You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
evalbox uses Nix for a reproducible dev environment:
6
+
7
+
```bash
8
+
nix develop
9
+
```
10
+
11
+
This provides the Rust toolchain, GCC (for test payloads), Python, and Go.
12
+
13
+
## Building
14
+
15
+
```bash
16
+
cargo build
17
+
```
18
+
19
+
## Testing
20
+
21
+
### Fast checks (CI)
22
+
23
+
```bash
24
+
# Runs via nix: clippy, fmt, unit tests, docs
25
+
nix flake check
26
+
```
27
+
28
+
Or manually:
29
+
30
+
```bash
31
+
cargo clippy --all-targets -- -D warnings
32
+
cargo fmt --check
33
+
cargo test --lib
34
+
cargo doc --no-deps
35
+
```
36
+
37
+
### Full test suite (requires user namespaces)
38
+
39
+
```bash
40
+
nix run .#test-all
41
+
```
42
+
43
+
Or manually:
44
+
45
+
```bash
46
+
cargo build -p evalbox-sandbox
47
+
cargo test -p evalbox-sandbox --test security_tests --ignored -- --test-threads=1
48
+
```
49
+
50
+
The security tests require Linux with user namespaces enabled. They compile C payloads that attempt real exploit techniques (CVEs, syscall abuse, escape vectors) and verify the sandbox blocks them.
51
+
52
+
### Running specific test categories
53
+
54
+
```bash
55
+
cargo test -p evalbox-sandbox --test security_tests seccomp -- --ignored
56
+
cargo test -p evalbox-sandbox --test security_tests filesystem -- --ignored
57
+
cargo test -p evalbox-sandbox --test security_tests network -- --ignored
58
+
cargo test -p evalbox-sandbox --test security_tests cve -- --ignored
59
+
cargo test -p evalbox-sandbox --test security_tests resources -- --ignored
0 commit comments