From 115bf669e8fdf28339871cf805131a55f19bada2 Mon Sep 17 00:00:00 2001 From: Carlos Garnacho Date: Sat, 2 Dec 2023 11:10:27 +0100 Subject: [PATCH 1/3] tracker-extract: Reduce default task deadline duration We currently allow 30 seconds for the extractor to handle any given file. Reduce that to a default of 5 seconds which still feels a generous allotment in cpu cycles for most usual cases. But add an environment variable check, so this can be overridden in the test suite. This allows preserving the 30 seconds timeout there, to cater for possibly busy CI runners. --- src/tracker-extract/tracker-extract.c | 16 ++++++++++++++-- tests/functional-tests/meson.build | 1 + 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/tracker-extract/tracker-extract.c b/src/tracker-extract/tracker-extract.c index a2de63235..52c1e34aa 100644 --- a/src/tracker-extract/tracker-extract.c +++ b/src/tracker-extract/tracker-extract.c @@ -43,10 +43,12 @@ G_DEFINE_QUARK (TrackerExtractError, tracker_extract_error) -#define DEADLINE_SECONDS 30 +#define DEFAULT_DEADLINE_SECONDS 5 #define DEFAULT_MAX_TEXT 1048576 +static gint deadline_seconds = -1; + extern gboolean debug; typedef struct { @@ -386,8 +388,18 @@ extract_task_new (TrackerExtract *extract, task->max_text = priv->max_text; if (task->res) { + if (deadline_seconds < 0) { + const gchar *deadline_envvar; + + deadline_envvar = g_getenv ("TRACKER_EXTRACT_DEADLINE"); + if (deadline_envvar) + deadline_seconds = atoi (deadline_envvar); + else + deadline_seconds = DEFAULT_DEADLINE_SECONDS; + } + task->deadline = - g_timeout_source_new_seconds (DEADLINE_SECONDS); + g_timeout_source_new_seconds (deadline_seconds); g_source_set_callback (task->deadline, task_deadline_cb, task, NULL); g_source_attach (task->deadline, g_task_get_context (G_TASK (task->res))); diff --git a/tests/functional-tests/meson.build b/tests/functional-tests/meson.build index 3fec75e72..7a5f4cfa5 100644 --- a/tests/functional-tests/meson.build +++ b/tests/functional-tests/meson.build @@ -189,6 +189,7 @@ endif test_env.prepend('PYTHONPATH', tracker_uninstalled_testutils_dir) test_env.set('TRACKER_FUNCTIONAL_TEST_CONFIG', config_json_full_path) +test_env.set('TRACKER_EXTRACT_DEADLINE', '30') foreach t: extractor_tests data = meson.current_source_dir() / 'data/extractor-content' / t + '.expected.json' -- GitLab From 956141670c986a23c38f3af232c5d5c3933bb255 Mon Sep 17 00:00:00 2001 From: Carlos Garnacho Date: Sat, 2 Dec 2023 11:18:00 +0100 Subject: [PATCH 2/3] tests: Add "misbehavior" functional test This functional test will poke at the limits of tracker-extract-3, and replicate different kinds of misbehavior that might ever happen in it. The functional test relies on its own set of directories for the extractor rules, each of the extractor modules replicating the misbehavior, the extractor will be made to look at these paths for each test. These tests are somewhat twisted, as extractor failures are expected, and things unexpectedly going wrong are seen as blatant success. To handle this, we let these extractor modules create a "fail://" resource on unexpected success, and check that it does not exist later in the test. This also helps testing the tracker-miner-fs-3 codepaths handling failures and tracker-extract-3 restarts, which was untested previously. The modules added test the following situations: - Unexpected exit (also e.g. crashes) - Stalled extraction - Modules succeeding but returning no data - Modules not succeeding, but not providing an error - Modules inserting wrong RDF data These tests do run with a reduced extractor deadline of 5 seconds, in order to avoid CI timeouts when testing the 'stalled' test. --- tests/functional-tests/meson.build | 27 ++++++ .../test-extractor-modules/10-folder.rule | 4 + .../test-extractor-modules/10-test.rule | 8 ++ .../test-extractor-modules/meson.build | 1 + .../misbehavior/exit/exit.c | 12 +++ .../misbehavior/exit/meson.build | 4 + .../misbehavior/meson.build | 5 ++ .../misbehavior/no-data/meson.build | 4 + .../misbehavior/no-data/no-data.c | 9 ++ .../misbehavior/no-error/meson.build | 4 + .../misbehavior/no-error/no-error.c | 15 ++++ .../misbehavior/stall/meson.build | 4 + .../misbehavior/stall/stall.c | 16 ++++ .../misbehavior/wrong-sparql/meson.build | 4 + .../misbehavior/wrong-sparql/wrong-sparql.c | 14 +++ .../test_misbehavior_generic.py | 87 +++++++++++++++++++ 16 files changed, 218 insertions(+) create mode 100644 tests/functional-tests/test-extractor-modules/10-folder.rule create mode 100644 tests/functional-tests/test-extractor-modules/10-test.rule create mode 100644 tests/functional-tests/test-extractor-modules/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/exit/exit.c create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/exit/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/no-data/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/no-data/no-data.c create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/no-error/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/no-error/no-error.c create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/stall/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/stall/stall.c create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/wrong-sparql.c create mode 100644 tests/functional-tests/test_misbehavior_generic.py diff --git a/tests/functional-tests/meson.build b/tests/functional-tests/meson.build index 7a5f4cfa5..32bf0a93f 100644 --- a/tests/functional-tests/meson.build +++ b/tests/functional-tests/meson.build @@ -1,6 +1,7 @@ python = find_program('python3') subdir('mockvolumemonitor') +subdir('test-extractor-modules') # Configure functional tests to run completely from source tree. testconf = configuration_data() @@ -136,6 +137,14 @@ if libgxps.found() extractor_tests += 'office/xps-doc-1' endif +misbehavior_tests = [ + 'misbehavior/exit', + 'misbehavior/no-data', + 'misbehavior/no-error', + 'misbehavior/stall', + 'misbehavior/wrong-sparql', +] + functional_tests = [ 'test_cli', 'test_extractor_decorator', @@ -219,3 +228,21 @@ foreach t: functional_tests suite: ['functional'], timeout: 120) endforeach + +foreach t: misbehavior_tests + rules = meson.current_source_dir() / 'test-extractor-modules' + data = meson.current_build_dir() / 'test-extractor-modules' / t + test_parts = t.split('/') + test_name = test_parts[1] + test_suite = test_parts[0] + test_env.set('TRACKER_EXTRACT_DEADLINE', '5') + test(test_name, python, + args: [ + meson.current_source_dir() / 'test_misbehavior_generic.py', + rules, + data, + ], + env: test_env, + protocol: test_protocol, + suite: ['extractor', test_suite]) +endforeach diff --git a/tests/functional-tests/test-extractor-modules/10-folder.rule b/tests/functional-tests/test-extractor-modules/10-folder.rule new file mode 100644 index 000000000..c1e44ec50 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/10-folder.rule @@ -0,0 +1,4 @@ +[ExtractorRule] +MimeTypes=inode/directory; +FallbackRdfTypes=nfo:Folder; +Hash=54321 diff --git a/tests/functional-tests/test-extractor-modules/10-test.rule b/tests/functional-tests/test-extractor-modules/10-test.rule new file mode 100644 index 000000000..bf543be91 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/10-test.rule @@ -0,0 +1,8 @@ +# The same rule for all tests, TEST_EXTRACTORS_DIR is used +# to look for the different modules. +[ExtractorRule] +ModulePath=libextract-test.so +FallbackRdfTypes=nfo:Document;nfo:PlainTextDocument; +MimeTypes=text/plain +Graph=tracker:Documents +Hash=12345 diff --git a/tests/functional-tests/test-extractor-modules/meson.build b/tests/functional-tests/test-extractor-modules/meson.build new file mode 100644 index 000000000..6c0003505 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/meson.build @@ -0,0 +1 @@ +subdir('misbehavior') diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/exit/exit.c b/tests/functional-tests/test-extractor-modules/misbehavior/exit/exit.c new file mode 100644 index 000000000..2eb6f6fd8 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/exit/exit.c @@ -0,0 +1,12 @@ +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + /* Test that the miner can handle unexpected exit + * situations from the extractor (also accounts for + * SIGSYS, SIGSEGV, etc). + */ + exit (-1); +} diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/exit/meson.build b/tests/functional-tests/test-extractor-modules/misbehavior/exit/meson.build new file mode 100644 index 000000000..210a73d04 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/exit/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'exit.