Test DMAPI security level and CWD is Live

tgstation · Oct 17, 2023 · 809d849 · 809d849
1 parent dd6239e
commit 809d849
Show file tree

Hide file tree

Showing 6 changed files with 121 additions and 4 deletions.
diff --git a/LinuxTestBed b/LinuxTestBed
diff --git a/tests/DMAPI/LongRunning/Test.dm b/tests/DMAPI/LongRunning/Test.dm
@@ -11,6 +11,12 @@
 		dab()
 	TgsNew(new /datum/tgs_event_handler/impl, TGS_SECURITY_SAFE)
 
+	var/sec = TgsSecurityLevel()
+	if(isnull(sec))
+		FailTest("TGS Security level was null!")
+
+	log << "Running in security level: [sec]"
+
 	if(params["expect_chat_channels"])
 		var/list/channels = TgsChatChannelInfo()
 		if(!length(channels))
@@ -140,6 +146,26 @@ var/run_bridge_test
 		kajigger_test = TRUE
 		return "we love casting spells"
 
+	var/expected_path = data["vaporeon"]
+	if(expected_path)
+		var/command
+		if(world.system_type == MS_WINDOWS)
+			command = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -ExecutionPolicy Bypass -Command \"if('[expected_path]' -ne $(Get-Location)){ (Get-Location).Path | Out-File \"fuck_up.txt\"; exit 1; }\""
+		else
+			command = "if \[\[ \"[expected_path]\" != \"$(pwd)\" \]\]; then echo $(pwd) > fuck_up.txt; exit 1; fi"
+
+		world.log << "shell: [command]"
+		var/exitCode = shell(command)
+
+		if(isnull(exitCode) || exitCode != 0)
+			var/fuck_up_reason = "DIDN'T READ"
+			if(fexists("fuck_up.txt"))
+				fuck_up_reason = "COULDN'T READ"
+				fuck_up_reason = file2text("fuck_up.txt")
+			return "Dir check shell command failed with code [exitCode || "null"]: [fuck_up_reason]"
+
+		return "is the most pokemon of all time"
+
 	TgsChatBroadcast(new /datum/tgs_message_content("Recieved non-tgs topic: `[T]`"))
 
 	return "feck"

diff --git a/tests/DMAPI/LongRunning/long_running_test_rooted.dme b/tests/DMAPI/LongRunning/long_running_test_rooted.dme
@@ -0,0 +1,17 @@
+// Hand crafted DME, will not work if saved with DreamMaker
+
+// BEGIN_INTERNALS
+// END_INTERNALS
+
+// BEGIN_FILE_DIR
+#define FILE_DIR .
+// END_FILE_DIR
+
+// BEGIN_PREFERENCES
+// END_PREFERENCES
+
+// BEGIN_INCLUDE
+#include "tests/DMAPI/LongRunning/Config.dm"
+#include "tests/DMAPI/test_prelude.dm"
+#include "tests/DMAPI/LongRunning/Test.dm"
+// END_INCLUDE
diff --git a/tests/Tgstation.Server.Tests/Live/Instance/ConfigurationTest.cs b/tests/Tgstation.Server.Tests/Live/Instance/ConfigurationTest.cs
@@ -92,7 +92,7 @@ await configurationClient.Write(new ConfigurationFileRequest
 			await configurationClient.CreateDirectory(staticDir, cancellationToken);
 		}
 
-		public Task SetupDMApiTests(CancellationToken cancellationToken)
+		public Task SetupDMApiTests(bool includingRoot, CancellationToken cancellationToken)
 		{
 			// just use an I/O manager here
 			var ioManager = new DefaultIOManager();
@@ -104,6 +104,12 @@ public Task SetupDMApiTests(CancellationToken cancellationToken)
 					ioManager.ConcatPath(instance.Path, "Repository", "tests", "DMAPI"),
 					null,
 					cancellationToken),
+				includingRoot
+					? ioManager.CopyFile(
+						"../../../../DMAPI/LongRunning/long_running_test_rooted.dme",
+						ioManager.ConcatPath(instance.Path, "Repository", "long_running_test_rooted.dme"),
+						cancellationToken)
+					: Task.CompletedTask,
 				ioManager.CopyDirectory(
 					Enumerable.Empty<string>(),
 					null,
@@ -175,8 +181,8 @@ async Task SequencedApiTests(CancellationToken cancellationToken)
 		}
 
 		public Task RunPreWatchdog(CancellationToken cancellationToken) => Task.WhenAll(
+			SetupDMApiTests(false, cancellationToken),
 			SequencedApiTests(cancellationToken),
-			SetupDMApiTests(cancellationToken),
 			TestPregeneratedFilesExist(cancellationToken));
 	}
 }
diff --git a/tests/Tgstation.Server.Tests/Live/Instance/InstanceTest.cs b/tests/Tgstation.Server.Tests/Live/Instance/InstanceTest.cs
@@ -63,6 +63,7 @@ public async Task RunTests(
 
 			await chatTask;
 			await dmTask;
+			await configTest.SetupDMApiTests(true, cancellationToken);
 			await byondTask;
 
 			await new WatchdogTest(
@@ -172,7 +173,7 @@ await Task.WhenAll(
 				dmUpdateRequest,
 				cloneRequest);
 
