Improve and extend examples

oss-internship-2020/curl/examples/CMakeLists.txt

@@ -18,6 +18,7 @@
 # Example 1: simple.c
 add_executable(example1
   example1.cc
+  ../sandbox.h
 )
 target_link_libraries(example1 PRIVATE
   curl_sapi
@@ -27,6 +28,7 @@ target_link_libraries(example1 PRIVATE
 # Example 2: getinmemory.c
 add_executable(example2
   example2.cc
+  ../sandbox.h
 )
 target_link_libraries(example2 PRIVATE
   curl_sapi
@@ -36,6 +38,7 @@ target_link_libraries(example2 PRIVATE
 # Example 3: simplessl.c
 add_executable(example3
   example3.cc
+  ../sandbox.h
 )
 target_link_libraries(example3 PRIVATE
   curl_sapi
@@ -45,6 +48,7 @@ target_link_libraries(example3 PRIVATE
 # Example 4: multi-poll.c
 add_executable(example4
   example4.cc
+  ../sandbox.h
 )
 target_link_libraries(example4 PRIVATE
   curl_sapi
@@ -54,8 +58,19 @@ target_link_libraries(example4 PRIVATE
 # Example 5: multithread.c
 add_executable(example5
   example5.cc
+  ../sandbox.h
 )
 target_link_libraries(example5 PRIVATE
   curl_sapi
   sapi::sapi
 )
+
+# Example 6: simple.c (using transactions)
+add_executable(example6
+  example6.cc
+  ../sandbox.h
+)
+target_link_libraries(example6 PRIVATE
+  curl_sapi
+  sapi::sapi
+)

oss-internship-2020/curl/examples/README.md

@@ -9,3 +9,4 @@ This is the list of the examples:
 - **example3**: sandboxed version of [simplessl.c](https://curl.haxx.se/libcurl/c/simplessl.html). HTTPS request of the [example.com](https://example.com) page, using SSL authentication. This script takes 4 arguments (SSL certificates file, SSL keys file, SSL keys password and CA certificates files), and prints out the page.
 - **example4**: sandboxed version of [multi-poll.c](https://curl.haxx.se/libcurl/c/multi-poll.html). Same HTTP request as example1, with the addition of a polling method that can be used to track the status of the request. The page is printed out after it is downloaded.
 - **example5**: sandboxed version of [multithread.c](https://curl.haxx.se/libcurl/c/multithread.html). Four HTTP request of the pages [example.com](http://example.com), [example.edu](http://example.edu), [example.net](http://example.net) and [example.org](http://example.org), performed at the same time using libcurl's multithreading methods. The threads' status and the pages are printed out.
+- **example6**: sandboxed version of [simple.c](https://curl.haxx.se/libcurl/c/simple.html). Performs the same tasks as example1, but Sandbox API Transactions are used to show how they can be used to perform a simple request.

oss-internship-2020/curl/examples/example1.cc

@@ -16,23 +16,8 @@
 // Simple HTTP GET request
 
 #include <cstdlib>
-#include <iostream>
 
-#include "curl_sapi.sapi.h"
+#include "../sandbox.h"
-#include "sandboxed_api/util/flag.h"
-
-class CurlApiSandboxEx1 : public CurlSandbox {
- private:
-  std::unique_ptr<sandbox2::Policy> ModifyPolicy(
-      sandbox2::PolicyBuilder*) override {
-    // Return a new policy
-    return sandbox2::PolicyBuilder()
-        .DangerDefaultAllowAll()
-        .AllowUnrestrictedNetworking()
-        .AddDirectory("/lib")
-        .BuildOrDie();
-  }
-};
 
 int main(int argc, char* argv[]) {
   absl::Status status;
@@ -40,41 +25,61 @@ int main(int argc, char* argv[]) {
   sapi::StatusOr<int> status_or_int;
 
