From 99932aa6a733f7f619b2f82559cc9ed8053c23c1 Mon Sep 17 00:00:00 2001 From: Christopher Hiller Date: Fri, 21 Jul 2023 16:42:46 -0700 Subject: [PATCH] chore: attempt to fix lavamoat tests - fix `test:prep` execution - using `npm`, node/test/projects/1/node_modules will be symlinked and not under vcs - pin keccak version - cleanup `allow-scripts` tests (a bit of DRY, fix misuse of `path.join`, make fs cleanup more consistent) - fix a problem in the `allow-scripts` tests where _not enough_ cleanup was happening --- package.json | 2 +- packages/allow-scripts/test/index.js | 92 +++++++++---------- .../secureBundling/lavamoat/node/policy.json | 1 + .../node/examples/eval-server/package.json | 2 +- packages/node/examples/express/package.json | 2 +- packages/node/examples/todo-cli/package.json | 2 +- .../test/projects/1/node_modules/a/index.js | 7 -- .../projects/1/node_modules/a/package.json | 4 - .../test/projects/1/node_modules/b/index.js | 3 - .../projects/1/node_modules/b/package.json | 4 - packages/node/test/projects/2/package.json | 2 +- 11 files changed, 51 insertions(+), 70 deletions(-) delete mode 100644 packages/node/test/projects/1/node_modules/a/index.js delete mode 100644 packages/node/test/projects/1/node_modules/a/package.json delete mode 100644 packages/node/test/projects/1/node_modules/b/index.js delete mode 100644 packages/node/test/projects/1/node_modules/b/package.json diff --git a/package.json b/package.json index b0efeaf1ff..960b6acb61 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ }, "scripts": { "test": "npm --workspaces test", - "test:prep": "npm --workspaces run test:prep", + "test:prep": "lerna run test:prep", "lint": "npm --workspaces run lint", "lint:fix": "npm --workspaces run lint:fix", "preversion": "npm run rebuild", diff --git a/packages/allow-scripts/test/index.js b/packages/allow-scripts/test/index.js index 9c92644e96..cdffb6716c 100644 --- a/packages/allow-scripts/test/index.js +++ b/packages/allow-scripts/test/index.js @@ -1,32 +1,36 @@ const test = require('ava') -const fs = require('fs') -const path = require('path') -const { spawnSync } = require('child_process') +const fs = require('node:fs') +const path = require('node:path') +const { spawnSync } = require('node:child_process') + +/** + * Path to the allow-scripts executable + */ +const ALLOW_SCRIPTS_BIN = require.resolve('../src/cli') + +/** + * For fat fingers + */ +const PACKAGE_JSON = 'package.json' test('cli - auto command', (t) => { // set up the directories - let allowScriptsSrcRoot = path.join(__dirname, '..', 'src') let projectRoot = path.join(__dirname, 'projects', '1') // delete any existing package.json - fs.unlink(path.join(projectRoot, 'package.json'), err => { - if (err && err.code !== 'ENOENT') { - throw err - } - }) + fs.rmSync(path.join(projectRoot, PACKAGE_JSON), { force: true }); // npm init -y spawnSync('npm', ['init', '-y'], realisticEnvOptions(projectRoot)) // run the auto command - let cmd = path.join(allowScriptsSrcRoot, 'cli.js') - let result = spawnSync(cmd, ['auto'], realisticEnvOptions(projectRoot)) + let result = spawnSync(ALLOW_SCRIPTS_BIN, ['auto'], realisticEnvOptions(projectRoot)) // forward error output for debugging console.error(result.stderr.toString('utf-8')) // get the package.json - const packageJsonContents = JSON.parse(fs.readFileSync(path.join(projectRoot, 'package.json'), 'utf8')) + const packageJsonContents = JSON.parse(fs.readFileSync(path.join(projectRoot, PACKAGE_JSON), 'utf8')) // assert its contents t.deepEqual(packageJsonContents.lavamoat, { @@ -35,30 +39,24 @@ test('cli - auto command', (t) => { } }) }) + test('cli - auto command with experimental bins', (t) => { // set up the directories - let allowScriptsSrcRoot = path.join(__dirname, '..', 'src') let projectRoot = path.join(__dirname, 'projects', '1') - // delete any existing package.json - fs.unlink(path.join(projectRoot, 'package.json'), err => { - if (err && err.code !