From 18bb9c0cd8e8b8f74347eef1a5afabe6233159d7 Mon Sep 17 00:00:00 2001
From: Robin Haberkorn <robin.haberkorn@googlemail.com>
Date: Sun, 3 Nov 2024 16:15:01 +0300
Subject: Added "infinite monkey"-style test (refs #26)

Supposing that any monkey hitting keys on a typewriter, serving as a hardcopy
SciTECO terminal, will sooner or later trigger bugs and crash the application,
the new monkey-test.apl script emulates such a monkey.
In fact it's a bit more elaborate as the generated macro follows the frequency
distribution extracted from the corpus of SciTECO macro files (via monkey-parse.apl).
This it is hoped, increases the chance to get into "interesting" parser states.

This also adds a new hidden --sandbox argument, but it works only on FreeBSD (via Capsicum)
so far. In sandbox mode, we cannot open any file or execute external commands.
It is made sure, that SciTECO cannot assert in sandbox mode for scripts that would
run without --sandbox, since assertions are the kind of things we would like to detect.
SciTECO must be sandboxed during "infinite monkey" tests, so it cannot accidentally
do any harm on the system running the tests.
All macros in sandbox mode must currently be passed via --eval.
Alternatively, we could add a test compilation unit and generate the test data
directly in memory via C code.

The new scripts are written in GNU APL 1.9 and will probably work only under FreeBSD.
These scripts are not meant to be run by everyone.
---
 src/spawn.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'src/spawn.c')

diff --git a/src/spawn.c b/src/spawn.c
index 7a5736c..9816975 100644
--- a/src/spawn.c
+++ b/src/spawn.c
@@ -30,6 +30,10 @@
 #include <windows.h>
 #endif
 
+#ifdef HAVE_SYS_CAPSICUM_H
+#include <sys/capsicum.h>
+#endif
+
 #include "sciteco.h"
 #include "interface.h"
 #include "undo.h"
@@ -268,6 +272,20 @@ teco_state_execute_done(teco_machine_main_t *ctx, const teco_string_t *str, GErr
 	g_autoptr(GIOChannel) stdin_chan = NULL, stdout_chan = NULL;
 	g_auto(GStrv) argv = NULL, envp = NULL;
 
+#ifdef HAVE_CAP_GETMODE
+	/*
+	 * If we don't explicitly check for sandboxing, glib could assert
+	 * internally and we want to detect all unexpected assertions
+	 * in "infinite monkey"-style tests.
+	 */
+	u_int sandbox_mode;
+	if (G_UNLIKELY(cap_getmode(&sandbox_mode) || sandbox_mode)) {
+		g_set_error(error, TECO_ERROR, TECO_ERROR_FAILED,
+		            "Forbidden in Capsicum sandbox");
+		goto gerror;
+	}
+#endif
+
 	if (!str->len || teco_string_contains(str, '\0')) {
 		g_set_error(error, TECO_ERROR, TECO_ERROR_FAILED,
 		            "Command line must not be empty or contain null-bytes");
-- 
cgit v1.2.3