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/meson.build b/tests/functional-tests/test-extractor-modules/misbehavior/meson.build new file mode 100644 index 000000000..9df3af204 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/meson.build @@ -0,0 +1,5 @@ +subdir('exit') +subdir('no-data') +subdir('no-error') +subdir('stall') +subdir('wrong-sparql') diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/no-data/meson.build b/tests/functional-tests/test-extractor-modules/misbehavior/no-data/meson.build new file mode 100644 index 000000000..329ee9094 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/no-data/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'no-data.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/no-data/no-data.c b/tests/functional-tests/test-extractor-modules/misbehavior/no-data/no-data.c new file mode 100644 index 000000000..260ae61b2 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/no-data/no-data.c @@ -0,0 +1,9 @@ +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + /* Return TRUE without metadata */ + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/no-error/meson.build b/tests/functional-tests/test-extractor-modules/misbehavior/no-error/meson.build new file mode 100644 index 000000000..4b737252e --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/no-error/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'no-error.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/no-error/no-error.c b/tests/functional-tests/test-extractor-modules/misbehavior/no-error/no-error.c new file mode 100644 index 000000000..937da31f6 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/no-error/no-error.c @@ -0,0 +1,15 @@ +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + + /* Return FALSE without error */ + return FALSE; +} diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/stall/meson.build b/tests/functional-tests/test-extractor-modules/misbehavior/stall/meson.build new file mode 100644 index 000000000..9c905af77 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/stall/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'stall.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/stall/stall.c b/tests/functional-tests/test-extractor-modules/misbehavior/stall/stall.c new file mode 100644 index 000000000..1066702f8 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/stall/stall.c @@ -0,0 +1,16 @@ +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + + sleep (60); + + /* If we got here, the extractor deadline was not made effective */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/meson.build b/tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/meson.build new file mode 100644 index 000000000..7b03cb187 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'wrong-sparql.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/wrong-sparql.c b/tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/wrong-sparql.c new file mode 100644 index 000000000..b9e98d94a --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/misbehavior/wrong-sparql/wrong-sparql.c @@ -0,0 +1,14 @@ +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + + /* Insert wrong sparql */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:IDoNotExist"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test_misbehavior_generic.py b/tests/functional-tests/test_misbehavior_generic.py new file mode 100644 index 000000000..320aa254c --- /dev/null +++ b/tests/functional-tests/test_misbehavior_generic.py @@ -0,0 +1,87 @@ +# Copyright (C) 2023, Red Hat Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# Author: Carlos Garnacho + +""" +Tests misbehavior of tracker-extract modules. +""" + +import os +import shutil +import sys +import unittest as ut + +import configuration as cfg +import fixtures + +RULES_DIR = "" +EXTRACTOR_DIR = "" + +class