apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-06 19:35:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/cli_unsafe_sandbox.rs
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

50 lines
2.1 KiB
Rust
Raw Permalink Blame History

//! CLI validation tests for --unsafe-sandbox and --backend flag interactions.
//!
//! Guards against regressions in the mutual-exclusion check between
//! `--unsafe-sandbox` and `--backend docker`. The validation only fires when
//! the binary is built with `--features dynamic`; without it both flags are
//! silently accepted (no-op).
#[cfg(feature = "dynamic")]
mod dynamic_sandbox_cli {
use assert_cmd::Command;
use predicates::prelude::*;
fn scan_cmd_with_fresh_env() -> (tempfile::TempDir, Command) {
let home = tempfile::tempdir().expect("tempdir");
let mut cmd = Command::cargo_bin("nyx").expect("nyx binary");
cmd.env("HOME", home.path())
.env("XDG_CONFIG_HOME", home.path().join(".config"))
.env("XDG_DATA_HOME", home.path().join(".local/share"))
.env("NO_COLOR", "1");
// Scan a non-existent path; the backend validation runs before any
// filesystem work so the path doesn't need to exist for these tests.
cmd.args(["scan", "/dev/null/nonexistent"]);
(home, cmd)
}
/// `--unsafe-sandbox --backend docker` must be rejected with a clear error.
#[test]
fn unsafe_sandbox_with_docker_backend_is_rejected() {
let (_home, mut cmd) = scan_cmd_with_fresh_env();
cmd.args(["--unsafe-sandbox", "--backend", "docker"]);
cmd.assert().failure().stderr(predicate::str::contains(
"--unsafe-sandbox and --backend docker are mutually exclusive",
));
}
/// `--unsafe-sandbox` alone (no explicit --backend) must NOT trigger the
/// mutual-exclusion error. It may fail for other reasons (path not found,
/// no findings, etc.) but not with the mutex message.
#[test]
fn unsafe_sandbox_alone_does_not_trigger_mutex_error() {
let (_home, mut cmd) = scan_cmd_with_fresh_env();
cmd.arg("--unsafe-sandbox");
cmd.assert().stderr(
predicate::str::contains(
"--unsafe-sandbox and --backend docker are mutually exclusive",
)
.not(),
);
}
}
Reference in a new issue View git blame Copy permalink