mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity
apparmor/utils/test/test-profile-storage.py

319 lines
24 KiB
Python
Raw Normal View History

[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
#! /usr/bin/python3
# ------------------------------------------------------------------
#
ProfileStorage: store parent profile ... and extend the tests to get some coverage.
2024-10-06 20:39:01 +02:00
# Copyright (C) 2017-2024 Christian Boltz <apparmor@cboltz.de>
[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
import unittest
Move parse_profile_start{,_to_storage}() into ProfileStorage ... and make them class functions of ProfileStorage. parse_profile_start_to_storage() gets renamed to parse(). Also move the tests for parse_profile_start() and parse_profile_start_to_storage() to test-profile-storage.py.
2021-05-16 17:25:54 +02:00
from apparmor.common import AppArmorBug, AppArmorException
split off add_or_remove_flag() from change_profile_flags() Also add some tests for add_or_remove_flag()
2018-07-25 20:44:39 +02:00
from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, split_flags, var_transform
ProfileStorage: incldue profile header in __repr__() ProfileStorage knows a whole profile, therefore it should also include the profile header in __repr__(). Also add a test for this.
2024-05-12 12:36:09 +02:00
from apparmor.rule.capability import CapabilityRule
Order imports and module-level dunder name assignments.
2022-08-07 20:32:07 -04:00
from common_test import AATest, setup_all_loops
[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
class TestUnknownKey(AATest):
def AASetup(self):
self.storage = ProfileStorage('/test/foo', 'hat', 'TEST')
def test_read(self):
with self.assertRaises(AppArmorBug):
self.storage['foo']
def test_get(self):
with self.assertRaises(AppArmorBug):
self.storage.get('foo')
def test_get_with_fallback(self):
with self.assertRaises(AppArmorBug):
self.storage.get('foo', 'bar')
def test_set(self):
with self.assertRaises(AppArmorBug):
self.storage['foo'] = 'bar'
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
class AaTest_get_header(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
# name embedded_hat depth flags attachment xattrs prof.keyw. comment expected
Add support for --show-matching-path and xattrs The new option --show-matching-path shows a path that matches in the host filesystem, to prove that the profile is indeed used. Also, profiles' xattrs are now parsed into a dict and are taken in consideration when looking for matching profiles. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
2025-05-13 16:38:36 +02:00
(('/foo', False, 1, 'complain', '', {}, False, ''), ' /foo flags=(complain) {'),
(('/foo', True, 1, 'complain', '', {}, False, ''), ' profile /foo flags=(complain) {'),
(('/foo sp', False, 2, 'complain', '', {}, False, ''), ' "/foo sp" flags=(complain) {'),
(('/foo', True, 2, 'complain', '', {}, False, ''), ' profile /foo flags=(complain) {'),
(('/foo', False, 0, None, '', {}, False, ''), '/foo {'),
(('/foo', False, 0, None, '', {'user.foo': 'bar'}, False, ''), '/foo xattrs=(user.foo=bar) {'),
(('/foo', True, 0, None, '', {}, False, ''), 'profile /foo {'),
(('bar', False, 1, 'complain', '', {}, False, ''), ' profile bar flags=(complain) {'),
(('bar', False, 1, 'complain', '/foo', {}, False, ''), ' profile bar /foo flags=(complain) {'),
(('bar', True, 1, 'complain', '/foo', {}, False, ''), ' profile bar /foo flags=(complain) {'),
(('bar baz', False, 1, None, '/foo', {}, False, ''), ' profile "bar baz" /foo {'),
(('bar', True, 1, None, '/foo', {}, False, ''), ' profile bar /foo {'),
(('bar baz', False, 1, 'complain', '/foo sp', {}, False, ''), ' profile "bar baz" "/foo sp" flags=(complain) {'),
(('bar baz', False, 1, 'complain', '/foo sp', {'user.foo': 'bar'}, False, ''), ' profile "bar baz" "/foo sp" xattrs=(user.foo=bar) flags=(complain) {'),
(('^foo', False, 1, 'complain', '', {}, False, ''), ' profile ^foo flags=(complain) {'),
(('^foo', True, 1, 'complain', '', {}, False, ''), ' ^foo flags=(complain) {'),
(('^foo', True, 1.5, 'complain', '', {}, False, ''), ' ^foo flags=(complain) {'),
(('^foo', True, 1.3, 'complain', '', {}, False, ''), ' ^foo flags=(complain) {'),
(('/foo', False, 1, 'complain', '', {}, True, ''), ' profile /foo flags=(complain) {'),
(('/foo', True, 1, 'complain', '', {}, True, ''), ' profile /foo flags=(complain) {'),
(('/foo', False, 1, 'complain', '', {}, False, '# x'), ' /foo flags=(complain) { # x'),
(('/foo', True, 1, None, '', {}, False, '# x'), ' profile /foo { # x'),
(('/foo', False, 1, None, '', {}, True, '# x'), ' profile /foo { # x'),
(('/foo', True, 1, 'complain', '', {}, True, '# x'), ' profile /foo flags=(complain) { # x'),
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
def _run_test(self, params, expected):
name = params[0]
embedded_hat = params[1]
get_header() tests: drop write_flags, add xattrs Drop unused write_flags parameter from AaTest_get_header and AaTest_get_header_01. This is a cleanup for the previous commit. While on it, add xattrs parameter to AaTest_get_header, and add two tests with non-empty xattrs.
