diff --git a/sandboxed_api/sandbox2/BUILD.bazel b/sandboxed_api/sandbox2/BUILD.bazel index f092c42..d2694a0 100644 --- a/sandboxed_api/sandbox2/BUILD.bazel +++ b/sandboxed_api/sandbox2/BUILD.bazel @@ -1107,6 +1107,7 @@ cc_test( "//sandboxed_api:testing", "//sandboxed_api/sandbox2/network_proxy:testing", "//sandboxed_api/util:status_matchers", + "@com_google_absl//absl/status", "@com_google_absl//absl/strings", "@com_google_absl//absl/time", "@com_google_googletest//:gtest_main", diff --git a/sandboxed_api/sandbox2/CMakeLists.txt b/sandboxed_api/sandbox2/CMakeLists.txt index cf9510f..417e3f8 100644 --- a/sandboxed_api/sandbox2/CMakeLists.txt +++ b/sandboxed_api/sandbox2/CMakeLists.txt @@ -1205,7 +1205,8 @@ if(BUILD_TESTING AND SAPI_BUILD_TESTING) OUTPUT_NAME network_proxy_test ) target_link_libraries(sandbox2_network_proxy_test - PRIVATE absl::strings + PRIVATE absl::status + absl::strings absl::time sandbox2::sandbox2 sandbox2::network_proxy_testing diff --git a/sandboxed_api/sandbox2/network_proxy_test.cc b/sandboxed_api/sandbox2/network_proxy_test.cc index f1f739d..df1c984 100644 --- a/sandboxed_api/sandbox2/network_proxy_test.cc +++ b/sandboxed_api/sandbox2/network_proxy_test.cc @@ -22,6 +22,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" +#include "absl/status/status.h" #include "absl/time/time.h" #include "sandboxed_api/sandbox2/executor.h" #include "sandboxed_api/sandbox2/network_proxy/testing.h" @@ -35,8 +36,49 @@ namespace sandbox2 { namespace { using ::sapi::GetTestSourcePath; +using ::sapi::StatusIs; using ::testing::Eq; +TEST(NetworkProxyTest, NoDoublePolicy) { + PolicyBuilder builder; + builder.AddNetworkProxyHandlerPolicy().AddNetworkProxyPolicy(); + EXPECT_THAT(builder.TryBuild(), + StatusIs(absl::StatusCode::kFailedPrecondition)); +} + +TEST(NetworkProxyTest, NoDoublePolicyHandler) { + PolicyBuilder builder; + builder.AddNetworkProxyPolicy().AddNetworkProxyHandlerPolicy(); + EXPECT_THAT(builder.TryBuild(), + StatusIs(absl::StatusCode::kFailedPrecondition)); +} + +TEST(NetworkProxyTest, NoNetworkPolicyIpv4) { + PolicyBuilder builder; + builder.AllowIPv4("127.0.0.1"); + EXPECT_THAT(builder.TryBuild(), + StatusIs(absl::StatusCode::kFailedPrecondition)); +} + +TEST(NetworkProxyTest, NoNetworkPolicyIpv6) { + PolicyBuilder builder; + builder.AllowIPv6("::1"); + EXPECT_THAT(builder.TryBuild(), + StatusIs(absl::StatusCode::kFailedPrecondition)); +} + +TEST(NetworkProxyTest, WrongIPv4) { + PolicyBuilder builder; + builder.AddNetworkProxyPolicy().AllowIPv4("256.256.256.256"); + EXPECT_THAT(builder.TryBuild(), StatusIs(absl::StatusCode::kInvalidArgument)); +} + +TEST(NetworkProxyTest, WrongIPv6) { + PolicyBuilder builder; + builder.AddNetworkProxyPolicy().AllowIPv6("127.0.0.1"); + EXPECT_THAT(builder.TryBuild(), StatusIs(absl::StatusCode::kInvalidArgument)); +} + using NetworkProxyTest = ::testing::TestWithParam; TEST_P(NetworkProxyTest, ProxyWithHandlerAllowed) {