MisbehaviorTest(fixtures.TrackerMinerTest): + """ + Tests crawling and monitoring of configured content locations. + """ + + def environment(self): + extra_env = cfg.test_environment(self.workdir) + extra_env["TRACKER_EXTRACTOR_RULES_DIR"] = RULES_DIR + extra_env["TRACKER_EXTRACTORS_DIR"] = EXTRACTOR_DIR + return extra_env + + def setUp(self): + monitored_files = self.create_test_data() + + try: + # Start the miner. + fixtures.TrackerMinerTest.setUp(self) + + for tf in monitored_files: + url = self.uri(tf) + self.tracker.ensure_resource( + fixtures.FILESYSTEM_GRAPH, + f"a nfo:FileDataObject; nie:url '{url}' ; tracker:extractorHash ?hash", + timeout=cfg.AWAIT_TIMEOUT, + ) + except Exception: + cfg.remove_monitored_test_dir(self.workdir) + raise + + def create_test_data(self): + monitored_files = [ + "test-monitored/file1.txt", + ] + + for tf in monitored_files: + testfile = self.path(tf) + os.makedirs(os.path.dirname(testfile), exist_ok=True) + with open(testfile, "w") as f: + f.write('Some text') + + return monitored_files + + def test_misbehavior(self): + self.assertEqual(self.tracker.query('ASK { a rdfs:Resource }'), [['false']]); + +if __name__ == "__main__": + if len(sys.argv) < 3: + sys.stderr.write("ERROR: missing rules dir and extractor module path arguments") + sys.exit(1) + + RULES_DIR = sys.argv.pop(1) + EXTRACTOR_DIR = sys.argv.pop(1) + fixtures.tracker_test_main() -- GitLab From 765dec9f9ac921a20b3c650d26389aee8a53a859 Mon Sep 17 00:00:00 2001 From: Carlos Garnacho Date: Sat, 2 Dec 2023 11:34:01 +0100 Subject: [PATCH 3/3] tests: Add set of "malice" misbehavior tests These tests (and extractor modules) attempt "malicious" things, and expect the sandbox to curb the attempts. Covered by the tests: - DBus access (extends to any local socket) - Network access - Fork and execution - Filesystem write - Filesystem read in disallowed locations - Attempts to truncate files --- tests/functional-tests/meson.build | 11 ++++ .../malice/dbus-access/dbus-access.c | 26 ++++++++++ .../malice/dbus-access/meson.build | 4 ++ .../test-extractor-modules/malice/exec/exec.c | 32 ++++++++++++ .../malice/exec/meson.build | 4 ++ .../malice/fs-read-trunc/fs-read-trunc.c | 26 ++++++++++ .../malice/fs-read-trunc/meson.build | 4 ++ .../malice/fs-read/fs-read.c | 34 +++++++++++++ .../malice/fs-read/meson.build | 4 ++ .../malice/fs-write/fs-write.c | 51 +++++++++++++++++++ .../malice/fs-write/meson.build | 4 ++ .../test-extractor-modules/malice/meson.build | 6 +++ .../malice/net-access/meson.build | 4 ++ .../malice/net-access/net-access.c | 50 ++++++++++++++++++ .../test-extractor-modules/meson.build | 1 + 15 files changed, 261 insertions(+) create mode 100644 tests/functional-tests/test-extractor-modules/malice/dbus-access/dbus-access.c create mode 100644 tests/functional-tests/test-extractor-modules/malice/dbus-access/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/malice/exec/exec.c create mode 100644 tests/functional-tests/test-extractor-modules/malice/exec/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/fs-read-trunc.c create mode 100644 tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/malice/fs-read/fs-read.c create mode 100644 tests/functional-tests/test-extractor-modules/malice/fs-read/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/malice/fs-write/fs-write.c create mode 100644 tests/functional-tests/test-extractor-modules/malice/fs-write/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/malice/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/malice/net-access/meson.build create mode 100644 tests/functional-tests/test-extractor-modules/malice/net-access/net-access.c diff --git a/tests/functional-tests/meson.build b/tests/functional-tests/meson.build index 32bf0a93f..826f6a010 100644 --- a/tests/functional-tests/meson.build +++ b/tests/functional-tests/meson.build @@ -145,6 +145,17 @@ misbehavior_tests = [ 'misbehavior/wrong-sparql', ] +if libseccomp.found() and have_landlock + misbehavior_tests += [ + 'malice/dbus-access', + 'malice/exec', + 'malice/fs-read', + 'malice/fs-read-trunc', + 'malice/fs-write', + 'malice/net-access', + ] +endif + functional_tests = [ 'test_cli', 