Sandbox Security Tests
Automated tests for the Mosis Lua sandbox security implementation.
Prerequisites
- CMake 3.22+
- vcpkg with packages:
lua,nlohmann-json - MSVC or compatible C++23 compiler
Build
# From sandbox-test directory
cd D:\Dev\Mosis\MosisService\sandbox-test
# Configure with vcpkg
cmake -B build -DCMAKE_TOOLCHAIN_FILE=%VCPKG_ROOT%/scripts/buildsystems/vcpkg.cmake
# Build
cmake --build build --config Debug
Run Tests
Run All Tests (Uber Command)
# Windows
.\run_tests.bat
# Or directly
.\build\Debug\sandbox-test.exe
Run Specific Test
.\build\Debug\sandbox-test.exe --test DangerousGlobals
.\build\Debug\sandbox-test.exe --test Memory
.\build\Debug\sandbox-test.exe --test CPU
Custom Output File
.\build\Debug\sandbox-test.exe --output my_results.json
Test List
| Test Name | Description | Script |
|---|---|---|
DangerousGlobalsRemoved |
Verifies os, io, debug, etc. are nil | test_globals_removed.lua |
BytecodeRejected |
Verifies binary Lua chunks are rejected | (C++ only) |
MemoryLimitEnforced |
Verifies memory allocation limit works | test_memory_limit.lua |
CPULimitEnforced |
Verifies instruction count limit works | test_cpu_limit.lua |
MetatableProtected |
Verifies _G and string metatable are frozen | test_metatable_protected.lua |
SafeOperationsWork |
Verifies normal Lua operations still work | test_safe_operations.lua |
StringDumpRemoved |
Verifies string.dump is nil | test_string_dump_removed.lua |
MemoryTracking |
Verifies memory usage is tracked | (C++ only) |
InstructionCounting |
Verifies instruction count is tracked | (C++ only) |
MultipleLoads |
Verifies multiple scripts can be loaded | (C++ only) |
ErrorRecovery |
Verifies sandbox recovers from errors | (C++ only) |
Output Format
Tests produce a JSON report at test_results.json:
{
"name": "Lua Sandbox Security Tests",
"timestamp": "2024-01-15T10:30:00Z",
"summary": {
"passed": 11,
"failed": 0,
"total": 11
},
"tests": [
{
"name": "DangerousGlobalsRemoved",
"status": "passed",
"duration_ms": 5
}
]
}
Exit Codes
0- All tests passed1- One or more tests failed
Adding New Tests
- Create Lua script in
scripts/directory - Add C++ test function in
main.cpp:bool Test_MyNewTest(std::string& error_msg) { LuaSandbox sandbox(TestContext()); // ... test logic return true; } - Register in
main():harness.AddTest("MyNewTest", Test_MyNewTest);
Debugging Failed Tests
- Run specific test:
--test TestName - Check Lua script in
scripts/for expected behavior - Check
test_results.jsonfor error details - Add print statements to Lua scripts (output goes to console)
CI Integration
# In CI script
cd sandbox-test
cmake -B build -DCMAKE_TOOLCHAIN_FILE=$VCPKG_ROOT/scripts/buildsystems/vcpkg.cmake
cmake --build build --config Release
./build/Release/sandbox-test.exe --output ci_results.json
# Check exit code
if [ $? -ne 0 ]; then
echo "Sandbox tests failed!"
cat ci_results.json
exit 1
fi