Added by aplanas almost 11 years ago. Updated over 5 years ago.
0%
Description
If we accept test programs from external contributors we need a way to sandbox the code, and avoid unwanted side effect, like accessing the full system from the test.
An alternative for this is the creation of a DSL language to write the test.
How about a slight alternative to this to check for system access in a test, e.g. if certain calls are made, the tests of PRs fail?
Not that no one cares. This is still a valid and important topic and after my testapi decouple is (finally) done this will be much easier to accomplish.
A possible integration of Devel::REPL could help... and as for the DSL, we could use gherkin format maybe (GoS?)...
Since my work on testapi involve doing testapi calls through socket my idea for this is to execute tests in complete container based sandbox - limited fs, net?, hw resources access and so on. Just passing the socket should be enough to interact with testapi and thus SUT. Fot this there is still TODO how QAM interacts with backend directly in some of their tests.
Since testapi will be accessible through socket we can create binding in any language we want quite easily. But that's for different issue and time.
I consider this sufficiently covered with our use of apparmor.