diff --git a/oss-internship-2020/jsonnet/examples/CMakeLists.txt b/oss-internship-2020/jsonnet/examples/CMakeLists.txt index fcfab56..1cc6d78 100644 --- a/oss-internship-2020/jsonnet/examples/CMakeLists.txt +++ b/oss-internship-2020/jsonnet/examples/CMakeLists.txt @@ -40,20 +40,22 @@ target_link_libraries(jsonnet_helper ) foreach(exe base multiple_files yaml_stream formatter) + add_executable(jsonnet_${exe}_sandboxed jsonnet_${exe}_example.cc ) + target_link_libraries(jsonnet_${exe}_sandboxed PRIVATE libjsonnet jsonnet_helper jsonnet_sapi sapi::sapi ) + endforeach() add_executable(jsonnet_base_transaction jsonnet_base_transaction.cc - jsonnet_base_transaction.h ) target_link_libraries(jsonnet_base_transaction PRIVATE diff --git a/oss-internship-2020/jsonnet/examples/jsonnet_base_example.cc b/oss-internship-2020/jsonnet/examples/jsonnet_base_example.cc index 4039df0..3dde1e1 100644 --- a/oss-internship-2020/jsonnet/examples/jsonnet_base_example.cc +++ b/oss-internship-2020/jsonnet/examples/jsonnet_base_example.cc @@ -12,43 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include -#include - #include #include -#include "jsonnet_sapi.sapi.h" -#include "sandboxed_api/util/flag.h" - -class JsonnetSapiSandbox : public JsonnetSandbox { - public: - explicit JsonnetSapiSandbox(std::string in_file, std::string out_file) - : in_file_(std::move(in_file)), out_file_(std::move(out_file)) {} - - std::unique_ptr ModifyPolicy( - sandbox2::PolicyBuilder *) override { - return sandbox2::PolicyBuilder() - .AllowStaticStartup() - .AllowOpen() - .AllowRead() - .AllowWrite() - .AllowStat() - .AllowSystemMalloc() - .AllowExit() - .AllowSyscalls({ - __NR_futex, - __NR_close, - }) - .AddDirectoryAt(dirname(&out_file_[0]), "/output", /*is_ro=*/false) - .AddDirectoryAt(dirname(&in_file_[0]), "/input", true) - .BuildOrDie(); - } - - private: - std::string in_file_; - std::string out_file_; -}; +#include "jsonnet_base_sandbox.h" int main(int argc, char* argv[]) { google::InitGoogleLogging(argv[0]); @@ -65,7 +32,7 @@ int main(int argc, char* argv[]) { std::string out_file(argv[2]); // Initialize sandbox. - JsonnetSapiSandbox sandbox(in_file, out_file); + JsonnetBaseSandbox sandbox(in_file, out_file); absl::Status status = sandbox.Init(); CHECK(status.ok()) << "Sandbox initialization failed: " << status; diff --git a/oss-internship-2020/jsonnet/examples/jsonnet_base_sandbox.h b/oss-internship-2020/jsonnet/examples/jsonnet_base_sandbox.h new file mode 100644 index 0000000..08de0bc --- /dev/null +++ b/oss-internship-2020/jsonnet/examples/jsonnet_base_sandbox.h @@ -0,0 +1,50 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include + +#include "jsonnet_sapi.sapi.h" +#include "sandboxed_api/transaction.h" +#include "sandboxed_api/util/flag.h" +#include "sandboxed_api/vars.h" + +class JsonnetBaseSandbox : public JsonnetSandbox { + public: + explicit JsonnetBaseSandbox(std::string in_file, std::string out_file) + : in_file_(in_file), out_file_(out_file) {} + + std::unique_ptr ModifyPolicy( + sandbox2::PolicyBuilder *) override { + return sandbox2::PolicyBuilder() + .AllowStaticStartup() + .AllowOpen() + .AllowRead() + .AllowWrite() + .AllowStat() + .AllowSystemMalloc() + .AllowExit() + .AllowSyscalls({ + __NR_futex, + __NR_close, + }) + .AddDirectoryAt(dirname(&out_file_[0]), "/output", /*is_ro=*/false) + .AddDirectoryAt(dirname(&in_file_[0]), "/input", true) + .BuildOrDie(); + } + + private: + std::string in_file_; + std::string out_file_; +}; diff --git a/oss-internship-2020/jsonnet/examples/jsonnet_base_transaction.h b/oss-internship-2020/jsonnet/examples/jsonnet_base_transaction.h index 412ee47..9dfedc5 100644 --- a/oss-internship-2020/jsonnet/examples/jsonnet_base_transaction.h +++ b/oss-internship-2020/jsonnet/examples/jsonnet_base_transaction.h @@ -12,49 +12,13 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include -#include - -#include "jsonnet_sapi.sapi.h" -#include "sandboxed_api/transaction.h" -#include "sandboxed_api/util/flag.h" -#include "sandboxed_api/vars.h" - -class JsonnetSapiTransactionSandbox : public JsonnetSandbox { - public: - explicit JsonnetSapiTransactionSandbox(std::string in_file, - std::string out_file) - : in_file_(in_file), out_file_(out_file) {} - - std::unique_ptr ModifyPolicy( - sandbox2::PolicyBuilder *) override { - return sandbox2::PolicyBuilder() - .AllowStaticStartup() - .AllowOpen() - .AllowRead() - .AllowWrite() - .AllowStat() - .AllowSystemMalloc() - .AllowExit() - .AllowSyscalls({ - __NR_futex, - __NR_close, - }) - .AddDirectoryAt(dirname(&out_file_[0]), "/output", /*is_ro=*/false) - .AddDirectoryAt(dirname(&in_file_[0]), "/input", true) - .BuildOrDie(); - } - - private: - std::string in_file_; - std::string out_file_; -}; +#include "jsonnet_base_sandbox.h" class JsonnetTransaction : public sapi::Transaction { public: JsonnetTransaction(std::string in_file, std::string out_file) : sapi::Transaction( - std::make_unique(in_file, out_file)), + std::make_unique(in_file, out_file)), in_file_(in_file), out_file_(out_file) { sapi::Transaction::set_retry_count(0); // Try once, no retries diff --git a/oss-internship-2020/jsonnet/examples/jsonnet_formatter_example.cc b/oss-internship-2020/jsonnet/examples/jsonnet_formatter_example.cc index 305059a..56e957d 100644 --- a/oss-internship-2020/jsonnet/examples/jsonnet_formatter_example.cc +++ b/oss-internship-2020/jsonnet/examples/jsonnet_formatter_example.cc @@ -26,6 +26,7 @@ class JsonnetSapiSandbox : public JsonnetSandbox { explicit JsonnetSapiSandbox(std::string in_file, std::string out_file) : in_file_(std::move(in_file)), out_file_(std::move(out_file)) {} + // We need only the input file here, not the whole input directory std::unique_ptr ModifyPolicy( sandbox2::PolicyBuilder *) override { return sandbox2::PolicyBuilder() diff --git a/oss-internship-2020/jsonnet/examples/jsonnet_multiple_files_example.cc b/oss-internship-2020/jsonnet/examples/jsonnet_multiple_files_example.cc index 9d2783e..9134daa 100644 --- a/oss-internship-2020/jsonnet/examples/jsonnet_multiple_files_example.cc +++ b/oss-internship-2020/jsonnet/examples/jsonnet_multiple_files_example.cc @@ -27,6 +27,7 @@ class JsonnetSapiSandbox : public JsonnetSandbox { explicit JsonnetSapiSandbox(std::string in_file, std::string out_directory) : in_file_(std::move(in_file)), out_directory_(std::move(out_directory)) {} + // We need a slightly different policy than the default one std::unique_ptr ModifyPolicy( sandbox2::PolicyBuilder *) override { return sandbox2::PolicyBuilder() diff --git a/oss-internship-2020/jsonnet/examples/jsonnet_yaml_stream_example.cc b/oss-internship-2020/jsonnet/examples/jsonnet_yaml_stream_example.cc