   // Initialize sandbox2 and sapi
-  CurlApiSandboxEx1 sandbox;
+  CurlSapiSandbox sandbox;
   status = sandbox.Init();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in sandbox Init" << std::endl;
+    return EXIT_FAILURE;
+  }
   CurlApi api(&sandbox);
 
   // Initialize the curl session
   status_or_curl = api.curl_easy_init();
-  assert(status_or_curl.ok());
+  if (!status_or_curl.ok()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
   sapi::v::RemotePtr curl(status_or_curl.value());
-  assert(curl.GetValue());  // Checking curl != nullptr
+  if (!curl.GetValue()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Specify URL to get
   sapi::v::ConstCStr url("http://example.com");
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_URL, url.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set the library to follow a redirection
   status_or_int = api.curl_easy_setopt_long(&curl, CURLOPT_FOLLOWLOCATION, 1l);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_long" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
   status_or_int = api.curl_easy_setopt_long(&curl, CURLOPT_SSL_VERIFYPEER, 0l);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_long" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Perform the request
   status_or_int = api.curl_easy_perform(&curl);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_perform" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Cleanup curl
   status = api.curl_easy_cleanup(&curl);
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_easy_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   return EXIT_SUCCESS;
 }

oss-internship-2020/curl/examples/example2.cc

@@ -18,92 +18,106 @@
 #include <cstdlib>
 #include <iostream>
 
-#include "curl_sapi.sapi.h"
+#include "../sandbox.h"
-#include "sandboxed_api/util/flag.h"
 
 struct MemoryStruct {
   char* memory;
   size_t size;
 };
 
-class CurlApiSandboxEx2 : public CurlSandbox {
- private:
-  std::unique_ptr<sandbox2::Policy> ModifyPolicy(
-      sandbox2::PolicyBuilder*) override {
-    // Return a new policy
-    return sandbox2::PolicyBuilder()
-        .DangerDefaultAllowAll()
-        .AllowUnrestrictedNetworking()
-        .AddDirectory("/lib")
-        .BuildOrDie();
-  }
-};
-
 int main() {
   absl::Status status;
   sapi::StatusOr<CURL*> status_or_curl;
   sapi::StatusOr<int> status_or_int;
 
   // Initialize sandbox2 and sapi
-  CurlApiSandboxEx2 sandbox;
+  CurlSapiSandbox sandbox;
   status = sandbox.Init();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in sandbox Init" << std::endl;
+    return EXIT_FAILURE;
+  }
   CurlApi api(&sandbox);
 
   // Generate pointer to WriteMemoryCallback function
   sapi::RPCChannel rpcc(sandbox.comms());
   size_t (*_function_ptr)(void*, size_t, size_t, void*);
   status = rpcc.Symbol("WriteMemoryCallback", (void**)&_function_ptr);
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in RPCChannel Symbol" << std::endl;
+    return EXIT_FAILURE;
+  }
   sapi::v::RemotePtr remote_function_ptr((void*)_function_ptr);
 
   // Initialize the curl session
   status_or_curl = api.curl_easy_init();
-  assert(status_or_curl.ok());
+  if (!status_or_curl.ok()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
   sapi::v::RemotePtr curl(status_or_curl.value());
-  assert(curl.GetValue());  // Checking curl != nullptr
+  if (!curl.GetValue()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Specify URL to get
   sapi::v::ConstCStr url("http://example.com");
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_URL, url.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set WriteMemoryCallback as the write function
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_WRITEFUNCTION,
                                            &remote_function_ptr);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Pass 'chunk' struct to the callback function
   sapi::v::Struct<MemoryStruct> chunk;
   status_or_int =
       api.curl_easy_setopt_ptr(&curl, CURLOPT_WRITEDATA, chunk.PtrBoth());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set a user agent
   sapi::v::ConstCStr user_agent("libcurl-agent/1.0");
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_USERAGENT,
                                            user_agent.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Perform the request
   status_or_int = api.curl_easy_perform(&curl);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_perform" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Retrieve memory size
   sapi::v::Int size;
   size.SetRemote(&((MemoryStruct*)chunk.GetRemote())->size);
   status = sandbox.TransferFromSandboxee(&size);
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in sandbox TransferFromSandboxee" << std::endl;
+    return EXIT_FAILURE;
+  }
   std::cout << "memory size: " << size.GetValue() << " bytes" << std::endl;
 