2021-05-24 12:55:27 +02:00
depth = params[2]
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
prof_storage = ProfileStorage(name, '', 'test')
get_header() tests: drop write_flags, add xattrs Drop unused write_flags parameter from AaTest_get_header and AaTest_get_header_01. This is a cleanup for the previous commit. While on it, add xattrs parameter to AaTest_get_header, and add two tests with non-empty xattrs.
2021-05-24 12:55:27 +02:00
prof_storage['flags'] = params[3]
prof_storage['attachment'] = params[4]
prof_storage['xattrs'] = params[5]
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
prof_storage['profile_keyword'] = params[6]
prof_storage['header_comment'] = params[7]
utils: fix cleanprof regression on header generation Commit c9d41a3ebb introduced a regression on profile header generation. This commit removes the name parameter from the get_header function since the ProfileStorage should already contain all the information required to generate the header for profiles and hats. The tests needed to be updated as well to make sure the ProfileStorage object contained the information needed by the get_header method. Fixes: c9d41a3ebb ("utils: fix profile and hat header generation") Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-28 17:52:23 -03:00
result = prof_storage.get_header(depth, embedded_hat)
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
self.assertEqual(result, [expected])
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
class AaTest_get_header_01(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
({'name': '/foo', 'depth': 1, 'flags': 'complain'}, ' /foo flags=(complain) {'),
({'name': '/foo', 'depth': 1, 'flags': 'complain', 'profile_keyword': True}, ' profile /foo flags=(complain) {'),
({'name': '/foo', 'flags': 'complain'}, '/foo flags=(complain) {'),
Add support for --show-matching-path and xattrs The new option --show-matching-path shows a path that matches in the host filesystem, to prove that the profile is indeed used. Also, profiles' xattrs are now parsed into a dict and are taken in consideration when looking for matching profiles. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
2025-05-13 16:38:36 +02:00
({'name': '/foo', 'xattrs': {'user.foo': 'bar'}, 'flags': 'complain'}, '/foo xattrs=(user.foo=bar) flags=(complain) {'),
({'name': '/foo', 'xattrs': {'user.foo': 'bar'}, 'embedded_hat': True}, 'profile /foo xattrs=(user.foo=bar) {'),
({'name': '/foo', 'xattrs': {'user.foo': None}, 'embedded_hat': True}, 'profile /foo xattrs=(user.foo) {'),
({'name': '/foo', 'xattrs': {'user.foo': None, 'user.bar': None}, 'embedded_hat': True}, 'profile /foo xattrs=(user.bar user.foo) {'),
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
def _run_test(self, params, expected):
name = params['name']
embedded_hat = params.get('embedded_hat', False)
depth = params.get('depth', 0)
prof_storage = ProfileStorage(name, '', 'test')
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
for param in ('flags', 'attachment', 'profile_keyword', 'header_comment', 'xattrs'):
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
if params.get(param) is not None:
prof_storage[param] = params[param]
utils: fix cleanprof regression on header generation Commit c9d41a3ebb introduced a regression on profile header generation. This commit removes the name parameter from the get_header function since the ProfileStorage should already contain all the information required to generate the header for profiles and hats. The tests needed to be updated as well to make sure the ProfileStorage object contained the information needed by the get_header method. Fixes: c9d41a3ebb ("utils: fix profile and hat header generation") Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-28 17:52:23 -03:00
result = prof_storage.get_header(depth, embedded_hat)
Move and rename write_header() to ProfileStorage.get_header() Also adjust the calling code to use get_header() instead of write_header(). Finally, move the tests to test-profile-storage.py and do a few adjustments needed by the change. Part of these adjustments is to hand over empty params with the correct type instead of just "None".
