Add code-relaxed template, handle wildcard network allow

2025-12-29 01:39:41 -08:00
parent d8e55d9515
commit 90cd0a0a4b
10 changed files with 535 additions and 12 deletions
--- a/internal/sandbox/macos_test.go
+++ b/internal/sandbox/macos_test.go
@@ -0,0 +1,178 @@
+package sandbox
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/Use-Tusk/fence/internal/config"
+)
+
+// TestMacOS_WildcardAllowedDomainsRelaxesNetwork verifies that when allowedDomains
+// contains "*", the macOS sandbox profile allows direct network connections.
+func TestMacOS_WildcardAllowedDomainsRelaxesNetwork(t *testing.T) {
+	tests := []struct {
+		name                     string
+		allowedDomains           []string
+		wantNetworkRestricted    bool
+		wantAllowNetworkOutbound bool
+	}{
+		{
+			name:                     "no domains - network restricted",
+			allowedDomains:           []string{},
+			wantNetworkRestricted:    true,
+			wantAllowNetworkOutbound: false,
+		},
+		{
+			name:                     "specific domain - network restricted",
+			allowedDomains:           []string{"api.openai.com"},
+			wantNetworkRestricted:    true,
+			wantAllowNetworkOutbound: false,
+		},
+		{
+			name:                     "wildcard domain - network unrestricted",
+			allowedDomains:           []string{"*"},
+			wantNetworkRestricted:    false,
+			wantAllowNetworkOutbound: true,
+		},
+		{
+			name:                     "wildcard with specific domains - network unrestricted",
+			allowedDomains:           []string{"api.openai.com", "*"},
+			wantNetworkRestricted:    false,
+			wantAllowNetworkOutbound: true,
+		},
+		{
+			name:                     "wildcard subdomain pattern - network restricted",
+			allowedDomains:           []string{"*.openai.com"},
+			wantNetworkRestricted:    true,
+			wantAllowNetworkOutbound: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cfg := &config.Config{
+				Network: config.NetworkConfig{
+					AllowedDomains: tt.allowedDomains,
+				},
+				Filesystem: config.FilesystemConfig{
+					AllowWrite: []string{"/tmp/test"},
+				},
+			}
+
+			// Generate the sandbox profile parameters
+			params := buildMacOSParamsForTest(cfg)
+
+			if params.NeedsNetworkRestriction != tt.wantNetworkRestricted {
+				t.Errorf("NeedsNetworkRestriction = %v, want %v",
+					params.NeedsNetworkRestriction, tt.wantNetworkRestricted)
+			}
+
+			// Generate the actual profile and check its contents
+			profile := GenerateSandboxProfile(params)
+
+			// When network is unrestricted, profile should allow network* (all network ops)
+			if tt.wantAllowNetworkOutbound {
+				if !strings.Contains(profile, "(allow network*)") {
+					t.Errorf("expected unrestricted network profile to contain '(allow network*)', got:\n%s", profile)
+				}
+			} else {
+				// When network is restricted, profile should NOT have blanket allow
+				if strings.Contains(profile, "(allow network*)") {
+					t.Errorf("expected restricted network profile to NOT contain blanket '(allow network*)'")
+				}
+			}
+		})
+	}
+}
+
+// buildMacOSParamsForTest is a helper to build MacOSSandboxParams from config,
+// replicating the logic in WrapCommandMacOS for testing.
+func buildMacOSParamsForTest(cfg *config.Config) MacOSSandboxParams {
+	hasWildcardAllow := false
+	for _, d := range cfg.Network.AllowedDomains {
+		if d == "*" {
+			hasWildcardAllow = true
+			break
+		}
+	}
+
+	needsNetwork := len(cfg.Network.AllowedDomains) > 0 || len(cfg.Network.DeniedDomains) > 0
+	allowPaths := append(GetDefaultWritePaths(), cfg.Filesystem.AllowWrite...)
+	allowLocalBinding := cfg.Network.AllowLocalBinding
+	allowLocalOutbound := allowLocalBinding
+	if cfg.Network.AllowLocalOutbound != nil {
+		allowLocalOutbound = *cfg.Network.AllowLocalOutbound
+	}
+
+	needsNetworkRestriction := !hasWildcardAllow && (needsNetwork || len(cfg.Network.AllowedDomains) == 0)
+
+	return MacOSSandboxParams{
+		Command:                 "echo test",
+		NeedsNetworkRestriction: needsNetworkRestriction,
+		HTTPProxyPort:           8080,
+		SOCKSProxyPort:          1080,
+		AllowUnixSockets:        cfg.Network.AllowUnixSockets,
+		AllowAllUnixSockets:     cfg.Network.AllowAllUnixSockets,
+		AllowLocalBinding:       allowLocalBinding,
+		AllowLocalOutbound:      allowLocalOutbound,
+		ReadDenyPaths:           cfg.Filesystem.DenyRead,
+		WriteAllowPaths:         allowPaths,
+		WriteDenyPaths:          cfg.Filesystem.DenyWrite,
+		AllowPty:                cfg.AllowPty,
+		AllowGitConfig:          cfg.Filesystem.AllowGitConfig,
+	}
+}
+
+// TestMacOS_ProfileNetworkSection verifies the network section of generated profiles.
+func TestMacOS_ProfileNetworkSection(t *testing.T) {
+	tests := []struct {
+		name           string
+		restricted     bool
+		wantContains   []string
+		wantNotContain []string
+	}{
+		{
+			name:       "unrestricted network allows all",
+			restricted: false,
+			wantContains: []string{
+				"(allow network*)", // Blanket allow all network operations
+			},
+			wantNotContain: []string{},
+		},
+		{
+			name:       "restricted network does not allow all",
+			restricted: true,
+			wantContains: []string{
+				"; Network", // Should have network section
+			},
+			wantNotContain: []string{
+				"(allow network*)", // Should NOT have blanket allow
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			params := MacOSSandboxParams{
+				Command:                 "echo test",
+				NeedsNetworkRestriction: tt.restricted,
+				HTTPProxyPort:           8080,
+				SOCKSProxyPort:          1080,
+			}
+
+			profile := GenerateSandboxProfile(params)
+
+			for _, want := range tt.wantContains {
+				if !strings.Contains(profile, want) {
+					t.Errorf("profile should contain %q, got:\n%s", want, profile)
+				}
+			}
+
+			for _, notWant := range tt.wantNotContain {
+				if strings.Contains(profile, notWant) {
+					t.Errorf("profile should NOT contain %q", notWant)
+				}
+			}
+		})
+	}
+}