'test_extractor_decorator', diff --git a/tests/functional-tests/test-extractor-modules/malice/dbus-access/dbus-access.c b/tests/functional-tests/test-extractor-modules/malice/dbus-access/dbus-access.c new file mode 100644 index 000000000..0ddc8bb7d --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/dbus-access/dbus-access.c @@ -0,0 +1,26 @@ +#include + +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + g_autoptr (GDBusConnection) conn = NULL; + g_autoptr (GError) dbus_error = NULL; + + /* Attempt to open a dbus connection */ + conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, &dbus_error); + if (conn || !g_error_matches (dbus_error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED)) + goto fail; + + return TRUE; + + fail: + /* Hint unexpected success with a fail:// resource */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/malice/dbus-access/meson.build b/tests/functional-tests/test-extractor-modules/malice/dbus-access/meson.build new file mode 100644 index 000000000..cdb64d67e --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/dbus-access/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'dbus-access.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/malice/exec/exec.c b/tests/functional-tests/test-extractor-modules/malice/exec/exec.c new file mode 100644 index 000000000..8bc2d1ca7 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/exec/exec.c @@ -0,0 +1,32 @@ +#include + +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + g_autoptr (GError) inner_error = NULL; + int wait_status; + gboolean retval; + + /* Check that child processes are also constrained */ + if (g_spawn_command_line_sync ("/bin/true", + NULL, NULL, &wait_status, + NULL)) { + retval = g_spawn_check_wait_status (wait_status, &inner_error); + if (retval) + goto fail; + if (!inner_error) + goto fail; + } + + return TRUE; + fail: + /* Hint unexpected success with a fail:// resource */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/malice/exec/meson.build b/tests/functional-tests/test-extractor-modules/malice/exec/meson.build new file mode 100644 index 000000000..dcf132a0a --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/exec/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'exec.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/fs-read-trunc.c b/tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/fs-read-trunc.c new file mode 100644 index 000000000..1e8a5f981 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/fs-read-trunc.c @@ -0,0 +1,26 @@ +#include + +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + g_autofree gchar *path = NULL; + int fd; + + path = g_file_get_path (tracker_extract_info_get_file (info)); + /* Attempt to truncate the file */ + fd = open (path, O_RDONLY | O_TRUNC); + if (fd >= 0) + goto fail; + + return TRUE; + fail: + /* Hint unexpected success with a fail:// resource */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/meson.build b/tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/meson.build new file mode 100644 index 000000000..1e414c4ea --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/fs-read-trunc/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'fs-read-trunc.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/malice/fs-read/fs-read.c b/tests/functional-tests/test-extractor-modules/malice/fs-read/fs-read.c new file mode 100644 index 000000000..1a75137b7 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/fs-read/fs-read.c @@ -0,0 +1,34 @@ +#include + +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + g_autofree gchar *home_parent = NULL; + int fd; + + /* Attempt to read files from disallowed locations */ + fd = open ("/proc/cmdline", O_RDONLY); + if (fd >= 0) + goto fail; + + fd = open ("/etc/motd", O_RDONLY); + if (fd >= 0) + goto fail; + + home_parent = g_path_get_dirname (g_get_home_dir ()); + fd = open (home_parent, O_RDONLY | O_DIRECTORY); + if (fd >= 0) + goto fail; + + return TRUE; + fail: + /* Hint unexpected success with a fail:// resource */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/malice/fs-read/meson.build b/tests/functional-tests/test-extractor-modules/malice/fs-read/meson.build new file mode 100644 index 000000000..ffae52f88 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/fs-read/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'fs-read.