clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-25 23:24:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

migrating execpolicy -> execpolicy-legacy and execpolicy2 -> execpolicy (#6956)

Browse Source
This commit is contained in:
zhao-oai
2025-11-19 19:14:10 -08:00
committed by GitHub
parent 72a1453ac5
commit fb9849e1e3
52 changed files with 938 additions and 931 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
codex-rs/execpolicy/tests/all.rs
View File

@@ -1,3 +0,0 @@
// Single integration test binary that aggregates all test modules.
// The submodules live in `tests/suite/`.
mod suite;

375
codex-rs/execpolicy/tests/basic.rs Normal file
View File

@@ -0,0 +1,375 @@
use std::any::Any;
use std::sync::Arc;
use codex_execpolicy::Decision;
use codex_execpolicy::Evaluation;
use codex_execpolicy::PolicyParser;
use codex_execpolicy::RuleMatch;
use codex_execpolicy::RuleRef;
use codex_execpolicy::rule::PatternToken;
use codex_execpolicy::rule::PrefixPattern;
use codex_execpolicy::rule::PrefixRule;
use pretty_assertions::assert_eq;
fn tokens(cmd: &[&str]) -> Vec<String> {
cmd.iter().map(std::string::ToString::to_string).collect()
}
#[derive(Clone, Debug, Eq, PartialEq)]
enum RuleSnapshot {
Prefix(PrefixRule),
}
fn rule_snapshots(rules: &[RuleRef]) -> Vec<RuleSnapshot> {
rules
.iter()
.map(|rule| {
let rule_any = rule.as_ref() as &dyn Any;
if let Some(prefix_rule) = rule_any.downcast_ref::<PrefixRule>() {
RuleSnapshot::Prefix(prefix_rule.clone())
} else {
panic!("unexpected rule type in RuleRef: {rule:?}");
}
})
.collect()
}
#[test]
fn basic_match() {
let policy_src = r#"
prefix_rule(
pattern = ["git", "status"],
)
"#;
let mut parser = PolicyParser::new();
parser
.parse("test.codexpolicy", policy_src)
.expect("parse policy");
let policy = parser.build();
let cmd = tokens(&["git", "status"]);
let evaluation = policy.check(&cmd);
assert_eq!(
Evaluation::Match {
decision: Decision::Allow,
matched_rules: vec![RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git", "status"]),
decision: Decision::Allow,
}],
},
evaluation
);
}
#[test]
fn parses_multiple_policy_files() {
let first_policy = r#"
prefix_rule(
pattern = ["git"],
decision = "prompt",
)
"#;
let second_policy = r#"
prefix_rule(
pattern = ["git", "commit"],
decision = "forbidden",
)
"#;
let mut parser = PolicyParser::new();
parser
.parse("first.codexpolicy", first_policy)
.expect("parse policy");
parser
.parse("second.codexpolicy", second_policy)
.expect("parse policy");
let policy = parser.build();
let git_rules = rule_snapshots(policy.rules().get_vec("git").expect("git rules"));
assert_eq!(
vec![
RuleSnapshot::Prefix(PrefixRule {
pattern: PrefixPattern {
first: Arc::from("git"),
rest: Vec::<PatternToken>::new().into(),
},
decision: Decision::Prompt,
}),
RuleSnapshot::Prefix(PrefixRule {
pattern: PrefixPattern {
first: Arc::from("git"),
rest: vec![PatternToken::Single("commit".to_string())].into(),
},
decision: Decision::Forbidden,
}),
],
git_rules
);
let status_eval = policy.check(&tokens(&["git", "status"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Prompt,
matched_rules: vec![RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git"]),
decision: Decision::Prompt,
}],
},
status_eval
);
let commit_eval = policy.check(&tokens(&["git", "commit", "-m", "hi"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Forbidden,
matched_rules: vec![
RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git"]),
decision: Decision::Prompt,
},
RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git", "commit"]),
decision: Decision::Forbidden,
},
],
},
commit_eval
);
}
#[test]
fn only_first_token_alias_expands_to_multiple_rules() {
let policy_src = r#"
prefix_rule(
pattern = [["bash", "sh"], ["-c", "-l"]],
)
"#;
let mut parser = PolicyParser::new();
parser
.parse("test.codexpolicy", policy_src)
.expect("parse policy");
let policy = parser.build();
let bash_rules = rule_snapshots(policy.rules().get_vec("bash").expect("bash rules"));
let sh_rules = rule_snapshots(policy.rules().get_vec("sh").expect("sh rules"));
assert_eq!(
vec![RuleSnapshot::Prefix(PrefixRule {
pattern: PrefixPattern {
first: Arc::from("bash"),
rest: vec![PatternToken::Alts(vec!["-c".to_string(), "-l".to_string()])].into(),
},
decision: Decision::Allow,
})],
bash_rules
);
assert_eq!(
vec![RuleSnapshot::Prefix(PrefixRule {
pattern: PrefixPattern {
first: Arc::from("sh"),