== 'ENOENT') { - throw err - } - }) + fs.rmSync(path.join(projectRoot, PACKAGE_JSON), { force: true }); // npm init -y spawnSync('npm', ['init', '-y'], realisticEnvOptions(projectRoot)) // run the auto command - let cmd = path.join(allowScriptsSrcRoot, 'cli.js') - let result = spawnSync(cmd, ['auto', '--experimental-bins'], realisticEnvOptions(projectRoot)) + let result = spawnSync(ALLOW_SCRIPTS_BIN, ['auto', '--experimental-bins'], realisticEnvOptions(projectRoot)) // forward error output for debugging console.error(result.stderr.toString('utf-8')) // get the package.json - const packageJsonContents = JSON.parse(fs.readFileSync(path.join(projectRoot, 'package.json'), 'utf8')) + const packageJsonContents = JSON.parse(fs.readFileSync(path.join(projectRoot, PACKAGE_JSON), 'utf8')) // assert its contents t.deepEqual(packageJsonContents.lavamoat, { @@ -74,19 +72,17 @@ test('cli - auto command with experimental bins', (t) => { test('cli - run command - good dep at the root', (t) => { // set up the directories - let allowScriptsSrcRoot = path.join(__dirname, '..', 'src') let projectRoot = path.join(__dirname, 'projects', '2') // clean up from a previous run // the force option is only here to stop rm complaining if target is missing - fs.rmSync(path.join(projectRoot, './node_modules/.bin'), { + fs.rmSync(path.join(projectRoot, 'node_modules', '.bin'), { recursive: true, force: true }) // run the "run" command - let cmd = path.join(allowScriptsSrcRoot, 'cli.js') - let result = spawnSync(cmd, ['run'], realisticEnvOptions(projectRoot)) + let result = spawnSync(ALLOW_SCRIPTS_BIN, ['run'], realisticEnvOptions(projectRoot)) // forward error output for debugging console.error(result.stderr.toString('utf-8')) @@ -109,19 +105,17 @@ test('cli - run command - good dep at the root', (t) => { }) test('cli - run command - good dep at the root with experimental bins', (t) => { // set up the directories - let allowScriptsSrcRoot = path.join(__dirname, '..', 'src') let projectRoot = path.join(__dirname, 'projects', '2') // clean up from a previous run // the force option is only here to stop rm complaining if target is missing - fs.rmSync(path.join(projectRoot, './node_modules/.bin'), { + fs.rmSync(path.join(projectRoot, 'node_modules', '.bin'), { recursive: true, force: true }) // run the "run" command - let cmd = path.join(allowScriptsSrcRoot, 'cli.js') - let result = spawnSync(cmd, ['run', '--experimental-bins'], realisticEnvOptions(projectRoot)) + let result = spawnSync(ALLOW_SCRIPTS_BIN, ['run', '--experimental-bins'], realisticEnvOptions(projectRoot)) // forward error output for debugging console.error(result.stderr.toString('utf-8')) @@ -138,7 +132,7 @@ test('cli - run command - good dep at the root with experimental bins', (t) => { '', ]) - t.assert(fs.existsSync(path.join(projectRoot, './node_modules/.bin/good')), 'Expected a bin script to be installed in top level node_modules') + t.assert(fs.existsSync(path.join(projectRoot, 'node_modules', '.bin', 'good')), 'Expected a bin script to be installed in top level node_modules') // note // we could also test whether the preinstall script is @@ -150,22 +144,25 @@ test('cli - run command - good dep at the root with experimental bins', (t) => { test('cli - run command - good dep as a sub dep', (t) => { // set up the directories - let