   // Cleanup curl
   status = api.curl_easy_cleanup(&curl);
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_easy_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   return EXIT_SUCCESS;
 }

oss-internship-2020/curl/examples/example3.cc

@@ -16,15 +16,13 @@
 // HTTPS GET request
 
 #include <cstdlib>
-#include <iostream>
 
-#include "curl_sapi.sapi.h"
+#include "../sandbox.h"
-#include "sandboxed_api/util/flag.h"
 
-class CurlApiSandboxEx3 : public CurlSandbox {
+class CurlSapiSandboxEx3 : public CurlSapiSandbox {
  public:
-  CurlApiSandboxEx3(std::string ssl_certificate, std::string ssl_key,
+  CurlSapiSandboxEx3(std::string ssl_certificate, std::string ssl_key,
-                    std::string ca_certificates)
+                     std::string ca_certificates)
       : ssl_certificate(ssl_certificate),
         ssl_key(ssl_key),
         ca_certificates(ca_certificates) {}
@@ -32,15 +30,17 @@ class CurlApiSandboxEx3 : public CurlSandbox {
  private:
   std::unique_ptr<sandbox2::Policy> ModifyPolicy(
       sandbox2::PolicyBuilder*) override {
-    // Return a new policy
+    // Add the syscalls and files missing in CurlSandbox to a new PolicyBuilder
-    return sandbox2::PolicyBuilder()
+    auto policy_builder = std::make_unique<sandbox2::PolicyBuilder>();
-        .DangerDefaultAllowAll()
+    (*policy_builder)
-        .AllowUnrestrictedNetworking()
+        .AllowGetPIDs()
-        .AddDirectory("/lib")
+        .AllowGetRandom()
+        .AllowSyscall(__NR_sysinfo)
         .AddFile(ssl_certificate)
         .AddFile(ssl_key)
-        .AddFile(ca_certificates)
+        .AddFile(ca_certificates);
-        .BuildOrDie();
+    // Provide the new PolicyBuilder to ModifyPolicy in CurlSandbox
+    return CurlSapiSandbox::ModifyPolicy(policy_builder.get());
   }
 
   std::string ssl_certificate;
@@ -54,87 +54,123 @@ int main(int argc, char* argv[]) {
   sapi::StatusOr<CURL*> status_or_curl;
 
   // Get input parameters (should be absolute paths)
-  assert(argc == 5);
+  if (argc != 5) {
+    std::cerr << "wrong number of arguments (4 expected)" << std::endl;
+    return EXIT_FAILURE;
+  }
   std::string ssl_certificate = argv[1];
   std::string ssl_key = argv[2];
   std::string ssl_key_password = argv[3];
   std::string ca_certificates = argv[4];
 
   // Initialize sandbox2 and sapi
-  CurlApiSandboxEx3 sandbox(ssl_certificate, ssl_key, ca_certificates);
+  CurlSapiSandboxEx3 sandbox(ssl_certificate, ssl_key, ca_certificates);
   status = sandbox.Init();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in sandbox Init" << std::endl;
+    return EXIT_FAILURE;
+  }
   CurlApi api(&sandbox);
 
