mirror of
https://github.com/bahdotsh/wrkflw.git
synced 2025-12-16 19:57:44 +01:00
460357d9fe
Security Features: - Implement secure emulation runtime with command sandboxing - Add command validation, filtering, and dangerous pattern detection - Block harmful commands like 'rm -rf /', 'sudo', 'dd', etc. - Add resource limits (CPU, memory, execution time, process count) - Implement filesystem isolation and access controls - Add environment variable sanitization - Support shell operators (&&, ||, |, ;) with proper parsing New Runtime Mode: - Add 'secure-emulation' runtime option to CLI - Update UI to support new runtime mode with green security indicator - Mark legacy 'emulation' mode as unsafe in help text - Default to secure mode for local development safety Documentation: - Create comprehensive security documentation (README_SECURITY.md) - Update main README with security mode information - Add example workflows demonstrating safe vs dangerous commands - Include migration guide and best practices Testing: - Add comprehensive test suite for sandbox functionality - Include security demo workflows for testing - Test dangerous command blocking and safe command execution - Verify resource limits and timeout functionality Code Quality: - Fix all clippy warnings with proper struct initialization - Add proper error handling and user-friendly security messages - Implement comprehensive logging for security events - Follow Rust best practices throughout This addresses security concerns by preventing accidental harmful commands while maintaining full compatibility with legitimate CI/CD workflows. Users can now safely run untrusted workflows locally without risk to their host system.
Testing Strategy
This directory contains all tests and test-related files for the wrkflw project. We follow the Rust testing best practices by organizing tests as follows:
Test Organization
- Unit Tests: Located alongside the source files in
src/using#[cfg(test)]modules - Integration Tests: Located directly in this
tests/directorymatrix_test.rs- Tests for matrix expansion functionalityreusable_workflow_test.rs- Tests for reusable workflow validation
- End-to-End Tests: Also located in this
tests/directorycleanup_test.rs- Tests for cleanup functionality with Docker resources
Test Directory Structure
fixtures/: Test data and configuration filesgitlab-ci/- GitLab CI configuration files for testing
workflows/: GitHub Actions workflow files for testing- Various YAML files for testing workflow validation and execution
scripts/: Test automation scriptstest-podman-basic.sh- Basic Podman integration test scripttest-preserve-containers.sh- Container preservation testing script
TESTING_PODMAN.md: Comprehensive Podman testing documentation
Running Tests
To run all tests:
cargo test
To run only unit tests:
cargo test --lib
To run only integration tests:
cargo test --test matrix_test --test reusable_workflow_test
To run only end-to-end tests:
cargo test --test cleanup_test
To run a specific test:
cargo test test_name
Writing Tests
Please follow these guidelines when writing tests:
- Use meaningful test names that describe what is being tested
- Group related tests together in modules
- Use helper functions to reduce duplication
- Test both success and failure cases
- Use
#[should_panic]for tests that expect a panic - Avoid test interdependencies