mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity
apparmor/utils/test/test-profile-storage.py

201 lines
11 KiB
Python
Raw Normal View History

[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
#! /usr/bin/python3
# ------------------------------------------------------------------
#
# Copyright (C) 2017 Christian Boltz <apparmor@cboltz.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
import unittest
from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug
split off add_or_remove_flag() from change_profile_flags() Also add some tests for add_or_remove_flag()
2018-07-25 20:44:39 +02:00
from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, split_flags, var_transform
[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
class TestUnknownKey(AATest):
def AASetup(self):
self.storage = ProfileStorage('/test/foo', 'hat', 'TEST')
def test_read(self):
with self.assertRaises(AppArmorBug):
self.storage['foo']
def test_get(self):
with self.assertRaises(AppArmorBug):
self.storage.get('foo')
def test_get_with_fallback(self):
with self.assertRaises(AppArmorBug):
self.storage.get('foo', 'bar')
def test_set(self):
with self.assertRaises(AppArmorBug):
self.storage['foo'] = 'bar'
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
class AaTest_get_header(AATest):
tests = [
# name embedded_hat write_flags depth flags attachment prof.keyw. comment expected
(['/foo', False, True, 1, 'complain', '', False, '' ], ' /foo flags=(complain) {'),
(['/foo', True, True, 1, 'complain', '', False, '' ], ' profile /foo flags=(complain) {'),
(['/foo sp', False, False, 2, 'complain', '', False, '' ], ' "/foo sp" {'),
(['/foo' ,False, False, 2, 'complain', '', False, '' ], ' /foo {'),
(['/foo', True, False, 2, 'complain', '', False, '' ], ' profile /foo {'),
(['/foo', False, True, 0, None, '', False, '' ], '/foo {'),
(['/foo', True, True, 0, None, '', False, '' ], 'profile /foo {'),
(['/foo', False, False, 0, None, '', False, '' ], '/foo {'),
(['/foo', True, False, 0, None, '', False, '' ], 'profile /foo {'),
(['bar', False, True, 1, 'complain', '', False, '' ], ' profile bar flags=(complain) {'),
(['bar', False, True, 1, 'complain', '/foo', False, '' ], ' profile bar /foo flags=(complain) {'),
(['bar', True, True, 1, 'complain', '/foo', False, '' ], ' profile bar /foo flags=(complain) {'),
(['bar baz', False, True, 1, None, '/foo', False, '' ], ' profile "bar baz" /foo {'),
(['bar', True, True, 1, None, '/foo', False, '' ], ' profile bar /foo {'),
(['bar baz', False, True, 1, 'complain', '/foo sp', False, '' ], ' profile "bar baz" "/foo sp" flags=(complain) {'),
(['^foo', False, True, 1, 'complain', '', False, '' ], ' profile ^foo flags=(complain) {'),
(['^foo', True, True, 1, 'complain', '', False, '' ], ' ^foo flags=(complain) {'),
(['^foo', True, True, 1.5, 'complain', '', False, '' ], ' ^foo flags=(complain) {'),
(['^foo', True, True, 1.3, 'complain', '', False, '' ], ' ^foo flags=(complain) {'),
(['/foo', False, True, 1, 'complain', '', True, '' ], ' profile /foo flags=(complain) {'),
(['/foo', True, True, 1, 'complain', '', True, '' ], ' profile /foo flags=(complain) {'),
(['/foo', False, True, 1, 'complain', '', False, '# x' ], ' /foo flags=(complain) { # x'),
(['/foo', True, True, 1, None, '', False, '# x' ], ' profile /foo { # x'),
(['/foo', False, True, 1, None, '', True, '# x' ], ' profile /foo { # x'),
(['/foo', True, True, 1, 'complain', '', True, '# x' ], ' profile /foo flags=(complain) { # x'),
]
def _run_test(self, params, expected):
name = params[0]
embedded_hat = params[1]
write_flags = params[2]
depth = params[3]
prof_storage = ProfileStorage(name, '', 'test')
prof_storage['flags'] = params[4]
prof_storage['attachment'] = params[5]
prof_storage['profile_keyword'] = params[6]
prof_storage['header_comment'] = params[7]
prof_storage['xattrs'] = ''
result = prof_storage.get_header(depth, name, embedded_hat, write_flags)
