mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 10:07:12 +00:00
*TestParseInvalid: move tests not matching regex into tests array
This commit is contained in:
Christian Boltz
parent
2a37040415
commit
66cb0af47c
@ -64,19 +64,13 @@ class AllTestParseInvalid(AllTest):
|
||||
('all -> ,', (AppArmorException, False)),
|
||||
('owner all,', (AppArmorException, False)),
|
||||
('all foo ,', (AppArmorException, False)),
|
||||
('priority=a all,', (AppArmorException, False)),
|
||||
('priority=1042 all,', (AppArmorException, True)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(AllRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
AllRule.create_instance('priority=a all,')
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
AllRule.create_instance('priority=1042 all,')
|
||||
|
||||
|
||||
# we won't ever support converting a log event to an 'all,' rule
|
||||
# class AllTestParseFromLog(AllTest):
|
||||
|
||||
@ -121,16 +121,13 @@ class DbusTestParseInvalid(DbusTest):
|
||||
('dbus peer=,', (AppArmorException, True)),
|
||||
('dbus bus=session bind bus=system,', (AppArmorException, True)),
|
||||
('dbus bus=1 bus=2 bus=3 bus=4 bus=5 bus=6 bus=7,', (AppArmorException, True)),
|
||||
('priority=a dbus,', (AppArmorException, False)),
|
||||
('priority=1042 dbus,', (AppArmorException, True)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(DbusRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
DbusRule.create_instance('priority=a dbus,')
|
||||
|
||||
|
||||
class DbusTestParseFromLog(DbusTest):
|
||||
def test_dbus_from_log(self):
|
||||
|
||||
@ -123,16 +123,13 @@ class FileTestParseInvalid(FileTest):
|
||||
('/foo PxUx,', (AppArmorException, True)), # exec mode conflict
|
||||
('/foo PUxPix,', (AppArmorException, True)), # exec mode conflict
|
||||
('/foo Pi,', (AppArmorException, True)), # missing 'x'
|
||||
('priority=-1042 file,', (AppArmorException, True)), # priority must be a number
|
||||
('priority=-a file,', (AppArmorException, False)), # priority must be a number
|
||||
('priority=-1042 file,', (AppArmorException, True)), # priority out of range
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(FileRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
FileRule.create_instance('priority=a file,')
|
||||
|
||||
|
||||
class FileTestNonMatch(AATest):
|
||||
tests = (
|
||||
|
||||
@ -53,20 +53,14 @@ class IOUringTestParseInvalid(AATest):
|
||||
('io_uring label=,', (AppArmorException, True)),
|
||||
('io_uring invalidaccess label=foo,', (AppArmorException, True)),
|
||||
('io_uring sqpoll label=,', (AppArmorException, True)),
|
||||
('foo', (AppArmorException, False)),
|
||||
('priority=a io_uring,', (AppArmorException, False)),
|
||||
('priority=1042 io_uring,', (AppArmorException, True)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(IOUringRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
IOUringRule.create_instance('priority=a io_uring,')
|
||||
|
||||
def test_parse_fail(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
IOUringRule.create_instance('foo,')
|
||||
|
||||
def test_diff_non_iouringrule(self):
|
||||
exp = namedtuple('exp', ('audit', 'deny', 'priority'))
|
||||
obj = IOUringRule(('sqpoll'), IOUringRule.ALL)
|
||||
|
||||
@ -128,20 +128,16 @@ class MountTestParseInvalid(AATest):
|
||||
('priority=-1042 umount,', (AppArmorException, True)),
|
||||
('mount fstype=({unclosed_regex),', (AppArmorException, True)), # invalid AARE
|
||||
('mount fstype=({closed}twice}),', (AppArmorException, True)), # invalid AARE
|
||||
('foo,', (AppArmorException, False)),
|
||||
('priority=a mount,', (AppArmorException, False)),
|
||||
('priority=a umount,', (AppArmorException, False)),
|
||||
('priority=a unmount,', (AppArmorException, False)),
|
||||
('priority=a remount,', (AppArmorException, False)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(MountRule, rawrule, expected)
|
||||
|
||||
def test_parse_fail(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MountRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
for keyword in ['mount', 'umount', 'unmount', 'remount']:
|
||||
with self.assertRaises(AppArmorException):
|
||||
MountRule.create_instance('priority=a %s,' % keyword)
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
MountRule('mount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL, priority=MountRule.ALL)
|
||||
|
||||
@ -66,20 +66,14 @@ class MessageQueueTestParseInvalid(AATest):
|
||||
('mqueue type=,', (AppArmorException, True)),
|
||||
('mqueue type=sysv /foo,', (AppArmorException, True)),
|
||||
('mqueue type=posix 1234,', (AppArmorException, True)),
|
||||
('priority=a mqueue,', (AppArmorException, False)),
|
||||
('priority=-1042 mqueue,', (AppArmorException, True)),
|
||||
('foo,', (AppArmorException, False)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(MessageQueueRule, rawrule, expected)
|
||||
|
||||