   // Initialize curl (CURL_GLOBAL_DEFAULT = 3)
   status_or_int = api.curl_global_init(3l);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_global_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Initialize curl easy handle
   status_or_curl = api.curl_easy_init();
-  assert(status_or_curl.ok());
+  if (!status_or_curl.ok()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
   sapi::v::RemotePtr curl(status_or_curl.value());
-  assert(curl.GetValue());  // Checking curl != nullptr
+  if (!curl.GetValue()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Specify URL to get (using HTTPS)
   sapi::v::ConstCStr url("https://example.com");
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_URL, url.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set the SSL certificate type to "PEM"
   sapi::v::ConstCStr ssl_cert_type("PEM");
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_SSLCERTTYPE,
                                            ssl_cert_type.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set the certificate for client authentication
   sapi::v::ConstCStr sapi_ssl_certificate(ssl_certificate.c_str());
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_SSLCERT,
                                            sapi_ssl_certificate.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set the private key for client authentication
   sapi::v::ConstCStr sapi_ssl_key(ssl_key.c_str());
   status_or_int =
       api.curl_easy_setopt_ptr(&curl, CURLOPT_SSLKEY, sapi_ssl_key.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set the password used to protect the private key
   sapi::v::ConstCStr sapi_ssl_key_password(ssl_key_password.c_str());
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_KEYPASSWD,
                                            sapi_ssl_key_password.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Set the file with the certificates vaildating the server
   sapi::v::ConstCStr sapi_ca_certificates(ca_certificates.c_str());
   status_or_int = api.curl_easy_setopt_ptr(&curl, CURLOPT_CAINFO,
                                            sapi_ca_certificates.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Verify the authenticity of the server
   status_or_int = api.curl_easy_setopt_long(&curl, CURLOPT_SSL_VERIFYPEER, 1L);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_long" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Perform the request
   status_or_int = api.curl_easy_perform(&curl);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_perform" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Cleanup curl easy handle
   status = api.curl_easy_cleanup(&curl);
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_easy_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Cleanup curl
   status = api.curl_global_cleanup();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_global_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   return EXIT_SUCCESS;
-}
+}

oss-internship-2020/curl/examples/example4.cc

@@ -16,24 +16,11 @@
 // HTTP GET request with polling
 
 #include <cstdlib>
-#include <iostream>
 
+#include "../sandbox.h"
 #include "curl_sapi.sapi.h"
 #include "sandboxed_api/util/flag.h"
 
-class CurlApiSandboxEx4 : public CurlSandbox {
- private:
-  std::unique_ptr<sandbox2::Policy> ModifyPolicy(
-      sandbox2::PolicyBuilder*) override {
-    // Return a new policy
-    return sandbox2::PolicyBuilder()
-        .DangerDefaultAllowAll()
-        .AllowUnrestrictedNetworking()
-        .AddDirectory("/lib")
-        .BuildOrDie();
-  }
-};
-
 int main() {
   absl::Status status;
   sapi::StatusOr<int> status_or_int;
@@ -41,9 +28,12 @@ int main() {
   sapi::StatusOr<CURLM*> status_or_curlm;
 
   // Initialize sandbox2 and sapi
-  CurlApiSandboxEx4 sandbox;
+  CurlSapiSandbox sandbox;
   status = sandbox.Init();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in sandbox Init" << std::endl;
+    return EXIT_FAILURE;
+  }
   CurlApi api(&sandbox);
 
   // Number of running handles
@@ -51,32 +41,50 @@ int main() {
 
   // Initialize curl (CURL_GLOBAL_DEFAULT = 3)
   status_or_int = api.curl_global_init(3l);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_global_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Initialize http_handle
   status_or_curl = api.curl_easy_init();
-  assert(status_or_curl.ok());
+  if (!status_or_curl.ok()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
   sapi::v::RemotePtr http_handle(status_or_curl.value());
-  assert(http_handle.GetValue());  // Checking http_handle != nullptr
+  if (!http_handle.GetValue()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Specify URL to get
   sapi::v::ConstCStr url("http://example.com");
   status_or_int =
       api.curl_easy_setopt_ptr(&http_handle, CURLOPT_URL, url.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Initialize multi_handle
   status_or_curlm = api.curl_multi_init();
-  assert(status_or_curlm.ok());
+  if (!status_or_curl.ok()) {
+    std::cerr << "error in curl_multi_init" << std::endl;
+    return EXIT_FAILURE;
+  }
   sapi::v::RemotePtr multi_handle(status_or_curlm.value());
-  assert(multi_handle.GetValue());  // Checking multi_handle != nullptr
+  if (!multi_handle.GetValue()) {
+    std::cerr << "error in curl_multi_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Add http_handle to the multi stack
   status_or_int = api.curl_multi_add_handle(&multi_handle, &http_handle);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_multi_add_handle" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   while (still_running.GetValue()) {
     sapi::v::Int numfds(0);
@@ -84,36 +92,50 @@ int main() {
     // Perform the request
     status_or_int =
         api.curl_multi_perform(&multi_handle, still_running.PtrBoth());
-    assert(status_or_int.ok());
+    if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-    assert(status_or_int.value() == CURLE_OK);
+      std::cerr << "error in curl_multi_perform" << std::endl;
+      return EXIT_FAILURE;
+    }
 
