mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 23:05:11 +00:00
Code Issues Releases Wiki Activity

libapparmor: logparse: fix RECORD_INVALID for valid log

Browse Source 
v2:
- parse partial log line broken at \n
- add testcase_dbus_10.* for partial log line
- remove quotes from  testcasw_dbus_09.profile

The following log format has been seen in the wild, and currently results
in a RECORD_INVALID

    [4835959.046111] audit: type=1107 audit(1561053426.749:186): pid=640 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="ALLOWED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager" member="LookupDynamicUserByName" mask="send" name="org.freedesktop.systemd1" pid=20596 label="/usr/sbin/sshd" peer_pid=1 peer_label="unconfined"
                      exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?'

Test parsing the above message with and without the \n embedded between
peer_label= and exec=

Acked-by: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2019-06-22 02:06:54 -07:00
parent 8a8130d4dd
commit 0349cf2d0a
17 changed files with 119 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
utils/test/test-libapparmor-test_multi.py
View File

@@ -20,6 +20,7 @@ import apparmor.aa
from apparmor.logparser import ReadLog
from apparmor.profile_list import ProfileList
class TestLibapparmorTestMulti(AATest):
'''Parse all libraries/libapparmor/testsuite/test_multi tests and compare the result with the *.out files'''
@@ -27,6 +28,9 @@ class TestLibapparmorTestMulti(AATest):
def _run_test(self, params, expected):
# tests[][expected] is a dummy, replace it with the real values
if params.split('/')[-1] in log_to_skip:
return
expected = self._parse_libapparmor_test_multi(params)
with open_file_read('%s.in' % params) as f_in:
@@ -140,6 +144,10 @@ class TestLibapparmorTestMulti(AATest):
return exresult
# tests that cause crashes or need user interaction (will be skipped)
log_to_skip = [
'testcase_dbus_09', # multiline log not currently supported
]
# tests that do not produce the expected profile (checked with assertNotEqual)
log_to_profile_known_failures = [
@@ -164,6 +172,7 @@ log_to_profile_skip = [
'testcase_syslog_changehat_negative_error', # fails in write_header -> quote_if_needed because data is None
'testcase_changehat_01', # interactive, asks to add a hat
'testcase_dbus_09', # multiline log not currently supported
]
# tests that cause an empty log