-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest-sandbox.js
More file actions
153 lines (136 loc) Β· 5.35 KB
/
test-sandbox.js
File metadata and controls
153 lines (136 loc) Β· 5.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/usr/bin/env node
const fs = require('fs');
const path = require('path');
const os = require('os');
console.log('π Node.js Sandbox Comprehensive Test');
console.log('=====================================');
console.log('Node version:', process.version);
console.log('Sandbox home directory:', os.homedir());
console.log('Current directory:', process.cwd());
console.log('User:', process.env.USER || 'unknown');
console.log('');
// Helper function to safely list directory contents
function listDirectory(dirPath, maxFiles = 20) {
try {
const contents = fs.readdirSync(dirPath);
const files = contents.slice(0, maxFiles);
const total = contents.length;
console.log(`π ${dirPath} (${total} total items, showing first ${files.length}):`);
if (files.length > 0) {
files.forEach((file, index) => {
const fullPath = path.join(dirPath, file);
try {
const stats = fs.statSync(fullPath);
const type = stats.isDirectory() ? 'π' : 'π';
const size = stats.isFile() ? ` (${stats.size} bytes)` : '';
console.log(` ${index + 1}. ${type} ${file}${size}`);
} catch (statError) {
console.log(` ${index + 1}. β ${file} (cannot stat)`);
}
});
if (total > maxFiles) {
console.log(` ... and ${total - maxFiles} more items`);
}
} else {
console.log(' (empty directory)');
}
console.log('');
return true;
} catch (error) {
console.log(`β Cannot access ${dirPath}: ${error.message}`);
console.log('');
return false;
}
}
// Test write to sandbox home
console.log('π§ͺ Testing write permissions in sandbox home...');
const testFile = path.join(os.homedir(), 'test-write.txt');
try {
fs.writeFileSync(testFile, 'Sandbox test successful!');
const content = fs.readFileSync(testFile, 'utf8');
console.log('β
Write test successful:', content);
fs.unlinkSync(testFile);
} catch (error) {
console.log('β Write test failed:', error.message);
}
console.log('');
// Test sensitive file access
console.log('π Testing sensitive file access...');
const sensitiveFiles = [
'/home/' + (process.env.USER || 'user') + '/.ssh/id_rsa',
'/home/' + (process.env.USER || 'user') + '/.ssh/id_ed25519',
'/home/' + (process.env.USER || 'user') + '/.bashrc',
'/home/' + (process.env.USER || 'user') + '/.profile',
'/home/' + (process.env.USER || 'user') + '/.gitconfig'
];
sensitiveFiles.forEach(file => {
try {
fs.readFileSync(file);
console.log(`β Security issue: Can read ${file}`);
} catch (error) {
console.log(`β
Protected: ${path.basename(file)}`);
}
});
console.log('');
// Test real home directory access
console.log('π Testing real home directory access...');
const realHome = '/home/' + (process.env.USER || 'user');
listDirectory(realHome, 20);
// Test desktop directory access
console.log('π₯οΈ Testing desktop directory access...');
const desktopPath = path.join(realHome, 'Desktop');
listDirectory(desktopPath, 20);
// Test Documents directory access
console.log('π Testing documents directory access...');
const documentsPath = path.join(realHome, 'Documents');
listDirectory(documentsPath, 20);
// Test Downloads directory access
console.log('β¬οΈ Testing downloads directory access...');
const downloadsPath = path.join(realHome, 'Downloads');
listDirectory(downloadsPath, 20);
// Test .config directory access
console.log('βοΈ Testing .config directory access...');
const configPath = path.join(realHome, '.config');
listDirectory(configPath, 20);
// Test system directories
console.log('π₯οΈ Testing system directory access...');
const systemDirs = ['/etc', '/var', '/tmp', '/root'];
systemDirs.forEach(dir => {
try {
const contents = fs.readdirSync(dir);
console.log(`β Can access ${dir} (${contents.length} items)`);
} catch (error) {
console.log(`β
Protected: ${dir}`);
}
});
console.log('');
// Test current working directory
console.log('π Current working directory contents:');
listDirectory(process.cwd(), 20);
// Test sandbox home directory
console.log('π Sandbox home directory contents:');
console.log(os.homedir());
listDirectory(os.homedir()+'/Desktop', 200);
// Network test
console.log('π Testing network access...');
try {
const https = require('https');
const req = https.get('https://registry.npmjs.org', (res) => {
console.log(`β
Network access: npm registry (status: ${res.statusCode})`);
});
req.on('error', (error) => {
console.log(`β Network access failed: ${error.message}`);
});
req.setTimeout(5000, () => {
req.destroy();
console.log('β° Network test timeout');
});
} catch (error) {
console.log(`β Network test error: ${error.message}`);
}
console.log('\nπ― Comprehensive test complete!');
console.log('=====================================');
console.log('Summary:');
console.log('- If you see "Protected" or "Cannot access" messages, the sandbox is working correctly');
console.log('- If you see file listings, those directories are accessible to the sandbox');
console.log('- The sandbox should only allow access to the current directory and sandbox home');