     if (still_running.GetValue()) {
       // Wait for an event or timeout
       sapi::v::NullPtr null_ptr;
       status_or_int = api.curl_multi_poll_sapi(&multi_handle, &null_ptr, 0,
                                                1000, numfds.PtrBoth());
-      assert(status_or_int.ok());
+      if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-      assert(status_or_int.value() == CURLM_OK);
+        std::cerr << "error in curl_multi_poll_sapi" << std::endl;
+        return EXIT_FAILURE;
+      }
     }
   }
 
   // Remove http_handle from the multi stack
   status_or_int = api.curl_multi_remove_handle(&multi_handle, &http_handle);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_multi_remove_handle" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Cleanup http_handle
   status = api.curl_easy_cleanup(&http_handle);
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_easy_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Cleanup multi_handle
   status_or_int = api.curl_multi_cleanup(&multi_handle);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_multi_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Cleanup curl
   status = api.curl_global_cleanup();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_global_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   return EXIT_SUCCESS;
 }

oss-internship-2020/curl/examples/example5.cc

@@ -18,23 +18,8 @@
 #include <pthread.h>
 
 #include <cstdlib>
-#include <iostream>
 
-#include "curl_sapi.sapi.h"
+#include "../sandbox.h"
-#include "sandboxed_api/util/flag.h"
-
-class CurlApiSandboxEx5 : public CurlSandbox {
- private:
-  std::unique_ptr<sandbox2::Policy> ModifyPolicy(
-      sandbox2::PolicyBuilder*) override {
-    // Return a new policy
-    return sandbox2::PolicyBuilder()
-        .DangerDefaultAllowAll()
-        .AllowUnrestrictedNetworking()
-        .AddDirectory("/lib")
-        .BuildOrDie();
-  }
-};
 
 struct thread_args {
   const char* url;
@@ -52,25 +37,38 @@ void* pull_one_url(void* args) {
 
   // Initialize the curl session
   status_or_curl = api.curl_easy_init();
-  assert(status_or_curl.ok());
+  if (!status_or_curl.ok()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return NULL;
+  }
   sapi::v::RemotePtr curl(status_or_curl.value());
-  assert(curl.GetValue());  // Checking curl != nullptr
+  if (!curl.GetValue()) {
+    std::cerr << "error in curl_easy_init" << std::endl;
+    return NULL;
+  }
 
   // Specify URL to get
   sapi::v::ConstCStr sapi_url(((thread_args*)args)->url);
   status_or_int =
       api.curl_easy_setopt_ptr(&curl, CURLOPT_URL, sapi_url.PtrBefore());
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_setopt_ptr" << std::endl;
+    return NULL;
+  }
 
   // Perform the request
   status_or_int = api.curl_easy_perform(&curl);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_easy_perform" << std::endl;
+    return NULL;
+  }
 
   // Cleanup curl
   status = api.curl_easy_cleanup(&curl);
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_easy_cleanup" << std::endl;
+    return NULL;
+  }
 
   return NULL;
 }
@@ -86,21 +84,29 @@ int main(int argc, char** argv) {
   sapi::StatusOr<int> status_or_int;
 