allowScriptsSrcRoot = path.join(__dirname, '..', 'src') let projectRoot = path.join(__dirname, 'projects', '3') + // clean up from a previous run + // the force option is only here to stop rm complaining if target is missing + fs.rmSync(path.join(projectRoot, 'node_modules', 'bbb', '.goodscriptworked'), { force: true }) + fs.rmSync(path.join(projectRoot, 'node_modules', '.bin'), { + recursive: true, + force: true + }) + // generate the bin link spawnSync('npm', ['rebuild', 'good_dep'], realisticEnvOptions(projectRoot)) - // clean up from a previous run - // the force option is only here to stop rm complaining if target is missing - fs.rmSync(path.join(projectRoot, './node_modules/bbb/.goodscriptworked'), { force: true }) // run the "run" command - let cmd = path.join(allowScriptsSrcRoot, 'cli.js') - let result = spawnSync(cmd, ['run'], realisticEnvOptions(projectRoot)) + let result = spawnSync(ALLOW_SCRIPTS_BIN, ['run'], realisticEnvOptions(projectRoot)) // uncomment to forward error output for debugging - // console.error(result.stdout.toString('utf-8')) - // console.error(result.stderr.toString('utf-8')) + console.error(result.stdout.toString('utf-8')) + console.error(result.stderr.toString('utf-8')) // assert the output t.deepEqual(result.stdout.toString().split('\n'), [ @@ -182,26 +179,23 @@ test('cli - run command - good dep as a sub dep', (t) => { test('cli - run command - good dep as a sub dep with experimental bins', (t) => { // set up the directories - let allowScriptsSrcRoot = path.join(__dirname, '..', 'src') let projectRoot = path.join(__dirname, 'projects', '3') // clean up from a previous run // the force option is only here to stop rm complaining if target is missing - fs.rmSync(path.join(projectRoot, './node_modules/bbb/.goodscriptworked'), { force: true }) - fs.rmSync(path.join(projectRoot, './node_modules/bbb/node_modules/.bin'), { + fs.rmSync(path.join(projectRoot, 'node_modules', 'bbb', '.goodscriptworked'), { force: true }) + fs.rmSync(path.join(projectRoot, 'node_modules', '.bin'), { recursive: true, force: true }) // run the "run" command - let cmd = path.join(allowScriptsSrcRoot, 'cli.js') - let result = spawnSync(cmd, ['run', '--experimental-bins'], realisticEnvOptions(projectRoot)) + let result = spawnSync(ALLOW_SCRIPTS_BIN, ['run', '--experimental-bins'], realisticEnvOptions(projectRoot)) // uncomment to forward error output for debugging // console.error(result.stdout.toString('utf-8')) // console.error(result.stderr.toString('utf-8')) - - t.assert(fs.existsSync(path.join(projectRoot, './node_modules/bbb/node_modules/.bin/good')), 'Expected a nested bin script to be installed in bbb/node_modules/.bin') + t.assert(fs.existsSync(path.join(projectRoot, 'node_modules', 'bbb', 'node_modules', '.bin', 'good')), 'Expected a nested bin script to be installed in bbb/node_modules/.bin') const errarr = result.stderr.toString().split('\n') t.assert(errarr.every(line=>!line.includes('you shall not pass')), 'Should not have run the parent script from the nested package postinstall') t.assert(errarr.some(line=>line.includes(`"good": "node_modules/`)), 'Expected to see instructions on how to enable a bin script1') @@ -221,6 +215,10 @@ test('cli - run command - good dep as a sub dep with experimental bins', (t) => }) +/** + * @param {string} projectRoot + * @returns {import('node:child_process').SpawnSyncOptions} + */ function realisticEnvOptions(projectRoot) { return { cwd: projectRoot, env: { ...process.env, INIT_CWD: projectRoot } } -} \ No newline at end of file +} diff --git a/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json