2021-04-11 14:55:24 +02:00
self.assertEqual(result, [expected])
utils: ProfileStorage - add tests with invalid type Add tests with invalid type to ensure error handling works as expected. Merge branch 'cboltz/cboltz-profile-storage-tests' [Fixed conflict with prior change to utils/test/test-profile-storage.py] Acked-by: Steve Beattie <steve@nxnw.org> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/735
2021-04-11 16:54:43 -07:00
utils: fix profile and hat header generation The header was being generated incorrectly in 2 cases: When the profile/hat contained the parent profile in its name, as in profile firefox//dash { hat ^firefox//dash { and in the unit tests, the child profile or hat was being named as the parent profile. This was not caught by the general case because the code has not yet been fully adapted to handle multiple nested child profiles. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/493 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-24 19:38:00 -03:00
class AaTest_get_header_after_parse(AATest):
tests = (
# profile start line profile hat embedded_hat depth clean header
(('/foo {', None, None, False, 0), ('/foo {')),
(('/foo flags=(complain) {', None, None, False, 0), ('/foo flags=(complain) {')),
(('profile /foo {', None, None, False, 2), (' profile /foo {')),
(('profile /foo {', '/bar', None, False, 1), (' profile /foo {')), # child profile
(('profile /foo flags=(complain) {', None, None, False, 0), ('profile /foo flags=(complain) {')),
(('profile foo /foo {', None, None, False, 0), ('profile foo /foo {')), # named profile
(('profile foo /foo flags=(complain) {', None, None, False, 0), ('profile foo /foo flags=(complain) {')), # named profile and flags
(('profile foo /foo flags=(enforce) {', '/bar', None, False, 0), ('profile foo /foo flags=(enforce) {')), # child profile and flags
(('/foo//bar {', None, None, True, 1), (' profile /foo//bar {')), # external hat
(('/bin/bash///bin/cat {', None, None, True, 1), (' profile /bin/bash///bin/cat {')), # external hat
(('profile /foo//bar {', None, None, True, 1), (' profile /foo//bar {')), # external hat and name is attachment
(('profile foo//bar {', None, None, True, 2), (' profile foo//bar {')), # external hat and no attachment
(('profile foo//bar /attachment {', None, None, True, 2), (' profile foo//bar /attachment {')), # external hat and attachment
(('/foo//bar flags=(enforce) {', None, None, True, 1), (' profile /foo//bar flags=(enforce) {')), # external hat and flags
(('profile /foo//bar flags=(attach_disconnected) {', None, None, True, 1), (' profile /foo//bar flags=(attach_disconnected) {')), # external hat, name is attachment and flags
(('profile foo//bar flags=(complain) {', None, None, True, 2), (' profile foo//bar flags=(complain) {')), # external hat, no attachment and flags
(('profile foo//bar /attachment flags=(complain) {', None, None, True, 2), (' profile foo//bar /attachment flags=(complain) {')), # external hat, attachment and flags
(('profile "foo//has spaces" {', None, None, True, 1), (' profile "foo//has spaces" {')), # quoted external hat
(('profile "/path/with spaces/foo//has spaces" {', None, None, True, 0), ('profile "/path/with spaces/foo//has spaces" {')), # quoted external hat
(('profile "foo//has spaces" flags=(complain) {', None, None, True, 1), (' profile "foo//has spaces" flags=(complain) {')), # quoted external hat and flags
(('profile "/p h/foo//has spaces" flags=(complain) {', None, None, True, 0), ('profile "/p h/foo//has spaces" flags=(complain) {')), # quoted external hat and flags
(('profile /foo xattrs=(user.bar=bar) {', None, None, False, 1), (' profile /foo xattrs=(user.bar=bar) {')),
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None, False, 0), ('profile /foo xattrs=(user.bar=bar user.foo=*) {')),
(('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None, False, 0), ('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {')),
(('profile /foo xattrs=(user.bar=bar) {', '/bar', None, False, 1), (' profile /foo xattrs=(user.bar=bar) {')), # child profile