   // Initialize sandbox2 and sapi
-  CurlApiSandboxEx5 sandbox;
+  CurlSapiSandbox sandbox;
   status = sandbox.Init();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in sandbox Init" << std::endl;
+    return EXIT_FAILURE;
+  }
   CurlApi api(&sandbox);
 
   // Initialize curl (CURL_GLOBAL_DEFAULT = 3)
   status_or_int = api.curl_global_init(3l);
-  assert(status_or_int.ok());
+  if (!status_or_int.ok() or status_or_int.value() != CURLE_OK) {
-  assert(status_or_int.value() == CURLE_OK);
+    std::cerr << "error in curl_global_init" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   // Create the threads
   for (int i = 0; i < kThreadsnumber; ++i) {
     thread_args args = {urls[i], &api};
     int error = pthread_create(&tid[i], NULL, pull_one_url, (void*)&args);
-    assert(!error);
+    if (error) {
+      std::cerr << "error in pthread_create" << std::endl;
+      return EXIT_FAILURE;
+    }
     std::cout << "Thread " << i << " gets " << urls[i] << std::endl;
   }
 
@@ -112,7 +118,10 @@ int main(int argc, char** argv) {
 
   // Cleanup curl
   status = api.curl_global_cleanup();
-  assert(status.ok());
+  if (!status.ok()) {
+    std::cerr << "error in curl_global_cleanup" << std::endl;
+    return EXIT_FAILURE;
+  }
 
   return EXIT_SUCCESS;
 }

oss-internship-2020/curl/examples/example6.cc

@@ -0,0 +1,72 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Sandboxed version of simple.c using transactions
+// Simple HTTP GET request
+
+#include <cstdlib>
+
+#include "../sandbox.h"
+#include "sandboxed_api/transaction.h"
+
+class CurlTransaction : public sapi::Transaction {
+ public:
+  CurlTransaction(std::unique_ptr<sapi::Sandbox> sandbox)
+      : sapi::Transaction(std::move(sandbox)) {
+    sapi::Transaction::SetTimeLimit(kTimeOutVal);
+  }
+
+ private:
+  // Default timeout value for each transaction run.
+  const time_t kTimeOutVal = 2;
+
+  // The main processing function.
+  absl::Status Main() override;
+};
+
+absl::Status CurlTransaction::Main() {
+  CurlApi api(sandbox());
+
+  // Initialize the curl session
+  SAPI_ASSIGN_OR_RETURN(void* curl_remote, api.curl_easy_init())
+  sapi::v::RemotePtr curl(curl_remote);
+  TRANSACTION_FAIL_IF_NOT(curl.GetValue(), "error in curl_easy_init");
+
+  // Specify URL to get
+  sapi::v::ConstCStr url("http://example.com");
+  SAPI_ASSIGN_OR_RETURN(
+      int setopt_url_code,
+      api.curl_easy_setopt_ptr(&curl, CURLOPT_URL, url.PtrBefore()))
+  TRANSACTION_FAIL_IF_NOT(setopt_url_code == CURLE_OK,
+                          "error in curl_easy_setopt_ptr");
+
+  // Perform the request
+  SAPI_ASSIGN_OR_RETURN(int perform_code, api.curl_easy_perform(&curl))
+  TRANSACTION_FAIL_IF_NOT(setopt_url_code == CURLE_OK,
+                          "error in curl_easy_perform");
+
+  // Cleanup curl
+  TRANSACTION_FAIL_IF_NOT(api.curl_easy_cleanup(&curl).ok(),
+                          "error in curl_easy_cleanup");
+
+  return absl::OkStatus();
+}
+
+int main(int argc, char* argv[]) {
+  CurlTransaction curl{std::make_unique<CurlSapiSandbox>()};
+  absl::Status status = curl.Run();
+  CHECK(status.ok());
+
+  return EXIT_SUCCESS;
+}