rest: vec![PatternToken::Alts(vec!["-c".to_string(), "-l".to_string()])].into(),
},
decision: Decision::Allow,
})],
sh_rules
);
let bash_eval = policy.check(&tokens(&["bash", "-c", "echo", "hi"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Allow,
matched_rules: vec![RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["bash", "-c"]),
decision: Decision::Allow,
}],
},
bash_eval
);
let sh_eval = policy.check(&tokens(&["sh", "-l", "echo", "hi"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Allow,
matched_rules: vec![RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["sh", "-l"]),
decision: Decision::Allow,
}],
},
sh_eval
);
}
#[test]
fn tail_aliases_are_not_cartesian_expanded() {
let policy_src = r#"
prefix_rule(
pattern = ["npm", ["i", "install"], ["--legacy-peer-deps", "--no-save"]],
)
"#;
let mut parser = PolicyParser::new();
parser
.parse("test.codexpolicy", policy_src)
.expect("parse policy");
let policy = parser.build();
let rules = rule_snapshots(policy.rules().get_vec("npm").expect("npm rules"));
assert_eq!(
vec![RuleSnapshot::Prefix(PrefixRule {
pattern: PrefixPattern {
first: Arc::from("npm"),
rest: vec![
PatternToken::Alts(vec!["i".to_string(), "install".to_string()]),
PatternToken::Alts(vec![
"--legacy-peer-deps".to_string(),
"--no-save".to_string(),
]),
]
.into(),
},
decision: Decision::Allow,
})],
rules
);
let npm_i = policy.check(&tokens(&["npm", "i", "--legacy-peer-deps"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Allow,
matched_rules: vec![RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["npm", "i", "--legacy-peer-deps"]),
decision: Decision::Allow,
}],
},
npm_i
);
let npm_install = policy.check(&tokens(&["npm", "install", "--no-save", "leftpad"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Allow,
matched_rules: vec![RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["npm", "install", "--no-save"]),
decision: Decision::Allow,
}],
},
npm_install
);
}
#[test]
fn match_and_not_match_examples_are_enforced() {
let policy_src = r#"
prefix_rule(
pattern = ["git", "status"],
match = [["git", "status"], "git status"],
not_match = [
["git", "--config", "color.status=always", "status"],
"git --config color.status=always status",
],
)
"#;
let mut parser = PolicyParser::new();
parser
.parse("test.codexpolicy", policy_src)
.expect("parse policy");
let policy = parser.build();
let match_eval = policy.check(&tokens(&["git", "status"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Allow,
matched_rules: vec![RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git", "status"]),
decision: Decision::Allow,
}],
},
match_eval
);
let no_match_eval = policy.check(&tokens(&[
"git",
"--config",
"color.status=always",
"status",
]));
assert_eq!(Evaluation::NoMatch, no_match_eval);
}
#[test]
fn strictest_decision_wins_across_matches() {
let policy_src = r#"
prefix_rule(
pattern = ["git"],
decision = "prompt",
)
prefix_rule(
pattern = ["git", "commit"],
decision = "forbidden",
)
"#;
let mut parser = PolicyParser::new();
parser
.parse("test.codexpolicy", policy_src)
.expect("parse policy");
let policy = parser.build();
let commit = policy.check(&tokens(&["git", "commit", "-m", "hi"]));
assert_eq!(
Evaluation::Match {
decision: Decision::Forbidden,
matched_rules: vec![
RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git"]),
decision: Decision::Prompt,
},
RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git", "commit"]),
decision: Decision::Forbidden,
},
],
},
commit
);
}
#[test]
fn strictest_decision_across_multiple_commands() {
let policy_src = r#"
prefix_rule(
pattern = ["git"],
decision = "prompt",
)
prefix_rule(
pattern = ["git", "commit"],
decision = "forbidden",
)
"#;
let mut parser = PolicyParser::new();
parser
.parse("test.codexpolicy", policy_src)
.expect("parse policy");
let policy = parser.build();
let commands = vec![
tokens(&["git", "status"]),
tokens(&["git", "commit", "-m", "hi"]),
];
let evaluation = policy.check_multiple(&commands);
assert_eq!(
Evaluation::Match {
decision: Decision::Forbidden,
matched_rules: vec![
RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git"]),
decision: Decision::Prompt,
},
RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git"]),
decision: Decision::Prompt,
},
RuleMatch::PrefixRuleMatch {
matched_prefix: tokens(&["git", "commit"]),
decision: Decision::Forbidden,
},
],
},
evaluation
);
}