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', '/bar', None, False, 0), ('profile /foo xattrs=(user.bar=bar user.foo=*) {')), # child profile
(('profile /bin/xattr xattrs=(myvalue="foo.bar") {', '/bar', None, False, 0), ('profile /bin/xattr xattrs=(myvalue="foo.bar") {')), # child profile needs profile keyword
(('profile /foo//bar xattrs=(user.bar=bar) {', None, None, True, 1), (' profile /foo//bar xattrs=(user.bar=bar) {')), # external hat
(('profile foo//bar /foo xattrs=(user.bar=bar) {', None, None, True, 1), (' profile foo//bar /foo xattrs=(user.bar=bar) {')), # external hat
(('profile "foo//bar" xattrs=(user.bar=b user.f=*) {', None, None, True, 0), ('profile foo//bar xattrs=(user.bar=b user.f=*) {')), # external hat
(('/bin/xattrs//test xattrs=(myvalue="foo.bar") {', None, None, True, 0), ('profile /bin/xattrs//test xattrs=(myvalue="foo.bar") {')), # external hat
(('^foo {', None, None, True, 1), (' ^foo {')),
(('hat foo {', None, None, True, 1), (' hat foo {')),
(('^foo flags=(complain) {', None, None, True, 0), ('^foo flags=(complain) {')),
(('hat foo flags=(attach_disconnected) {', None, None, True, 0), ('hat foo flags=(attach_disconnected) {')),
(('^foo {', '/bar', None, True, 1), (' ^foo {')),
(('hat foo {', '/bar', None, True, 0), ('hat foo {')),
(('^foo flags=(complain) {', '/bar', None, True, 0), ('^foo flags=(complain) {')),
(('hat foo flags=(attach_disconnected) {', '/bar', None, True, 2), (' hat foo flags=(attach_disconnected) {')),
(('^/bar//foo {', None, None, True, 0), ('^/bar//foo {')),
(('hat /bar//foo {', None, None, True, 1), (' hat /bar//foo {')),
(('^/bar//foo flags=(complain) {', None, None, True, 1), (' ^/bar//foo flags=(complain) {')),
(('hat /bar//foo flags=(attach_disconnected) {', None, None, True, 0), ('hat /bar//foo flags=(attach_disconnected) {')),
(('^bar//foo {', None, None, True, 0), ('^bar//foo {')),
(('hat bar//foo {', None, None, True, 1), (' hat bar//foo {')),
(('^bar//foo flags=(complain) {', None, None, True, 1), (' ^bar//foo flags=(complain) {')),
(('hat bar//foo flags=(attach_disconnected) {', None, None, True, 0), ('hat bar//foo flags=(attach_disconnected) {')),
(('^"/bar//foo space" {', None, None, True, 1), (' ^"/bar//foo space" {')),
(('hat "bar//foo space" {', None, None, True, 0), ('hat "bar//foo space" {')),
(('^"/space bar//foo" flags=(complain) {', None, None, True, 1), (' ^"/space bar//foo" flags=(complain) {')),
(('hat "space ba//foo" flags=(attach_disconnected) {', None, None, True, 0), ('hat "space ba//foo" flags=(attach_disconnected) {')),
)
def _run_test(self, params, expected):
(profile, hat, prof_storage) = ProfileStorage.parse(params[0], 'somefile', 1, params[1], params[2])
utils: fix cleanprof regression on header generation Commit c9d41a3ebb introduced a regression on profile header generation. This commit removes the name parameter from the get_header function since the ProfileStorage should already contain all the information required to generate the header for profiles and hats. The tests needed to be updated as well to make sure the ProfileStorage object contained the information needed by the get_header method. Fixes: c9d41a3ebb ("utils: fix profile and hat header generation") Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-28 17:52:23 -03:00
header = prof_storage.get_header(params[4], params[3])
utils: fix profile and hat header generation The header was being generated incorrectly in 2 cases: When the profile/hat contained the parent profile in its name, as in profile firefox//dash { hat ^firefox//dash { and in the unit tests, the child profile or hat was being named as the parent profile. This was not caught by the general case because the code has not yet been fully adapted to handle multiple nested child profiles. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/493 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-24 19:38:00 -03:00
self.assertEqual(header, [expected], prof_storage.data)
ProfileStorage: add tests with invalid type ... to ensure error handling works as expected.
