diff --git a/utils/test/test-all.py b/utils/test/test-all.py index 761333046..0ca655bc6 100644 --- a/utils/test/test-all.py +++ b/utils/test/test-all.py @@ -64,19 +64,13 @@ class AllTestParseInvalid(AllTest): ('all -> ,', (AppArmorException, False)), ('owner all,', (AppArmorException, False)), ('all foo ,', (AppArmorException, False)), + ('priority=a all,', (AppArmorException, False)), + ('priority=1042 all,', (AppArmorException, True)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(AllRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - AllRule.create_instance('priority=a all,') - - def test_invalid_priority_2(self): - with self.assertRaises(AppArmorException): - AllRule.create_instance('priority=1042 all,') - # we won't ever support converting a log event to an 'all,' rule # class AllTestParseFromLog(AllTest): diff --git a/utils/test/test-dbus.py b/utils/test/test-dbus.py index aa0d88234..d31dff00e 100644 --- a/utils/test/test-dbus.py +++ b/utils/test/test-dbus.py @@ -121,16 +121,13 @@ class DbusTestParseInvalid(DbusTest): ('dbus peer=,', (AppArmorException, True)), ('dbus bus=session bind bus=system,', (AppArmorException, True)), ('dbus bus=1 bus=2 bus=3 bus=4 bus=5 bus=6 bus=7,', (AppArmorException, True)), + ('priority=a dbus,', (AppArmorException, False)), ('priority=1042 dbus,', (AppArmorException, True)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(DbusRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - DbusRule.create_instance('priority=a dbus,') - class DbusTestParseFromLog(DbusTest): def test_dbus_from_log(self): diff --git a/utils/test/test-file.py b/utils/test/test-file.py index b016c5ae5..20ac1728f 100644 --- a/utils/test/test-file.py +++ b/utils/test/test-file.py @@ -123,16 +123,13 @@ class FileTestParseInvalid(FileTest): ('/foo PxUx,', (AppArmorException, True)), # exec mode conflict ('/foo PUxPix,', (AppArmorException, True)), # exec mode conflict ('/foo Pi,', (AppArmorException, True)), # missing 'x' - ('priority=-1042 file,', (AppArmorException, True)), # priority must be a number + ('priority=-a file,', (AppArmorException, False)), # priority must be a number + ('priority=-1042 file,', (AppArmorException, True)), # priority out of range ) def _run_test(self, rawrule, expected): self.parseInvalidRule(FileRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - FileRule.create_instance('priority=a file,') - class FileTestNonMatch(AATest): tests = ( diff --git a/utils/test/test-io_uring.py b/utils/test/test-io_uring.py index 7af79172d..355d47d84 100644 --- a/utils/test/test-io_uring.py +++ b/utils/test/test-io_uring.py @@ -53,20 +53,14 @@ class IOUringTestParseInvalid(AATest): ('io_uring label=,', (AppArmorException, True)), ('io_uring invalidaccess label=foo,', (AppArmorException, True)), ('io_uring sqpoll label=,', (AppArmorException, True)), + ('foo', (AppArmorException, False)), + ('priority=a io_uring,', (AppArmorException, False)), ('priority=1042 io_uring,', (AppArmorException, True)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(IOUringRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - IOUringRule.create_instance('priority=a io_uring,') - - def test_parse_fail(self): - with self.assertRaises(AppArmorException): - IOUringRule.create_instance('foo,') - def test_diff_non_iouringrule(self): exp = namedtuple('exp', ('audit', 'deny', 'priority')) obj = IOUringRule(('sqpoll'), IOUringRule.ALL) diff --git a/utils/test/test-mount.py b/utils/test/test-mount.py index 626ad2b37..62bdbea3b 100644 --- a/utils/test/test-mount.py +++ b/utils/test/test-mount.py @@ -128,20 +128,16 @@ class MountTestParseInvalid(AATest): ('priority=-1042 umount,', (AppArmorException, True)), ('mount fstype=({unclosed_regex),', (AppArmorException, True)), # invalid AARE ('mount fstype=({closed}twice}),', (AppArmorException, True)), # invalid AARE + ('foo,', (AppArmorException, False)), + ('priority=a mount,', (AppArmorException, False)), + ('priority=a umount,', (AppArmorException, False)), + ('priority=a unmount,', (AppArmorException, False)), + ('priority=a remount,', (AppArmorException, False)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(MountRule, rawrule, expected) - def test_parse_fail(self): - with self.assertRaises(AppArmorException): - MountRule.create_instance('foo,') - - def test_invalid_priority(self): - for keyword in ['mount', 'umount', 'unmount', 'remount']: - with self.assertRaises(AppArmorException): - MountRule.create_instance('priority=a %s,' % keyword) - def test_invalid_priority_1(self): with self.assertRaises(TypeError): MountRule('mount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL, priority=MountRule.ALL) diff --git a/utils/test/test-mqueue.py b/utils/test/test-mqueue.py index 0923d7cfe..8c6483a7e 100644 --- a/utils/test/test-mqueue.py +++ b/utils/test/test-mqueue.py @@ -66,20 +66,14 @@ class MessageQueueTestParseInvalid(AATest): ('mqueue type=,', (AppArmorException, True)), ('mqueue type=sysv /foo,', (AppArmorException, True)), ('mqueue type=posix 1234,', (AppArmorException, True)), + ('priority=a mqueue,', (AppArmorException, False)), ('priority=-1042 mqueue,', (AppArmorException, True)), + ('foo,', (AppArmorException, False)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(MessageQueueRule, rawrule, expected) - def test_parse_fail(self): - with self.assertRaises(AppArmorException): - MessageQueueRule.create_instance('foo,') - - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - MessageQueueRule.create_instance('priority=a