b/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json index 5d76d35175..c5898cd2c4 100644 --- a/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json +++ b/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json @@ -85,6 +85,7 @@ "globals": { "__dirname": true, "__filename.slice": true, + "console.warn": true, "process.cwd": true, "setTimeout": true }, diff --git a/packages/node/examples/eval-server/package.json b/packages/node/examples/eval-server/package.json index 5973f636b4..1ebe7b3de7 100644 --- a/packages/node/examples/eval-server/package.json +++ b/packages/node/examples/eval-server/package.json @@ -9,7 +9,7 @@ "lavamoat": "^7.0.0" }, "scripts": { - "setup": "yarn install", + "setup": "npm install", "start": "echo 'unsafe: yarn start:node\nsafer: yarn start:lavamoat'", "start:lavamoat": "lavamoat index.js --writeAutoConfig && lavamoat index.js", "start:node": "node index.js" diff --git a/packages/node/examples/express/package.json b/packages/node/examples/express/package.json index 09671d79b7..ec59074dd8 100644 --- a/packages/node/examples/express/package.json +++ b/packages/node/examples/express/package.json @@ -14,7 +14,7 @@ "postinstall-postinstall": "^2.1.0" }, "scripts": { - "setup": "yarn install && patch-package", + "setup": "npm install && patch-package", "start": "echo 'node: yarn start:node\nlavamoat: yarn start:lavamoat\ncustom: yarn start:lavamoat'", "start:node": "node index.js", "start:lavamoat": "lavamoat index.js", diff --git a/packages/node/examples/todo-cli/package.json b/packages/node/examples/todo-cli/package.json index d30c2fedd7..f2478efbef 100644 --- a/packages/node/examples/todo-cli/package.json +++ b/packages/node/examples/todo-cli/package.json @@ -10,6 +10,6 @@ "readline": "^1.3.0" }, "scripts": { - "setup": "yarn install" + "setup": "npm install" } } diff --git a/packages/node/test/projects/1/node_modules/a/index.js b/packages/node/test/projects/1/node_modules/a/index.js deleted file mode 100644 index 6cf1cb3a5d..0000000000 --- a/packages/node/test/projects/1/node_modules/a/index.js +++ /dev/null @@ -1,7 +0,0 @@ -const fs = require('fs') -const b = require('b') - -module.exports = { - action: () => fs.deleteEntireHardDrive(), - b -} diff --git a/packages/node/test/projects/1/node_modules/a/package.json b/packages/node/test/projects/1/node_modules/a/package.json deleted file mode 100644 index f3923afc6b..0000000000 --- a/packages/node/test/projects/1/node_modules/a/package.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "a", - "version": "1.0.0" -} \ No newline at end of file diff --git a/packages/node/test/projects/1/node_modules/b/index.js b/packages/node/test/projects/1/node_modules/b/index.js deleted file mode 100644 index 0f2698d0bf..0000000000 --- a/packages/node/test/projects/1/node_modules/b/index.js +++ /dev/null @@ -1,3 +0,0 @@ -const http = require('http') - -module.exports = { http } diff --git a/packages/node/test/projects/1/node_modules/b/package.json b/packages/node/test/projects/1/node_modules/b/package.json deleted file mode 100644 index 4a5d2e8eae..0000000000 --- a/packages/node/test/projects/1/node_modules/b/package.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "b", - "version": "1.0.0" -} \ No newline at end of file diff --git a/packages/node/test/projects/2/package.json b/packages/node/test/projects/2/package.json index 4ed8ed6bb8..e419f5b498 100644 --- a/packages/node/test/projects/2/package.json +++ b/packages/node/test/projects/2/package.json @@ -4,7 +4,7 @@ "setup": "npm install && patch-package" }, "dependencies": { - "keccak": "^3.0.0" + "keccak": "3.0.0" }, "devDependencies": { "patch-package": "^6.2.2"