2021-04-11 21:54:36 +02:00
class TestSetInvalid(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
(('profile_keyword', None), AppArmorBug), # expects bool
(('profile_keyword', 'foo'), AppArmorBug),
(('attachment', False), AppArmorBug), # expects string
(('attachment', None), AppArmorBug),
(('filename', True), AppArmorBug), # expects string or None
(('allow', None), AppArmorBug), # doesn't allow overwriting at all
Add support for --show-matching-path and xattrs The new option --show-matching-path shows a path that matches in the host filesystem, to prove that the profile is indeed used. Also, profiles' xattrs are now parsed into a dict and are taken in consideration when looking for matching profiles. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
2025-05-13 16:38:36 +02:00
(('xattrs', 0), AppArmorBug), # Invalid type
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
ProfileStorage: add tests with invalid type ... to ensure error handling works as expected.
2021-04-11 21:54:36 +02:00
def _run_test(self, params, expected):
self.storage = ProfileStorage('/test/foo', 'hat', 'TEST')
with self.assertRaises(expected):
self.storage[params[0]] = params[1]
ProfileStorage: test invalid type change ... for a type that doesn't have special handling in __setitem__()
2024-05-12 12:37:41 +02:00
def testInvalidTypeChange(self):
storage = ProfileStorage('/test/foo', 'hat', 'TEST')
storage.data['invalid'] = 42 # manually set behind __setitem__'s back to avoid checks
with self.assertRaises(AppArmorBug):
storage['invalid'] = 'foo' # attempt to change type from int to str
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
ProfileStorage: incldue profile header in __repr__() ProfileStorage knows a whole profile, therefore it should also include the profile header in __repr__(). Also add a test for this.
2024-05-12 12:36:09 +02:00
class AaTest_repr(AATest):
def testRepr(self):
utils: fix cleanprof regression on header generation Commit c9d41a3ebb introduced a regression on profile header generation. This commit removes the name parameter from the get_header function since the ProfileStorage should already contain all the information required to generate the header for profiles and hats. The tests needed to be updated as well to make sure the ProfileStorage object contained the information needed by the get_header method. Fixes: c9d41a3ebb ("utils: fix profile and hat header generation") Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-28 17:52:23 -03:00
prof_storage = ProfileStorage('foo', 'hat', 'TEST')
ProfileStorage: incldue profile header in __repr__() ProfileStorage knows a whole profile, therefore it should also include the profile header in __repr__(). Also add a test for this.
2024-05-12 12:36:09 +02:00
prof_storage['name'] = 'foo'
Add support for --show-matching-path and xattrs The new option --show-matching-path shows a path that matches in the host filesystem, to prove that the profile is indeed used. Also, profiles' xattrs are now parsed into a dict and are taken in consideration when looking for matching profiles. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
2025-05-13 16:38:36 +02:00
prof_storage['xattrs'] = {'user.bar': 'bar'}
ProfileStorage: incldue profile header in __repr__() ProfileStorage knows a whole profile, therefore it should also include the profile header in __repr__(). Also add a test for this.
2024-05-12 12:36:09 +02:00
prof_storage['capability'].add(CapabilityRule('dac_override'))
self.assertEqual(str(prof_storage), '\n<ProfileStorage>\nprofile foo xattrs=(user.bar=bar) {\n capability dac_override,\n\n}\n</ProfileStorage>\n')
Move parse_profile_start{,_to_storage}() into ProfileStorage ... and make them class functions of ProfileStorage. parse_profile_start_to_storage() gets renamed to parse(). Also move the tests for parse_profile_start() and parse_profile_start_to_storage() to test-profile-storage.py.
2021-05-16 17:25:54 +02:00
class AaTest_parse_profile_start(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
ProfileStorage: store parent profile ... and extend the tests to get some coverage.