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/malice/fs-write/fs-write.c b/tests/functional-tests/test-extractor-modules/malice/fs-write/fs-write.c new file mode 100644 index 000000000..afa02753c --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/fs-write/fs-write.c @@ -0,0 +1,51 @@ +#include + +#include + +static int +try_open (const gchar *path) +{ + int fd; + + fd = open (path, O_RDWR); + if (fd >= 0) + return fd; + + fd = open (path, O_WRONLY); + if (fd >= 0) + return fd; + + return -1; +} + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + g_autofree gchar *tmpfile = NULL, *file = NULL; + int fd; + + /* Attempt to open files with write permissions */ + tmpfile = g_build_filename (g_get_tmp_dir (), "bwahaha.txt", NULL); + fd = try_open (tmpfile); + if (fd >= 0) + goto fail; + if (g_file_test (tmpfile, G_FILE_TEST_EXISTS)) + return fd; + + /* Attempt to open files with write permissions */ + file = g_file_get_path (tracker_extract_info_get_file (info)); + fd = try_open (file); + if (fd >= 0) + goto fail; + + return TRUE; + fail: + close (fd); + /* Hint unexpected success with a fail:// resource */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/malice/fs-write/meson.build b/tests/functional-tests/test-extractor-modules/malice/fs-write/meson.build new file mode 100644 index 000000000..88fffe907 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/fs-write/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'fs-write.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/malice/meson.build b/tests/functional-tests/test-extractor-modules/malice/meson.build new file mode 100644 index 000000000..e9568cb12 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/meson.build @@ -0,0 +1,6 @@ +subdir('dbus-access') +subdir('exec') +subdir('fs-read') +subdir('fs-read-trunc') +subdir('fs-write') +subdir('net-access') diff --git a/tests/functional-tests/test-extractor-modules/malice/net-access/meson.build b/tests/functional-tests/test-extractor-modules/malice/net-access/meson.build new file mode 100644 index 000000000..55b978c36 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/net-access/meson.build @@ -0,0 +1,4 @@ +shared_module('extract-test', 'net-access.c', + c_args: tracker_c_args, + dependencies: [tracker_extract_dep], +) diff --git a/tests/functional-tests/test-extractor-modules/malice/net-access/net-access.c b/tests/functional-tests/test-extractor-modules/malice/net-access/net-access.c new file mode 100644 index 000000000..99fe8efc3 --- /dev/null +++ b/tests/functional-tests/test-extractor-modules/malice/net-access/net-access.c @@ -0,0 +1,50 @@ +#include + +#include +#include +#include +#include +#include +#include + +G_MODULE_EXPORT gboolean +tracker_extract_get_metadata (TrackerExtractInfo *info, + GError **error) +{ + TrackerResource *resource; + int fd; + + /* Try to get sockets of different families/types */ + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd >= 0) + goto fail; + + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd >= 0) + goto fail; + + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd >= 0) + goto fail; + + fd = socket(AF_INET6, SOCK_STREAM, 0); + if (fd >= 0) + goto fail; + + fd = socket(AF_INET6, SOCK_DGRAM, 0); + if (fd >= 0) + goto fail; + + fd = socket(AF_NETLINK, SOCK_STREAM, 0); + if (fd >= 0) + goto fail; + + return TRUE; + + fail: + /* Hint unexpected success with a fail:// resource */ + resource = tracker_resource_new ("fail://"); + tracker_resource_add_uri (resource, "rdf:type", "rdfs:Resource"); + tracker_extract_info_set_resource (info, resource); + return TRUE; +} diff --git a/tests/functional-tests/test-extractor-modules/meson.build b/tests/functional-tests/test-extractor-modules/meson.build index 6c0003505..e7014bd08 100644 --- a/tests/functional-tests/test-extractor-modules/meson.build +++ b/tests/functional-tests/test-extractor-modules/meson.build @@ -1 +1,2 @@ +subdir('malice') subdir('misbehavior') -- GitLab