self.assertEqual(result, [expected])
class AaTest_get_header_01(AATest):
tests = [
(
{'name': '/foo', 'write_flags': True, 'depth': 1, 'flags': 'complain'},
' /foo flags=(complain) {',
),
(
{'name': '/foo', 'write_flags': True, 'depth': 1, 'flags': 'complain', 'profile_keyword': True},
' profile /foo flags=(complain) {',
),
(
{'name': '/foo', 'write_flags': True, 'flags': 'complain'},
'/foo flags=(complain) {',
),
(
{'name': '/foo', 'xattrs': 'user.foo=bar', 'write_flags': True, 'flags': 'complain'},
'/foo xattrs=(user.foo=bar) flags=(complain) {',
),
(
{'name': '/foo', 'xattrs': 'user.foo=bar', 'embedded_hat': True},
'profile /foo xattrs=(user.foo=bar) {',
),
]
def _run_test(self, params, expected):
name = params['name']
embedded_hat = params.get('embedded_hat', False)
write_flags = params.get('write_flags', False)
depth = params.get('depth', 0)
prof_storage = ProfileStorage(name, '', 'test')
for param in ['flags', 'attachment', 'profile_keyword', 'header_comment', 'xattrs']:
if params.get(param) is not None:
prof_storage[param] = params[param]
result = prof_storage.get_header(depth, name, embedded_hat, write_flags)
self.assertEqual(result, [expected])
utils: ProfileStorage - add tests with invalid type Add tests with invalid type to ensure error handling works as expected. Merge branch 'cboltz/cboltz-profile-storage-tests' [Fixed conflict with prior change to utils/test/test-profile-storage.py] Acked-by: Steve Beattie <steve@nxnw.org> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/735
2021-04-11 16:54:43 -07:00
ProfileStorage: add tests with invalid type ... to ensure error handling works as expected.
2021-04-11 21:54:36 +02:00
class TestSetInvalid(AATest):
tests = [
(('profile_keyword', None), AppArmorBug), # expects bool
(('profile_keyword', 'foo'), AppArmorBug),
(('attachment', False), AppArmorBug), # expects string
(('attachment', None), AppArmorBug),
(('filename', True), AppArmorBug), # expects string or None
(('allow', None), AppArmorBug), # doesn't allow overwriting at all
]
def _run_test(self, params, expected):
self.storage = ProfileStorage('/test/foo', 'hat', 'TEST')
with self.assertRaises(expected):
self.storage[params[0]] = params[1]
utils: ProfileStorage - add tests with invalid type Add tests with invalid type to ensure error handling works as expected. Merge branch 'cboltz/cboltz-profile-storage-tests' [Fixed conflict with prior change to utils/test/test-profile-storage.py] Acked-by: Steve Beattie <steve@nxnw.org> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/735
2021-04-11 16:54:43 -07:00
split off add_or_remove_flag() from change_profile_flags() Also add some tests for add_or_remove_flag()
2018-07-25 20:44:39 +02:00
class AaTest_add_or_remove_flag(AATest):
tests = [
# existing flag(s) flag to change add or remove? expected flags
([ [], 'complain', True ], ['complain'] ),
([ [], 'complain', False ], [] ),
([ ['complain'], 'complain', True ], ['complain'] ),
([ ['complain'], 'complain', False ], [] ),
([ [], 'audit', True ], ['audit'] ),
([ [], 'audit', False ], [] ),
([ ['complain'], 'audit', True ], ['audit', 'complain'] ),
([ ['complain'], 'audit', False ], ['complain'] ),
extend add_or_remove_flag() to handle str for old flags If the old flags are given as str (or None), call split_flags() to convert them to a list. This allows to simplify change_profile_flags() which now doesn't need to call split_flags() on its own. Also add some tests with a str for the old flags
2018-07-25 20:59:34 +02:00
([ '', 'audit', True ], ['audit'] ),
([ None, 'audit', False ], [] ),
([ 'complain', 'audit', True ], ['audit', 'complain'] ),
([ ' complain ', 'audit', False ], ['complain'] ),
add_or_remove_flag(): allow to add or remove multiple flags Multiple flags can be given as string (will be split) or as array. Also add some tests confirming that everything works as expected.