2024-10-06 20:39:01 +02:00
# profile start line profile hat parent name profile hat attachment xattrs flags pps_set_hat_external
Add support for --show-matching-path and xattrs The new option --show-matching-path shows a path that matches in the host filesystem, to prove that the profile is indeed used. Also, profiles' xattrs are now parsed into a dict and are taken in consideration when looking for matching profiles. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
2025-05-13 16:38:36 +02:00
(('/foo {', None, None), ('', '/foo', '/foo', '/foo', '', {}, None, False)),
(('/foo (complain) {', None, None), ('', '/foo', '/foo', '/foo', '', {}, 'complain', False)),
(('profile foo /foo {', None, None), ('', 'foo', 'foo', 'foo', '/foo', {}, None, False)), # named profile
(('profile /foo {', '/bar', None), ('/bar', '/foo', '/bar', '/foo', '', {}, None, False)), # child profile
(('profile /foo xattrs=() {', '/bar', None), ('/bar', '/foo', '/bar', '/foo', '', {}, None, False)),
(('/foo//bar {', None, None), ('/foo', '/foo//bar', '/foo', 'bar', '', {}, None, True)), # external hat
(('profile "/foo" (complain) {', None, None), ('', '/foo', '/foo', '/foo', '', {}, 'complain', False)),
(('profile "/foo" xattrs=() {', None, None), ('', '/foo', '/foo', '/foo', '', {}, None, False)),
(('profile "/foo" xattrs=(user.bar) {', None, None), ('', '/foo', '/foo', '/foo', '', {'user.bar': None}, None, False)),
(('profile "/foo" xattrs=(user.foo user.bar) {', None, None), ('', '/foo', '/foo', '/foo', '', {'user.bar': None, 'user.foo': None},
None, False)), # noqa: E127
(('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('', '/foo', '/foo', '/foo', '', {'user.bar': 'bar'}, None, False)),
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('', '/foo', '/foo', '/foo', '', {'user.bar': 'bar', 'user.foo': '*'},
None, False)), # noqa: E127
(('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('', '/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '', {'myvalue': '"foo.bar"'}, None, False)),
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
Move parse_profile_start{,_to_storage}() into ProfileStorage ... and make them class functions of ProfileStorage. parse_profile_start_to_storage() gets renamed to parse(). Also move the tests for parse_profile_start() and parse_profile_start_to_storage() to test-profile-storage.py.
2021-05-16 17:25:54 +02:00
def _run_test(self, params, expected):
(profile, hat, prof_storage) = ProfileStorage.parse(params[0], 'somefile', 1, params[1], params[2])
ProfileStorage: store parent profile ... and extend the tests to get some coverage.
2024-10-06 20:39:01 +02:00
self.assertEqual(prof_storage['parent'], expected[0])
self.assertEqual(prof_storage['name'], expected[1])
self.assertEqual(profile, expected[2])
self.assertEqual(hat, expected[3])
self.assertEqual(prof_storage['attachment'], expected[4])
self.assertEqual(prof_storage['xattrs'], expected[5])
self.assertEqual(prof_storage['flags'], expected[6])
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
self.assertEqual(prof_storage['is_hat'], False)
ProfileStorage: store parent profile ... and extend the tests to get some coverage.
2024-10-06 20:39:01 +02:00
self.assertEqual(prof_storage['external'], expected[7])
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
Move parse_profile_start{,_to_storage}() into ProfileStorage ... and make them class functions of ProfileStorage. parse_profile_start_to_storage() gets renamed to parse(). Also move the tests for parse_profile_start() and parse_profile_start_to_storage() to test-profile-storage.py.
2021-05-16 17:25:54 +02:00
class AaTest_parse_profile_start_errors(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
(('/foo///bar///baz {', None, None), AppArmorException), # XXX deeply nested external hat
(('profile asdf {', '/foo', '/bar'), AppArmorException), # nested child profile
(('/foo {', '/bar', None), AppArmorException), # child profile without profile keyword
(('/foo {', '/bar', '/bar'), AppArmorException), # child profile without profile keyword
(('xy', '/bar', None), AppArmorBug), # not a profile start
(('xy', '/bar', '/bar'), AppArmorBug), # not a profile start
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
Move parse_profile_start{,_to_storage}() into ProfileStorage ... and make them class functions of ProfileStorage. parse_profile_start_to_storage() gets renamed to parse(). Also move the tests for parse_profile_start() and parse_profile_start_to_storage() to test-profile-storage.py.