9
codex-rs/execpolicy/tests/suite/bad.rs
View File

@@ -1,9 +0,0 @@
use codex_execpolicy::NegativeExamplePassedCheck;
use codex_execpolicy::get_default_policy;
#[test]
fn verify_everything_in_bad_list_is_rejected() {
let policy = get_default_policy().expect("failed to load default policy");
let violations = policy.check_each_bad_list_individually();
assert_eq!(Vec::<NegativeExamplePassedCheck>::new(), violations);
}

86
codex-rs/execpolicy/tests/suite/cp.rs
View File

@@ -1,86 +0,0 @@
extern crate codex_execpolicy;
use codex_execpolicy::ArgMatcher;
use codex_execpolicy::ArgType;
use codex_execpolicy::Error;
use codex_execpolicy::ExecCall;
use codex_execpolicy::MatchedArg;
use codex_execpolicy::MatchedExec;
use codex_execpolicy::Policy;
use codex_execpolicy::Result;
use codex_execpolicy::ValidExec;
use codex_execpolicy::get_default_policy;
#[expect(clippy::expect_used)]
fn setup() -> Policy {
get_default_policy().expect("failed to load default policy")
}
#[test]
fn test_cp_no_args() {
let policy = setup();
let cp = ExecCall::new("cp", &[]);
assert_eq!(
Err(Error::NotEnoughArgs {
program: "cp".to_string(),
args: vec![],
arg_patterns: vec![ArgMatcher::ReadableFiles, ArgMatcher::WriteableFile]
}),
policy.check(&cp)
)
}
#[test]
fn test_cp_one_arg() {
let policy = setup();
let cp = ExecCall::new("cp", &["foo/bar"]);
assert_eq!(
Err(Error::VarargMatcherDidNotMatchAnything {
program: "cp".to_string(),
matcher: ArgMatcher::ReadableFiles,
}),
policy.check(&cp)
);
}
#[test]
fn test_cp_one_file() -> Result<()> {
let policy = setup();
let cp = ExecCall::new("cp", &["foo/bar", "../baz"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec::new(
"cp",
vec![
MatchedArg::new(0, ArgType::ReadableFile, "foo/bar")?,
MatchedArg::new(1, ArgType::WriteableFile, "../baz")?,
],
&["/bin/cp", "/usr/bin/cp"]
)
}),
policy.check(&cp)
);
Ok(())
}
#[test]
fn test_cp_multiple_files() -> Result<()> {
let policy = setup();
let cp = ExecCall::new("cp", &["foo", "bar", "baz"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec::new(
"cp",
vec![
MatchedArg::new(0, ArgType::ReadableFile, "foo")?,
MatchedArg::new(1, ArgType::ReadableFile, "bar")?,
MatchedArg::new(2, ArgType::WriteableFile, "baz")?,
],
&["/bin/cp", "/usr/bin/cp"]
)
}),
policy.check(&cp)
);
Ok(())
}