mqueue,') - def test_diff_non_mqueuerule(self): exp = namedtuple('exp', ('audit', 'deny', 'priority')) obj = MessageQueueRule(('open'), 'posix', 'bar', '/foo') diff --git a/utils/test/test-network.py b/utils/test/test-network.py index 42f881d24..8dc71eb29 100644 --- a/utils/test/test-network.py +++ b/utils/test/test-network.py @@ -130,16 +130,13 @@ class NetworkTestParseInvalid(NetworkTest): ('network inet peer=(ip=1:2:3:4:5:6:7:8:9:0:0:0),', (AppArmorException, True)), # too many segments ('network packet ip=1::,', (AppArmorException, True)), # Only inet[6] domains can be used in conjunction with a local expression ('network packet peer=(ip=1::),', (AppArmorException, True)), # Only inet[6] domains can be used in conjunction with a peer expression + ('priority=a network,', (AppArmorException, False)), ('priority=-1042 network,', (AppArmorException, True)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(NetworkRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - NetworkRule.create_instance('priority=a network,') - class NetworkTestParseFromLog(NetworkTest): def test_net_from_log(self): diff --git a/utils/test/test-pivot_root.py b/utils/test/test-pivot_root.py index bb217498a..013ccef79 100644 --- a/utils/test/test-pivot_root.py +++ b/utils/test/test-pivot_root.py @@ -92,21 +92,14 @@ class PivotRootTestParseInvalid(PivotRootTest): ('pivot_root foo bar,', (AppArmorException, True)), ('pivot_root oldroot= ,', (AppArmorException, True)), ('pivot_root -> ,', (AppArmorException, True)), + ('priority=a pivot_root,', (AppArmorException, False)), ('priority=-1042 pivot_root,', (AppArmorException, True)), + ('pivot_rootbeer,', (AppArmorException, False)) ) def _run_test(self, rawrule, expected): self.parseInvalidRule(PivotRootRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - PivotRootRule.create_instance('priority=a pivot_root,') - - def test_invalid_rule_name(self): - self.assertFalse(PivotRootRule.match('pivot_rootbeer,')) - with self.assertRaises(AppArmorException): - PivotRootRule.create_instance('pivot_rootbeer,') - class PivotRootTestParseFromLog(PivotRootTest): def test_pivot_root_from_log(self): diff --git a/utils/test/test-ptrace.py b/utils/test/test-ptrace.py index 4033f2a2f..69ba98d42 100644 --- a/utils/test/test-ptrace.py +++ b/utils/test/test-ptrace.py @@ -81,16 +81,13 @@ class PtraceTestParseInvalid(PtraceTest): ('ptrace read bar,', (AppArmorException, True)), ('ptrace read tracedby,', (AppArmorException, True)), ('ptrace peer=,', (AppArmorException, True)), + ('priority=a ptrace,', (AppArmorException, False)), ('priority=1042 ptrace,', (AppArmorException, True)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(PtraceRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - PtraceRule.create_instance('priority=a ptrace,') - class PtraceTestParseFromLog(PtraceTest): def test_ptrace_from_log(self): diff --git a/utils/test/test-signal.py b/utils/test/test-signal.py index 19c8de982..697f8a963 100644 --- a/utils/test/test-signal.py +++ b/utils/test/test-signal.py @@ -85,16 +85,13 @@ class SignalTestParseInvalid(SignalTest): ('signal set=int set=,', (AppArmorException, True)), ('signal set=invalid,', (AppArmorException, True)), ('signal peer=,', (AppArmorException, True)), + ('priority=a signal,', (AppArmorException, False)), ('priority=-1042 signal,', (AppArmorException, True)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(SignalRule, rawrule, expected) - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - SignalRule.create_instance('priority=a signal,') - class SignalTestParseFromLog(SignalTest): def test_signal_from_log(self): diff --git a/utils/test/test-unix.py b/utils/test/test-unix.py index 4698b8f10..abfbc66a5 100644 --- a/utils/test/test-unix.py +++ b/utils/test/test-unix.py @@ -70,20 +70,14 @@ class UnixTestParseInvalid(AATest): # exception matches regex ('unix invalid,', (AppArmorException, True)), ('unix (invalid),', (AppArmorException, True)), + ('foo,', (AppArmorException, False)), + ('priority=a unix,', (AppArmorException, False)), ('priority=1042 unix,', (AppArmorException, True)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(UnixRule, rawrule, expected) - def test_parse_fail(self): - with self.assertRaises(AppArmorException): - UnixRule.create_instance('foo,') - - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - UnixRule.create_instance('priority=a unix,') - def test_invalid_priority_1(self): with self.assertRaises(TypeError): UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '', priority=UnixRule.ALL) diff --git a/utils/test/test-userns.py b/utils/test/test-userns.py index 913d2dd4c..cab622ab2 100644 --- a/utils/test/test-userns.py +++ b/utils/test/test-userns.py @@ -48,20 +48,14 @@ class UserNamespaceTestParseInvalid(AATest): tests = ( # exception matches regex ('userns invalidaccess,', (AppArmorException, True)), + ('priority=a userns,', (AppArmorException, False)), ('priority=1042 userns,', (AppArmorException, True)), + ('foo,', (AppArmorException, False)), ) def _run_test(self, rawrule, expected): self.parseInvalidRule(UserNamespaceRule, rawrule, expected) - def test_parse_fail(self): - with self.assertRaises(AppArmorException): - UserNamespaceRule.create_instance('foo,') - - def test_invalid_priority(self): - with self.assertRaises(AppArmorException): - UserNamespaceRule.create_instance('priority=a userns,') - def test_diff_non_usernsrule(self): exp = namedtuple('exp', ('audit', 'deny', 'priority')) obj = UserNamespaceRule(('create'))