2021-05-16 17:25:54 +02:00
def _run_test(self, params, expected):
with self.assertRaises(expected):
ProfileStorage.parse(params[0], 'somefile', 1, params[1], params[2])
utils: ProfileStorage - add tests with invalid type Add tests with invalid type to ensure error handling works as expected. Merge branch 'cboltz/cboltz-profile-storage-tests' [Fixed conflict with prior change to utils/test/test-profile-storage.py] Acked-by: Steve Beattie <steve@nxnw.org> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/735
2021-04-11 16:54:43 -07:00
split off add_or_remove_flag() from change_profile_flags() Also add some tests for add_or_remove_flag()
2018-07-25 20:44:39 +02:00
class AaTest_add_or_remove_flag(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
# existing flag(s) flag to change add or remove? expected flags
(([], 'complain', True), ['complain']),
(([], 'complain', False), []),
((['complain'], 'complain', True), ['complain']),
((['complain'], 'complain', False), []),
(([], 'audit', True), ['audit']),
(([], 'audit', False), []),
((['complain'], 'audit', True), ['audit', 'complain']),
((['complain'], 'audit', False), ['complain']),
(('', 'audit', True), ['audit']),
((None, 'audit', False), []),
(('complain', 'audit', True), ['audit', 'complain']),
((' complain ', 'audit', False), ['complain']),
(('audit complain', ('audit', 'complain'), False), []),
(('audit complain', 'audit complain', False), []),
(('audit complain', ('audit', 'enforce'), False), ['complain']),
(('audit complain', 'audit enforce', False), ['complain']),
(('', ('audit', 'complain'), True), ['audit', 'complain']),
(('', 'audit complain', True), ['audit', 'complain']),
(('audit', ('audit', 'enforce'), True), ['audit', 'enforce']),
(('audit', 'audit enforce', True), ['audit', 'enforce']),
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
split off add_or_remove_flag() from change_profile_flags() Also add some tests for add_or_remove_flag()
2018-07-25 20:44:39 +02:00
def _run_test(self, params, expected):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
new_flags = add_or_remove_flag(*params)
split off add_or_remove_flag() from change_profile_flags() Also add some tests for add_or_remove_flag()
2018-07-25 20:44:39 +02:00
self.assertEqual(new_flags, expected)
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
move splitting flags into profile_storage split_flags() function ... and change change_profile_flags() to use it instead of doing it itsself Also add some tests for split_flags()
2018-07-25 20:33:52 +02:00
class AaTest_split_flags(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
(None, []),
('', []),
(' ', []),
(' , ', []),
('complain', ['complain']),
(' complain attach_disconnected', ['attach_disconnected', 'complain']),
(' complain , attach_disconnected', ['attach_disconnected', 'complain']),
(' complain , , audit , , ', ['audit', 'complain']),
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
move splitting flags into profile_storage split_flags() function ... and change change_profile_flags() to use it instead of doing it itsself Also add some tests for split_flags()
2018-07-25 20:33:52 +02:00
def _run_test(self, params, expected):
split = split_flags(params)
self.assertEqual(split, expected)
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
move several write_* functions to apparmor.profile_storage ProfileStorage() stores the content of a profile, so it makes sense to also have the functions to write those rules (including helper functions used by these functions) in the same file. Note that I only moved the functions for rule types that are not handled by *Ruleset classes. The functions for writing rules stored in a *Ruleset class will hopefully be superfluous sooner or later (probably later because serialize_parse_profile_start() depends on them, and rewriting it won't be easy) Also move the test for var_transform() to test-profile-storage.py.
2018-05-09 22:08:44 +02:00
class AaTest_var_transform(AATest):
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
tests = (
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
(('foo', ''), '"" foo'),
(('foo', 'bar'), 'bar foo'),
(('',), '""'),
(('bar baz', 'foo'), '"bar baz" foo'),
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
)
move several write_* functions to apparmor.profile_storage ProfileStorage() stores the content of a profile, so it makes sense to also have the functions to write those rules (including helper functions used by these functions) in the same file. Note that I only moved the functions for rule types that are not handled by *Ruleset classes. The functions for writing rules stored in a *Ruleset class will hopefully be superfluous sooner or later (probably later because serialize_parse_profile_start() depends on them, and rewriting it won't be easy) Also move the test for var_transform() to test-profile-storage.py.
2018-05-09 22:08:44 +02:00
def _run_test(self, params, expected):
self.assertEqual(var_transform(params), expected)
[2/3] Make ProfileStorage a class Move ProfileStorage() from aa.py to the new profile_storage.py and make it a class. The variable name in __init__() changes (profile -> self.data), but the content stays the same. The ProfileStorage class acts like a dict(), but has some additional checks for unknown keys in place. Also add some tests to make sure unknown keys really raise an exception. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-07-11 13:32:33 +02:00
setup_all_loops(__name__)
if __name__ == '__main__':
make utils tests less verbose Given the big number of tests, printing a dot for each test (instead of multiple lines) is enough ;-)
2018-04-08 20:18:30 +02:00
unittest.main(verbosity=1)
Reference in New Issue Copy Permalink