-			var configSetupTask = new ConfigurationTest(instanceClient.Configuration, instanceClient.Metadata).SetupDMApiTests(cancellationToken);
+			var configSetupTask = new ConfigurationTest(instanceClient.Configuration, instanceClient.Metadata).SetupDMApiTests(true, cancellationToken);
 
 			if (TestingUtils.RunningInGitHubActions
 				|| String.IsNullOrWhiteSpace(Environment.GetEnvironmentVariable("TGS_TEST_GITHUB_TOKEN"))

diff --git a/tests/Tgstation.Server.Tests/Live/Instance/WatchdogTest.cs b/tests/Tgstation.Server.Tests/Live/Instance/WatchdogTest.cs
@@ -131,6 +131,8 @@ await Task.WhenAll(
 
 			await RunLongRunningTestThenUpdate(cancellationToken);
 
+			await TestDDIsntResolvingSymlink(cancellationToken);
+
 			await RunLongRunningTestThenUpdateWithNewDme(cancellationToken);
 			await RunLongRunningTestThenUpdateWithByondVersionSwitch(cancellationToken);
 
@@ -150,6 +152,70 @@ await instanceClient.DreamDaemon.Update(new DreamDaemonRequest
 			System.Console.WriteLine($"TEST: END WATCHDOG TESTS {instanceClient.Metadata.Name}");
 		}
 
+		async ValueTask TestDDIsntResolvingSymlink(CancellationToken cancellationToken)
+		{
+			System.Console.WriteLine("STARTING SYMLINK RESOLVE TEST");
+			var deployTask = DeployTestDme("long_running_test_rooted", DreamDaemonSecurity.Trusted, true, cancellationToken);
+
+			var previous = await instanceClient.DreamDaemon.Read(cancellationToken);
+			if (previous.SecurityLevel.Value != DreamDaemonSecurity.Trusted)
+			{
+				var updated = await instanceClient.DreamDaemon.Update(new DreamDaemonRequest
+				{
+					SecurityLevel = DreamDaemonSecurity.Trusted
+				}, cancellationToken);
+
+				Assert.AreEqual(DreamDaemonSecurity.Trusted, updated.SecurityLevel);
+			}
+
+			var startState = await deployTask;
+
+			await WaitForJob(await StartDD(cancellationToken), 30, false, null, cancellationToken);
+
+			var command = topicClient.SanitizeString(
+				Path.GetFullPath(
+					Path.Combine(
+						instanceClient.Metadata.Path,
+						"Game",
+						"Live")));
+			command = $"vaporeon={command}";
+
+			var topicRequestResult = await topicClient.SendTopic(
+				IPAddress.Loopback,
+				command,
+				ddPort,
+				cancellationToken);
+
+			Assert.IsNotNull(topicRequestResult);
+			Assert.AreEqual("is the most pokemon of all time", topicRequestResult.StringData);
+
+			await DeployTestDme("long_running_test_rooted", DreamDaemonSecurity.Trusted, true, cancellationToken);
+			var newState = await TellWorldToReboot(cancellationToken);
+
+			Assert.AreNotEqual(startState.ActiveCompileJob.Id, newState.ActiveCompileJob.Id);
+			topicRequestResult = await topicClient.SendTopic(
+				IPAddress.Loopback,
+				command,
+				ddPort,
+				cancellationToken);
+
+			Assert.IsNotNull(topicRequestResult);
+			Assert.AreEqual("is the most pokemon of all time", topicRequestResult.StringData);
+
+			await instanceClient.DreamDaemon.Shutdown(cancellationToken);
+			if (previous.SecurityLevel.Value != DreamDaemonSecurity.Trusted)
+			{
+				var updated = await instanceClient.DreamDaemon.Update(new DreamDaemonRequest
+				{
+					SecurityLevel = previous.SecurityLevel
+				}, cancellationToken);
+
+				Assert.AreEqual(previous.SecurityLevel, updated.SecurityLevel);
+			}
+
+			System.Console.WriteLine("END SYMLINK RESOLVE TEST");
+		}
+
 		async Task InteropTestsForLongRunningDme(CancellationToken cancellationToken)
 		{
 			await StartAndLeaveRunning(cancellationToken);
@@ -1101,7 +1167,7 @@ async Task<DreamDaemonResponse> DeployTestDme(string dmeName, DreamDaemonSecurit
 			var refreshed = await instanceClient.DreamMaker.Update(new DreamMakerRequest
 			{
 				ApiValidationSecurityLevel = deploymentSecurity,
-				ProjectName = $"tests/DMAPI/{dmeName}",
+				ProjectName = dmeName.Contains("rooted") ? dmeName : $"tests/DMAPI/{dmeName}",
 				RequireDMApiValidation = requireApi,
 				Timeout = TimeSpan.FromMilliseconds(1),
 			}, cancellationToken);