index 8f8e607..ac6d256 100644 --- a/oss-internship-2020/jsonnet/examples/jsonnet_yaml_stream_example.cc +++ b/oss-internship-2020/jsonnet/examples/jsonnet_yaml_stream_example.cc @@ -12,43 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include -#include - #include #include -#include "jsonnet_sapi.sapi.h" -#include "sandboxed_api/util/flag.h" - -class JsonnetSapiSandbox : public JsonnetSandbox { - public: - explicit JsonnetSapiSandbox(std::string in_file, std::string out_file) - : in_file_(std::move(in_file)), out_file_(std::move(out_file)) {} - - std::unique_ptr ModifyPolicy( - sandbox2::PolicyBuilder *) override { - return sandbox2::PolicyBuilder() - .AllowStaticStartup() - .AllowOpen() - .AllowRead() - .AllowWrite() - .AllowStat() - .AllowSystemMalloc() - .AllowExit() - .AllowSyscalls({ - __NR_futex, - __NR_close, - }) - .AddDirectoryAt(dirname(&out_file_[0]), "/output", /*is_ro=*/false) - .AddDirectoryAt(dirname(&in_file_[0]), "/input", true) - .BuildOrDie(); - } - - private: - std::string in_file_; - std::string out_file_; -}; +#include "jsonnet_base_sandbox.h" int main(int argc, char* argv[]) { google::InitGoogleLogging(argv[0]); @@ -65,7 +32,7 @@ int main(int argc, char* argv[]) { std::string out_file(argv[2]); // Initialize sandbox. - JsonnetSapiSandbox sandbox(in_file, out_file); + JsonnetBaseSandbox sandbox(in_file, out_file); absl::Status status = sandbox.Init(); CHECK(status.ok()) << "Sandbox initialization failed " << status; diff --git a/oss-internship-2020/jsonnet/tests/jsonnet_test_utils.cc b/oss-internship-2020/jsonnet/tests/jsonnet_test_utils.cc new file mode 100644 index 0000000..cf2044f --- /dev/null +++ b/oss-internship-2020/jsonnet/tests/jsonnet_test_utils.cc @@ -0,0 +1,13 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. \ No newline at end of file diff --git a/oss-internship-2020/jsonnet/tests/jsonnet_tests.cc b/oss-internship-2020/jsonnet/tests/jsonnet_tests.cc new file mode 100644 index 0000000..e68f11f --- /dev/null +++ b/oss-internship-2020/jsonnet/tests/jsonnet_tests.cc @@ -0,0 +1,23 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "jsonnet_tests.h" + +class JsonnetTest : public JsonnetTestHelper, public testing::Test { + protected: + + void SetUp() override { JsonnetTestSetUp(); } + void TearDown() override { JsonnetTestTearDown(); } + +}; diff --git a/oss-internship-2020/jsonnet/tests/jsonnet_tests.h b/oss-internship-2020/jsonnet/tests/jsonnet_tests.h new file mode 100644 index 0000000..b8148c8 --- /dev/null +++ b/oss-internship-2020/jsonnet/tests/jsonnet_tests.h @@ -0,0 +1,38 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "jsonnet_base_sandbox.h" +#include "jsonnet_sapi.sapi.h" +#include "gtest/gtest.h" +#include "sandboxed_api/util/flag.h" +#include "sandboxed_api/util/status_matchers.h" + +class JsonnetTestHelper { + protected: + enum Evaluation { BASE, MULTIPLE_FILES, YAML_STREAM }; + + void JsonnetTestSetUp(); + void JsonnetTestTearDown(); + + char* Read_input(const char* filename); + char* Evaluate_jsonnet_code(struct JsonnetVm* vm, const char* filename, Evaluation type); + bool Write_output(struct JsonnetVm* vm, char* output, char* filename_or_directory, Evaluation type); + + std::unique_ptr sandbox; + std::unique_ptr api; + std::unique_ptr input; + + JsonnetVm* vm; + +}; \ No newline at end of file