9
codex-rs/execpolicy/tests/suite/good.rs
View File

@@ -1,9 +0,0 @@
use codex_execpolicy::PositiveExampleFailedCheck;
use codex_execpolicy::get_default_policy;
#[test]
fn verify_everything_in_good_list_is_allowed() {
let policy = get_default_policy().expect("failed to load default policy");
let violations = policy.check_each_good_list_individually();
assert_eq!(Vec::<PositiveExampleFailedCheck>::new(), violations);
}

136
codex-rs/execpolicy/tests/suite/head.rs
View File

@@ -1,136 +0,0 @@
use codex_execpolicy::ArgMatcher;
use codex_execpolicy::ArgType;
use codex_execpolicy::Error;
use codex_execpolicy::ExecCall;
use codex_execpolicy::MatchedArg;
use codex_execpolicy::MatchedExec;
use codex_execpolicy::MatchedOpt;
use codex_execpolicy::Policy;
use codex_execpolicy::Result;
use codex_execpolicy::ValidExec;
use codex_execpolicy::get_default_policy;
extern crate codex_execpolicy;
#[expect(clippy::expect_used)]
fn setup() -> Policy {
get_default_policy().expect("failed to load default policy")
}
#[test]
fn test_head_no_args() {
let policy = setup();
let head = ExecCall::new("head", &[]);
// It is actually valid to call `head` without arguments: it will read from
// stdin instead of from a file. Though recall that a command rejected by
// the policy is not "unsafe:" it just means that this library cannot
// *guarantee* that the command is safe.
//
// If we start verifying individual components of a shell command, such as:
// `find . -name | head -n 10`, then it might be important to allow the
// no-arg case.
assert_eq!(
Err(Error::VarargMatcherDidNotMatchAnything {
program: "head".to_string(),
matcher: ArgMatcher::ReadableFiles,
}),
policy.check(&head)
)
}
#[test]
fn test_head_one_file_no_flags() -> Result<()> {
let policy = setup();
let head = ExecCall::new("head", &["src/extension.ts"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec::new(
"head",
vec![MatchedArg::new(
0,
ArgType::ReadableFile,
"src/extension.ts"
)?],
&["/bin/head", "/usr/bin/head"]
)
}),
policy.check(&head)
);
Ok(())
}
#[test]
fn test_head_one_flag_one_file() -> Result<()> {
let policy = setup();
let head = ExecCall::new("head", &["-n", "100", "src/extension.ts"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "head".to_string(),
flags: vec![],
opts: vec![
MatchedOpt::new("-n", "100", ArgType::PositiveInteger)
.expect("should validate")
],
args: vec![MatchedArg::new(
2,
ArgType::ReadableFile,
"src/extension.ts"
)?],
system_path: vec!["/bin/head".to_string(), "/usr/bin/head".to_string()],
}
}),
policy.check(&head)
);
Ok(())
}
#[test]
fn test_head_invalid_n_as_0() {
let policy = setup();
let head = ExecCall::new("head", &["-n", "0", "src/extension.ts"]);
assert_eq!(
Err(Error::InvalidPositiveInteger {
value: "0".to_string(),
}),
policy.check(&head)
)
}
#[test]
fn test_head_invalid_n_as_nonint_float() {
let policy = setup();
let head = ExecCall::new("head", &["-n", "1.5", "src/extension.ts"]);
assert_eq!(
Err(Error::InvalidPositiveInteger {
value: "1.5".to_string(),
}),
policy.check(&head)
)
}
#[test]
fn test_head_invalid_n_as_float() {
let policy = setup();
let head = ExecCall::new("head", &["-n", "1.0", "src/extension.ts"]);
assert_eq!(
Err(Error::InvalidPositiveInteger {
value: "1.0".to_string(),
}),
policy.check(&head)
)
}
#[test]
fn test_head_invalid_n_as_negative_int() {
let policy = setup();
let head = ExecCall::new("head", &["-n", "-1", "src/extension.ts"]);
assert_eq!(
Err(Error::OptionFollowedByOptionInsteadOfValue {
program: "head".to_string(),
option: "-n".to_string(),
value: "-1".to_string(),
}),
policy.check(&head)
)
}

