From 20a9f62c59a0cdaf80694a1ecd37cc458bd5f33c Mon Sep 17 00:00:00 2001
From: Amaury Chamayou <amchamay@microsoft.com>
Date: Wed, 29 Jun 2022 19:54:02 +0100
Subject: [PATCH] Add unit test for check_kv_map_access (#3992)

---
 CMakeLists.txt     |  6 +++++
 src/js/test/js.cpp | 64 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 src/js/test/js.cpp

diff --git a/CMakeLists.txt b/CMakeLists.txt
index cb73f0c057..0c09414efd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -339,6 +339,12 @@ if(BUILD_TESTS)
     )
     target_link_libraries(encryptor_test PRIVATE ccfcrypto.host ccf_kv.host)
 
+    add_unit_test(js_test ${CMAKE_CURRENT_SOURCE_DIR}/src/js/test/js.cpp)
+    target_link_libraries(
+      js_test PRIVATE quickjs.host ccf_kv.host ccf_endpoints.host
+                      http_parser.host
+    )
+
     add_unit_test(
       historical_queries_test
       ${CMAKE_CURRENT_SOURCE_DIR}/src/node/test/historical_queries.cpp
diff --git a/src/js/test/js.cpp b/src/js/test/js.cpp
new file mode 100644
index 0000000000..6139acdc95
--- /dev/null
+++ b/src/js/test/js.cpp
@@ -0,0 +1,64 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN
+#include "js/wrap.cpp"
+
+#include <doctest/doctest.h>
+
+TEST_CASE("Check KV Map access")
+{
+  INFO("Application context");
+  {
+    // Governance tables are read-only
+    REQUIRE(
+      _check_kv_map_access(ccf::js::TxAccess::APP, "public:ccf.gov.table"));
+    // Public internal tables are read-only
+    REQUIRE(_check_kv_map_access(
+      ccf::js::TxAccess::APP, "public:ccf.internal.table"));
+    // Public applications tables are read-write
+    REQUIRE(!_check_kv_map_access(ccf::js::TxAccess::APP, "public:table"));
+    // Private applications tables are read-write
+    REQUIRE(!_check_kv_map_access(ccf::js::TxAccess::APP, "table"));
+  }
+
+  INFO("Read-only governance context (ballot, resolve)");
+  {
+    // Governance tables are read-only
+    REQUIRE(
+      _check_kv_map_access(ccf::js::TxAccess::GOV_RO, "public:ccf.gov.table"));
+    // Public internal tables are read-only
+    REQUIRE(_check_kv_map_access(
+      ccf::js::TxAccess::GOV_RO, "public:ccf.internal.table"));
+    // Public applications tables are read-only
+    REQUIRE(_check_kv_map_access(ccf::js::TxAccess::GOV_RO, "public:table"));
+    // Private applications tables are read-only
+    REQUIRE(_check_kv_map_access(ccf::js::TxAccess::GOV_RO, "table"));
+  }
+
+  INFO("Read-write governance context (apply)");
+  {
+    // Governance tables are read-write
+    REQUIRE(
+      !_check_kv_map_access(ccf::js::TxAccess::GOV_RW, "public:ccf.gov.table"));
+    // Public internal tables are read-only
+    REQUIRE(_check_kv_map_access(
+      ccf::js::TxAccess::GOV_RW, "public:ccf.internal.table"));
+    // Public applications tables are read-only
+    REQUIRE(_check_kv_map_access(ccf::js::TxAccess::GOV_RW, "public:table"));
+    // Private applications tables are read-only
+    REQUIRE(_check_kv_map_access(ccf::js::TxAccess::GOV_RW, "table"));
+  }
+
+  INFO("No access to internal private tables from any JS context");
+  {
+    REQUIRE_THROWS_AS(
+      _check_kv_map_access(ccf::js::TxAccess::APP, "ccf.internal"),
+      std::logic_error);
+    REQUIRE_THROWS_AS(
+      _check_kv_map_access(ccf::js::TxAccess::GOV_RO, "ccf.internal"),
+      std::logic_error);
+    REQUIRE_THROWS_AS(
+      _check_kv_map_access(ccf::js::TxAccess::GOV_RW, "ccf.internal"),
+      std::logic_error);
+  }
+}
\ No newline at end of file