def test_parse_fail(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MessageQueueRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MessageQueueRule.create_instance('priority=a mqueue,')
|
||||
|
||||
def test_diff_non_mqueuerule(self):
|
||||
exp = namedtuple('exp', ('audit', 'deny', 'priority'))
|
||||
obj = MessageQueueRule(('open'), 'posix', 'bar', '/foo')
|
||||
|
||||
@ -130,16 +130,13 @@ class NetworkTestParseInvalid(NetworkTest):
|
||||
('network inet peer=(ip=1:2:3:4:5:6:7:8:9:0:0:0),', (AppArmorException, True)), # too many segments
|
||||
('network packet ip=1::,', (AppArmorException, True)), # Only inet[6] domains can be used in conjunction with a local expression
|
||||
('network packet peer=(ip=1::),', (AppArmorException, True)), # Only inet[6] domains can be used in conjunction with a peer expression
|
||||
('priority=a network,', (AppArmorException, False)),
|
||||
('priority=-1042 network,', (AppArmorException, True)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(NetworkRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
NetworkRule.create_instance('priority=a network,')
|
||||
|
||||
|
||||
class NetworkTestParseFromLog(NetworkTest):
|
||||
def test_net_from_log(self):
|
||||
|
||||
@ -92,21 +92,14 @@ class PivotRootTestParseInvalid(PivotRootTest):
|
||||
('pivot_root foo bar,', (AppArmorException, True)),
|
||||
('pivot_root oldroot= ,', (AppArmorException, True)),
|
||||
('pivot_root -> ,', (AppArmorException, True)),
|
||||
('priority=a pivot_root,', (AppArmorException, False)),
|
||||
('priority=-1042 pivot_root,', (AppArmorException, True)),
|
||||
('pivot_rootbeer,', (AppArmorException, False))
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(PivotRootRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
PivotRootRule.create_instance('priority=a pivot_root,')
|
||||
|
||||
def test_invalid_rule_name(self):
|
||||
self.assertFalse(PivotRootRule.match('pivot_rootbeer,'))
|
||||
with self.assertRaises(AppArmorException):
|
||||
PivotRootRule.create_instance('pivot_rootbeer,')
|
||||
|
||||
|
||||
class PivotRootTestParseFromLog(PivotRootTest):
|
||||
def test_pivot_root_from_log(self):
|
||||
|
||||
@ -81,16 +81,13 @@ class PtraceTestParseInvalid(PtraceTest):
|
||||
('ptrace read bar,', (AppArmorException, True)),
|
||||
('ptrace read tracedby,', (AppArmorException, True)),
|
||||
('ptrace peer=,', (AppArmorException, True)),
|
||||
('priority=a ptrace,', (AppArmorException, False)),
|
||||
('priority=1042 ptrace,', (AppArmorException, True)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(PtraceRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
PtraceRule.create_instance('priority=a ptrace,')
|
||||
|
||||
|
||||
class PtraceTestParseFromLog(PtraceTest):
|
||||
def test_ptrace_from_log(self):
|
||||
|
||||
@ -85,16 +85,13 @@ class SignalTestParseInvalid(SignalTest):
|
||||
('signal set=int set=,', (AppArmorException, True)),
|
||||
('signal set=invalid,', (AppArmorException, True)),
|
||||
('signal peer=,', (AppArmorException, True)),
|
||||
('priority=a signal,', (AppArmorException, False)),
|
||||
('priority=-1042 signal,', (AppArmorException, True)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(SignalRule, rawrule, expected)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
SignalRule.create_instance('priority=a signal,')
|
||||
|
||||
|
||||
class SignalTestParseFromLog(SignalTest):
|
||||
def test_signal_from_log(self):
|
||||
|
||||
@ -70,20 +70,14 @@ class UnixTestParseInvalid(AATest):
|
||||
# exception matches regex
|
||||
('unix invalid,', (AppArmorException, True)),
|
||||
('unix (invalid),', (AppArmorException, True)),
|
||||
('foo,', (AppArmorException, False)),
|
||||
('priority=a unix,', (AppArmorException, False)),
|
||||
('priority=1042 unix,', (AppArmorException, True)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(UnixRule, rawrule, expected)
|
||||
|
||||
def test_parse_fail(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UnixRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UnixRule.create_instance('priority=a unix,')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '', priority=UnixRule.ALL)
|
||||
|
||||
@ -48,20 +48,14 @@ class UserNamespaceTestParseInvalid(AATest):
|
||||
tests = (
|
||||
# exception matches regex
|
||||
('userns invalidaccess,', (AppArmorException, True)),
|
||||
('priority=a userns,', (AppArmorException, False)),
|
||||
('priority=1042 userns,', (AppArmorException, True)),
|
||||
('foo,', (AppArmorException, False)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
self.parseInvalidRule(UserNamespaceRule, rawrule, expected)
|
||||
|
||||
def test_parse_fail(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UserNamespaceRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UserNamespaceRule.create_instance('priority=a userns,')
|
||||
|
||||
def test_diff_non_usernsrule(self):
|
||||
exp = namedtuple('exp', ('audit', 'deny', 'priority'))
|
||||
obj = UserNamespaceRule(('create'))
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user