50
codex-rs/execpolicy/tests/suite/literal.rs
View File

@@ -1,50 +0,0 @@
use codex_execpolicy::ArgType;
use codex_execpolicy::Error;
use codex_execpolicy::ExecCall;
use codex_execpolicy::MatchedArg;
use codex_execpolicy::MatchedExec;
use codex_execpolicy::PolicyParser;
use codex_execpolicy::Result;
use codex_execpolicy::ValidExec;
extern crate codex_execpolicy;
#[test]
fn test_invalid_subcommand() -> Result<()> {
let unparsed_policy = r#"
define_program(
program="fake_executable",
args=["subcommand", "sub-subcommand"],
)
"#;
let parser = PolicyParser::new("test_invalid_subcommand", unparsed_policy);
let policy = parser.parse().expect("failed to parse policy");
let valid_call = ExecCall::new("fake_executable", &["subcommand", "sub-subcommand"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec::new(
"fake_executable",
vec![
MatchedArg::new(0, ArgType::Literal("subcommand".to_string()), "subcommand")?,
MatchedArg::new(
1,
ArgType::Literal("sub-subcommand".to_string()),
"sub-subcommand"
)?,
],
&[]
)
}),
policy.check(&valid_call)
);
let invalid_call = ExecCall::new("fake_executable", &["subcommand", "not-a-real-subcommand"]);
assert_eq!(
Err(Error::LiteralValueDidNotMatch {
expected: "sub-subcommand".to_string(),
actual: "not-a-real-subcommand".to_string()
}),
policy.check(&invalid_call)
);
Ok(())
}

