Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: include strace openat test #46150

Merged
merged 1 commit into from
Feb 23, 2023
Merged

test: include strace openat test #46150

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/test-asan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ jobs:
CXX: clang++
LINK: clang++
CONFIG_FLAGS: --enable-asan
ASAN: true
steps:
- uses: actions/checkout@v3
with:
Expand Down
2 changes: 2 additions & 0 deletions test/common/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ const isFreeBSD = process.platform === 'freebsd';
const isOpenBSD = process.platform === 'openbsd';
const isLinux = process.platform === 'linux';
const isOSX = process.platform === 'darwin';
const isAsan = process.env.ASAN !== undefined;
const isPi = (() => {
try {
// Normal Raspberry Pi detection is to find the `Raspberry Pi` string in
Expand Down Expand Up @@ -900,6 +901,7 @@ const common = {
invalidArgTypeHelper,
isAIX,
isAlive,
isAsan,
isDumbTerminal,
isFreeBSD,
isLinux,
Expand Down
61 changes: 61 additions & 0 deletions test/parallel/test-strace-openat-openssl.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
'use strict';

const common = require('../common');
const { spawn, spawnSync } = require('node:child_process');
const { createInterface } = require('node:readline');
const assert = require('node:assert');

if (!common.hasCrypto)
common.skip('missing crypto');
if (!common.isLinux)
common.skip('linux only');
if (common.isAsan)
common.skip('strace does not work well with address sanitizer builds');
if (spawnSync('strace').error !== undefined) {
RafaelGSS marked this conversation as resolved.
Show resolved Hide resolved
common.skip('missing strace');
}

{
const allowedOpenCalls = new Set([
'/etc/ssl/openssl.cnf',
]);
const strace = spawn('strace', [
'-f', '-ff',
'-e', 'trace=open,openat',
'-s', '512',
'-D', process.execPath, '-e', 'require("crypto")',
]);

// stderr is the default for strace
const rl = createInterface({ input: strace.stderr });
rl.on('line', (line) => {
if (!line.startsWith('open')) {
return;
}

const file = line.match(/"(.*?)"/)[1];
// skip .so reading attempt
if (file.match(/.+\.so(\.?)/) !== null) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might actually not be that bad to assert these as well – if we added a new .so dependency on Linux, we might want to know about that?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my case, it's reading the .so from shared locations, for instance: "/home/rafaelgss/.gvm/pkgsets/go1.15/global/overlay/lib/libpthread.so.0". How would we handle it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could assert just the filename, ignoring the rest of the path, right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure. That CVE mentioned in the PR description is really about it. Reading a file/library from an unexpected path.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, please don’t consider this a blocking comment. This would test something different, that’s true, but it does seem valuable to test it regardless.

return;
}
// skip /proc/*
if (file.match(/\/proc\/.+/) !== null) {
return;
}

assert(allowedOpenCalls.delete(file), `${file} is not in the list of allowed openat calls`);
});
const debugOutput = [];
strace.stderr.setEncoding('utf8');
strace.stderr.on('data', (chunk) => {
debugOutput.push(chunk.toString());
});
strace.on('error', common.mustNotCall());
strace.on('exit', common.mustCall((code) => {
assert.strictEqual(code, 0, debugOutput);
const missingKeys = Array.from(allowedOpenCalls.keys());
if (missingKeys.length) {
assert.fail(`The following openat call are missing: ${missingKeys.join(',')}`);
}
}));
}