diff options
Diffstat (limited to 'test/javascript/tests/view_sandboxing.js')
-rw-r--r-- | test/javascript/tests/view_sandboxing.js | 169 |
1 files changed, 0 insertions, 169 deletions
diff --git a/test/javascript/tests/view_sandboxing.js b/test/javascript/tests/view_sandboxing.js deleted file mode 100644 index 0e5f308a9..000000000 --- a/test/javascript/tests/view_sandboxing.js +++ /dev/null @@ -1,169 +0,0 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); you may not -// use this file except in compliance with the License. You may obtain a copy of -// the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -// License for the specific language governing permissions and limitations under -// the License. - -couchTests.elixir = true -couchTests.view_sandboxing = function(debug) { - var db_name = get_random_db_name(); - var db = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"}); - db.createDb(); - if (debug) debugger; - - var doc = {integer: 1, string: "1", array: [1, 2, 3]}; - T(db.save(doc).ok); - - // make sure that attempting to change the document throws an error - var results = db.query(function(doc) { - doc.integer = 2; - emit(null, doc); - }, null, {"include_docs": true}); - // either we have an error or our doc is unchanged - T(results.total_rows == 0 || results.rows[0].doc.integer == 1); - - var results = db.query(function(doc) { - doc.array[0] = 0; - emit(null, doc); - }, null, {"include_docs": true}); - // either we have an error or our doc is unchanged - T(results.total_rows == 0 || results.rows[0].doc.array[0] == 1); - - // make sure that a view cannot invoke interpreter internals such as the - // garbage collector - var results = db.query(function(doc) { - gc(); - emit(null, doc); - }); - T(results.total_rows == 0); - - // make sure that a view cannot access the map_funs array defined used by - // the view server - var results = db.query(function(doc) { map_funs.push(1); emit(null, doc); }); - T(results.total_rows == 0); - - // make sure that a view cannot access the map_results array defined used by - // the view server - var results = db.query(function(doc) { map_results.push(1); emit(null, doc); }); - T(results.total_rows == 0); - - // test for COUCHDB-925 - // altering 'doc' variable in map function affects other map functions - var ddoc = { - _id: "_design/foobar", - language: "javascript", - views: { - view1: { - map: - (function(doc) { - if (doc.values) { - doc.values = [666]; - } - if (doc.tags) { - doc.tags.push("qwerty"); - } - if (doc.tokens) { - doc.tokens["c"] = 3; - } - }).toString() - }, - view2: { - map: - (function(doc) { - if (doc.values) { - emit(doc._id, doc.values); - } - if (doc.tags) { - emit(doc._id, doc.tags); - } - if (doc.tokens) { - emit(doc._id, doc.tokens); - } - }).toString() - } - } - }; - var doc1 = { - _id: "doc1", - values: [1, 2, 3] - }; - var doc2 = { - _id: "doc2", - tags: ["foo", "bar"], - tokens: {a: 1, b: 2} - }; - - db.deleteDb(); - // avoid Heisenbugs when files are not cleared entirely - db_name = get_random_db_name(); - db = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"}); - db.createDb(); - T(db.save(ddoc).ok); - T(db.save(doc1).ok); - T(db.save(doc2).ok); - - var view1Results = db.view( - "foobar/view1", {bypass_cache: Math.round(Math.random() * 1000)}); - var view2Results = db.view( - "foobar/view2", {bypass_cache: Math.round(Math.random() * 1000)}); - - TEquals(0, view1Results.rows.length, "view1 has 0 rows"); - TEquals(3, view2Results.rows.length, "view2 has 3 rows"); - - TEquals(doc1._id, view2Results.rows[0].key); - TEquals(doc2._id, view2Results.rows[1].key); - TEquals(doc2._id, view2Results.rows[2].key); - - // https://bugzilla.mozilla.org/show_bug.cgi?id=449657 - TEquals(3, view2Results.rows[0].value.length, - "Warning: installed SpiderMonkey version doesn't allow sealing of arrays"); - if (view2Results.rows[0].value.length === 3) { - TEquals(1, view2Results.rows[0].value[0]); - TEquals(2, view2Results.rows[0].value[1]); - TEquals(3, view2Results.rows[0].value[2]); - } - - // we can't be 100% sure about the order for the same key - T(view2Results.rows[1].value["a"] == 1 || view2Results.rows[1].value[0] == "foo"); - T(view2Results.rows[1].value["b"] == 2 || view2Results.rows[1].value[1] == "bar"); - T(view2Results.rows[2].value["a"] == 1 || view2Results.rows[2].value[0] == "foo"); - T(view2Results.rows[2].value["b"] == 2 || view2Results.rows[2].value[1] == "bar"); - TEquals('undefined', typeof view2Results.rows[1].value["c"], "doc2.tokens object was not sealed"); - TEquals('undefined', typeof view2Results.rows[2].value["c"], "doc2.tokens object was not sealed"); - -/* (see above) - TEquals(2, view2Results.rows[2].value.length, - "Warning: installed SpiderMonkey version doesn't allow sealing of arrays"); - if (view2Results.rows[2].value.length === 2) { - TEquals("foo", view2Results.rows[2].value[0]); - TEquals("bar", view2Results.rows[2].value[1]); - } -*/ - - // cleanup - db.deleteDb(); - - // test that runtime code evaluation can be prevented - db_name = get_random_db_name(); - db = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"}); - db.createDb(); - - var doc = {integer: 1, string: "1", array: [1, 2, 3]}; - T(db.save(doc).ok); - - var results = db.query(function(doc) { - var glob = emit.constructor('return this')(); - emit(doc._id, null); - }); - - TEquals(0, results.rows.length); - - // cleanup - db.deleteDb(); -}; |