167
codex-rs/execpolicy/tests/suite/ls.rs
View File

@@ -1,167 +0,0 @@
extern crate codex_execpolicy;
use codex_execpolicy::ArgType;
use codex_execpolicy::Error;
use codex_execpolicy::ExecCall;
use codex_execpolicy::MatchedArg;
use codex_execpolicy::MatchedExec;
use codex_execpolicy::MatchedFlag;
use codex_execpolicy::Policy;
use codex_execpolicy::Result;
use codex_execpolicy::ValidExec;
use codex_execpolicy::get_default_policy;
#[expect(clippy::expect_used)]
fn setup() -> Policy {
get_default_policy().expect("failed to load default policy")
}
#[test]
fn test_ls_no_args() {
let policy = setup();
let ls = ExecCall::new("ls", &[]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec::new("ls", vec![], &["/bin/ls", "/usr/bin/ls"])
}),
policy.check(&ls)
);
}
#[test]
fn test_ls_dash_a_dash_l() {
let policy = setup();
let args = &["-a", "-l"];
let ls_a_l = ExecCall::new("ls", args);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "ls".into(),
flags: vec![MatchedFlag::new("-a"), MatchedFlag::new("-l")],
system_path: ["/bin/ls".into(), "/usr/bin/ls".into()].into(),
..Default::default()
}
}),
policy.check(&ls_a_l)
);
}
#[test]
fn test_ls_dash_z() {
let policy = setup();
// -z is currently an invalid option for ls, but it has so many options,
// perhaps it will get added at some point...
let ls_z = ExecCall::new("ls", &["-z"]);
assert_eq!(
Err(Error::UnknownOption {
program: "ls".into(),
option: "-z".into()
}),
policy.check(&ls_z)
);
}
#[test]
fn test_ls_dash_al() {
let policy = setup();
// This currently fails, but it should pass once option_bundling=True is implemented.
let ls_al = ExecCall::new("ls", &["-al"]);
assert_eq!(
Err(Error::UnknownOption {
program: "ls".into(),
option: "-al".into()
}),
policy.check(&ls_al)
);
}
#[test]
fn test_ls_one_file_arg() -> Result<()> {
let policy = setup();
let ls_one_file_arg = ExecCall::new("ls", &["foo"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec::new(
"ls",
vec![MatchedArg::new(0, ArgType::ReadableFile, "foo")?],
&["/bin/ls", "/usr/bin/ls"]
)
}),
policy.check(&ls_one_file_arg)
);
Ok(())
}
#[test]
fn test_ls_multiple_file_args() -> Result<()> {
let policy = setup();
let ls_multiple_file_args = ExecCall::new("ls", &["foo", "bar", "baz"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec::new(
"ls",
vec![
MatchedArg::new(0, ArgType::ReadableFile, "foo")?,
MatchedArg::new(1, ArgType::ReadableFile, "bar")?,
MatchedArg::new(2, ArgType::ReadableFile, "baz")?,
],
&["/bin/ls", "/usr/bin/ls"]
)
}),
policy.check(&ls_multiple_file_args)
);
Ok(())
}
#[test]
fn test_ls_multiple_flags_and_file_args() -> Result<()> {
let policy = setup();
let ls_multiple_flags_and_file_args = ExecCall::new("ls", &["-l", "-a", "foo", "bar", "baz"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "ls".into(),
flags: vec![MatchedFlag::new("-l"), MatchedFlag::new("-a")],
args: vec![
MatchedArg::new(2, ArgType::ReadableFile, "foo")?,
MatchedArg::new(3, ArgType::ReadableFile, "bar")?,
MatchedArg::new(4, ArgType::ReadableFile, "baz")?,
],
system_path: ["/bin/ls".into(), "/usr/bin/ls".into()].into(),
..Default::default()
}
}),
policy.check(&ls_multiple_flags_and_file_args)
);
Ok(())
}
#[test]
fn test_flags_after_file_args() -> Result<()> {
let policy = setup();
// TODO(mbolin): While this is "safe" in that it will not do anything bad
// to the user's machine, it will fail because apparently `ls` does not
// allow flags after file arguments (as some commands do). We should
// extend define_program() to make this part of the configuration so that
// this command is disallowed.
let ls_flags_after_file_args = ExecCall::new("ls", &["foo", "-l"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "ls".into(),
flags: vec![MatchedFlag::new("-l")],
args: vec![MatchedArg::new(0, ArgType::ReadableFile, "foo")?],
system_path: ["/bin/ls".into(), "/usr/bin/ls".into()].into(),
..Default::default()
}
}),
policy.check(&ls_flags_after_file_args)
);
Ok(())
}

10
codex-rs/execpolicy/tests/suite/mod.rs
View File

@@ -1,10 +0,0 @@
// Aggregates all former standalone integration tests as modules.
mod bad;
mod cp;
mod good;
mod head;
mod literal;
mod ls;
mod parse_sed_command;
mod pwd;
mod sed;

23
codex-rs/execpolicy/tests/suite/parse_sed_command.rs
View File

@@ -1,23 +0,0 @@
use codex_execpolicy::Error;
use codex_execpolicy::parse_sed_command;
#[test]
fn parses_simple_print_command() {
assert_eq!(parse_sed_command("122,202p"), Ok(()));
}
#[test]
fn rejects_malformed_print_command() {
assert_eq!(
parse_sed_command("122,202"),
Err(Error::SedCommandNotProvablySafe {
command: "122,202".to_string(),
})
);
assert_eq!(
parse_sed_command("122202"),
Err(Error::SedCommandNotProvablySafe {
command: "122202".to_string(),
})
);
}