2020-09-24 23:03:35 +02:00
([ 'audit complain', ['audit', 'complain'], False ], [] ),
([ 'audit complain', 'audit complain', False ], [] ),
([ 'audit complain', ['audit', 'enforce'], False ], ['complain'] ),
([ 'audit complain', 'audit enforce', False ], ['complain'] ),
([ '', ['audit', 'complain'], True ], ['audit', 'complain'] ),
([ '', 'audit complain', True ], ['audit', 'complain'] ),
([ 'audit', ['audit', 'enforce'], True ], ['audit', 'enforce'] ),
([ 'audit', 'audit enforce', True ], ['audit', 'enforce'] ),
split off add_or_remove_flag() from change_profile_flags() Also add some tests for add_or_remove_flag()
2018-07-25 20:44:39 +02:00
]
def _run_test(self, params, expected):
new_flags = add_or_remove_flag(params[0], params[1], params[2])
self.assertEqual(new_flags, expected)
move splitting flags into profile_storage split_flags() function ... and change change_profile_flags() to use it instead of doing it itsself Also add some tests for split_flags()
2018-07-25 20:33:52 +02:00
class AaTest_split_flags(AATest):
tests = [
(None , [] ),
('' , [] ),
(' ' , [] ),
(' , ' , [] ),
('complain' , ['complain'] ),
(' complain attach_disconnected' , ['attach_disconnected', 'complain'] ),
(' complain , attach_disconnected' , ['attach_disconnected', 'complain'] ),
(' complain , , audit , , ' , ['audit', 'complain'] ),
]
def _run_test(self, params, expected):
split = split_flags(params)
self.assertEqual(split, expected)
move several write_* functions to apparmor.profile_storage ProfileStorage() stores the content of a profile, so it makes sense to also have the functions to write those rules (including helper functions used by these functions) in the same file. Note that I only moved the functions for rule types that are not handled by *Ruleset classes. The functions for writing rules stored in a *Ruleset class will hopefully be superfluous sooner or later (probably later because serialize_parse_profile_start() depends on them, and rewriting it won't be easy) Also move the test for var_transform() to test-profile-storage.py.
2018-05-09 22:08:44 +02:00
class AaTest_var_transform(AATest):
tests = [
let var_transform() sort variable content This is needed to get a reproducible output. Also adjust the tests in test-profile-storage.py and add some example variable to cleanprof.in and cleanprof.out
2018-05-31 21:57:13 +02:00
(['foo', ''], '"" foo' ),
(['foo', 'bar'], 'bar foo' ),
move several write_* functions to apparmor.profile_storage ProfileStorage() stores the content of a profile, so it makes sense to also have the functions to write those rules (including helper functions used by these functions) in the same file. Note that I only moved the functions for rule types that are not handled by *Ruleset classes. The functions for writing rules stored in a *Ruleset class will hopefully be superfluous sooner or later (probably later because serialize_parse_profile_start() depends on them, and rewriting it won't be easy) Also move the test for var_transform() to test-profile-storage.py.
2018-05-09 22:08:44 +02:00
([''], '""' ),
(['bar baz', 'foo'], '"bar baz" foo' ),
]
def _run_test(self, params, expected):
self.assertEqual(var_transform(params), expected)
[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
setup_all_loops(__name__)
if __name__ == '__main__':
make utils tests less verbose Given the big number of tests, printing a dot for each test (instead of multiple lines) is enough ;-)
2018-04-08 20:18:30 +02:00
unittest.main(verbosity=1)
Reference in New Issue Copy Permalink