|
if [ $? -ne 0 ]; then
|
|
echo "Sandbox tests failed!"
|
|
cat ci_results.json
|
|
exit 1
|
|
fi
|
|
```
|