86
codex-rs/execpolicy/tests/suite/pwd.rs
View File

@@ -1,86 +0,0 @@
extern crate codex_execpolicy;
use std::vec;
use codex_execpolicy::Error;
use codex_execpolicy::ExecCall;
use codex_execpolicy::MatchedExec;
use codex_execpolicy::MatchedFlag;
use codex_execpolicy::Policy;
use codex_execpolicy::PositionalArg;
use codex_execpolicy::ValidExec;
use codex_execpolicy::get_default_policy;
#[expect(clippy::expect_used)]
fn setup() -> Policy {
get_default_policy().expect("failed to load default policy")
}
#[test]
fn test_pwd_no_args() {
let policy = setup();
let pwd = ExecCall::new("pwd", &[]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "pwd".into(),
..Default::default()
}
}),
policy.check(&pwd)
);
}
#[test]
fn test_pwd_capital_l() {
let policy = setup();
let pwd = ExecCall::new("pwd", &["-L"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "pwd".into(),
flags: vec![MatchedFlag::new("-L")],
..Default::default()
}
}),
policy.check(&pwd)
);
}
#[test]
fn test_pwd_capital_p() {
let policy = setup();
let pwd = ExecCall::new("pwd", &["-P"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "pwd".into(),
flags: vec![MatchedFlag::new("-P")],
..Default::default()
}
}),
policy.check(&pwd)
);
}
#[test]
fn test_pwd_extra_args() {
let policy = setup();
let pwd = ExecCall::new("pwd", &["foo", "bar"]);
assert_eq!(
Err(Error::UnexpectedArguments {
program: "pwd".to_string(),
args: vec![
PositionalArg {
index: 0,
value: "foo".to_string()
},
PositionalArg {
index: 1,
value: "bar".to_string()
},
],
}),
policy.check(&pwd)
);
}

87
codex-rs/execpolicy/tests/suite/sed.rs
View File

@@ -1,87 +0,0 @@
extern crate codex_execpolicy;
use codex_execpolicy::ArgType;
use codex_execpolicy::Error;
use codex_execpolicy::ExecCall;
use codex_execpolicy::MatchedArg;
use codex_execpolicy::MatchedExec;
use codex_execpolicy::MatchedFlag;
use codex_execpolicy::MatchedOpt;
use codex_execpolicy::Policy;
use codex_execpolicy::Result;
use codex_execpolicy::ValidExec;
use codex_execpolicy::get_default_policy;
#[expect(clippy::expect_used)]
fn setup() -> Policy {
get_default_policy().expect("failed to load default policy")
}
#[test]
fn test_sed_print_specific_lines() -> Result<()> {
let policy = setup();
let sed = ExecCall::new("sed", &["-n", "122,202p", "hello.txt"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "sed".to_string(),
flags: vec![MatchedFlag::new("-n")],
args: vec![
MatchedArg::new(1, ArgType::SedCommand, "122,202p")?,
MatchedArg::new(2, ArgType::ReadableFile, "hello.txt")?,
],
system_path: vec!["/usr/bin/sed".to_string()],
..Default::default()
}
}),
policy.check(&sed)
);
Ok(())
}
#[test]
fn test_sed_print_specific_lines_with_e_flag() -> Result<()> {
let policy = setup();
let sed = ExecCall::new("sed", &["-n", "-e", "122,202p", "hello.txt"]);
assert_eq!(
Ok(MatchedExec::Match {
exec: ValidExec {
program: "sed".to_string(),
flags: vec![MatchedFlag::new("-n")],
opts: vec![
MatchedOpt::new("-e", "122,202p", ArgType::SedCommand)
.expect("should validate")
],
args: vec![MatchedArg::new(3, ArgType::ReadableFile, "hello.txt")?],
system_path: vec!["/usr/bin/sed".to_string()],
}
}),
policy.check(&sed)
);
Ok(())
}
#[test]
fn test_sed_reject_dangerous_command() {
let policy = setup();
let sed = ExecCall::new("sed", &["-e", "s/y/echo hi/e", "hello.txt"]);
assert_eq!(
Err(Error::SedCommandNotProvablySafe {
command: "s/y/echo hi/e".to_string(),
}),
policy.check(&sed)
);
}
#[test]
fn test_sed_verify_e_or_pattern_is_required() {
let policy = setup();
let sed = ExecCall::new("sed", &["122,202p"]);
assert_eq!(
Err(Error::MissingRequiredOptions {
program: "sed".to_string(),
options: vec!["-e".to_string()],
}),
policy.check(&sed)
);
}