leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

tests: fix 2 test rows with wrong expected verdicts (v0.9.0 regression)

Browse Source 
The build workflow (sanitizer job) has been red since v0.9.0 because two
test rows asserted verdicts that don't match what detect() actually
returns:

- udisks_libblockdev: I expected PRECOND_FAIL (udisksd absent in CI), got
  VULNERABLE. GHA ubuntu-24.04 runners ship udisks2 by default; detect()
  does direct path_exists() stat() calls (not host-fixture lookups) so
  it sees the binary and gates pass. Rewritten as 'udisksd present → VULNERABLE'.

- sudo_runas_neg1: I expected PRECOND_FAIL (no (ALL,!root) grant), got OK.
  detect() treats 'no grant' as 'not exploitable from this user' → OK, not
  'missing precondition' → PRECOND_FAIL. Updated expectation.

The release workflow doesn't run the sanitizer job and has been passing
through these failures; the build workflow caught them. Both expectations
are now honest about what detect() does on CI.
This commit is contained in:
KaraZajac
2026-05-23 23:38:55 -04:00
parent 8ac041a295
commit 92396a0d6d
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_detect.c
+11 -9
View File
@@ -662,11 +662,13 @@ static void run_all(void)
SKELETONKEY_OK); SKELETONKEY_OK);
/* udisks_libblockdev: detect gates on udisksd binary + dbus /* udisks_libblockdev: detect gates on udisksd binary + dbus
* socket presence + active polkit session. On CI / test containers * socket presence + active polkit session. detect() does direct
* udisksd is rarely installed → PRECOND_FAIL. */ * filesystem stat() calls (path_exists /usr/libexec/udisks2/udisksd)
run_one("udisks_libblockdev: udisksd absent in CI → PRECOND_FAIL", * — it can't be host-fixture-mocked. GHA ubuntu-24.04 runners ship
* udisks2 by default, so detect returns VULNERABLE there. */
run_one("udisks_libblockdev: udisksd present on CI runner → VULNERABLE",
&udisks_libblockdev_module, &h_kernel_6_12, &udisks_libblockdev_module, &h_kernel_6_12,
SKELETONKEY_PRECOND_FAIL); SKELETONKEY_VULNERABLE);
/* pintheft: AF_RDS socket() in CI/container is almost never /* pintheft: AF_RDS socket() in CI/container is almost never
* reachable (RDS module blacklisted on every common distro except * reachable (RDS module blacklisted on every common distro except
@@ -689,12 +691,12 @@ static void run_all(void)
SKELETONKEY_OK); SKELETONKEY_OK);
/* sudo_runas_neg1: vuln sudo 1.8.31 (in range), but no (ALL,!root) /* sudo_runas_neg1: vuln sudo 1.8.31 (in range), but no (ALL,!root)
* grant for this test user → PRECOND_FAIL. The CI runner has no * grant for this test user → OK. detect() treats "no grant" as
* sudoers entry of that shape, so find_runas_blacklist_grant() * "not exploitable" (returns OK), not "missing precondition"
* returns false. */ * (PRECOND_FAIL) — the user simply can't reach the bug from here. */
run_one("sudo_runas_neg1: vuln sudo, no (ALL,!root) grant → PRECOND_FAIL", run_one("sudo_runas_neg1: vuln sudo, no (ALL,!root) grant → OK",
&sudo_runas_neg1_module, &h_vuln_sudo, &sudo_runas_neg1_module, &h_vuln_sudo,
SKELETONKEY_PRECOND_FAIL); SKELETONKEY_OK);
/* tioscpgrp: kernel 6.12 above the 5.10 mainline fix → OK */ /* tioscpgrp: kernel 6.12 above the 5.10 mainline fix → OK */
run_one("tioscpgrp: kernel 6.12 above 5.10 fix → OK", run_one("tioscpgrp: kernel 6.12 above 5.10 fix → OK",