mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 05:17:59 +00:00
Code Issues Releases Wiki Activity

Merge Rename BaseRule parse() and _parse() methods

Browse Source 
As discussed in !920, this MR renames BaseRule's `parse()` and `_parse()` methods to `create_instance()` and `_create_instance()`, respectively. It then removes the `selection_to_rule_obj` function from `apparmor.aa`, which is now an unnecessary alias for the renamed public method.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/923
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
Christian Boltz 2022-09-11 09:18:18 +00:00
commit 7f6ffd33b2
30 changed files with 294 additions and 299 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
utils/apparmor/aa.py
View File

@ -1262,14 +1262,14 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
if inc:
deleted = delete_all_duplicates(the_profile, inc, r_types)
the_profile['inc_ie'].add(IncludeRule.parse(selection))
the_profile['inc_ie'].add(IncludeRule.create_instance(selection))
aaui.UI_Info(_('Adding %s to profile.') % selection)
if deleted:
aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
else:
rule_obj = selection_to_rule_obj(rule_obj, selection)
rule_obj = rule_obj.create_instance(selection)
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
@ -1284,7 +1284,7 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
done = True
changed = True
rule_obj = selection_to_rule_obj(rule_obj, selection)
rule_obj = rule_obj.create_instance(selection)
rule_obj.deny = True
rule_obj.raw_rule = None # reset raw rule after manually modifying rule_obj
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
@ -1294,19 +1294,19 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
elif ans == 'CMD_GLOB':
if not re_match_include(selection):
globbed_rule_obj = selection_to_rule_obj(rule_obj, selection)
globbed_rule_obj = rule_obj.create_instance(selection)
globbed_rule_obj.glob()
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
elif ans == 'CMD_GLOBEXT':
if not re_match_include(selection):
globbed_rule_obj = selection_to_rule_obj(rule_obj, selection)
globbed_rule_obj = rule_obj.create_instance(selection)
globbed_rule_obj.glob_ext()
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
elif ans == 'CMD_NEW':
if not re_match_include(selection):
edit_rule_obj = selection_to_rule_obj(rule_obj, selection)
edit_rule_obj = rule_obj.create_instance(selection)
prompt, oldpath = edit_rule_obj.edit_header()
newpath = aaui.UI_GetString(prompt, oldpath)
@ -1339,11 +1339,6 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
return changed, False
def selection_to_rule_obj(rule_obj, selection):
rule_type = type(rule_obj)
return rule_type.parse(selection)
def set_options_audit_mode(rule_obj, options):
"""change audit state in options (proposed rules) to audit state in rule_obj.
#include options will be kept unchanged
@ -1366,7 +1361,7 @@ def set_options_mode(rule_obj, options, what):
if re_match_include(rule):
new_options.append(rule)
else:
parsed_rule = selection_to_rule_obj(rule_obj, rule)
parsed_rule = rule_obj.create_instance(rule)
if what == 'audit':
parsed_rule.audit = rule_obj.audit
elif what == 'owner':
@ -2119,7 +2114,7 @@ def match_line_against_rule_classes(line, profile, file, lineno, in_preamble):
_('Syntax Error: Unexpected %(rule)s entry found in file: %(file)s line: %(line)s')
% {'file': file, 'line': lineno + 1, 'rule': rule_name})
rule_obj = rule_class.parse(line)
rule_obj = rule_class.create_instance(line)
return (rule_name, rule_obj)
return (None, None)

10
utils/apparmor/rule/__init__.py
View File

@ -30,7 +30,7 @@ class BaseRule:
# __init__
# _match(cls, raw_rule) (as a class method)
# - parses a raw rule and returns a regex match object
# _parse(cls, raw_rule) (as a class method)
# _create_instance(cls, raw_rule) (as a class method)
# - parses a raw rule and returns an object of the Rule subclass
# get_clean(depth)
# - return rule in clean format
@ -114,18 +114,18 @@ class BaseRule:
raise NotImplementedError("'%s' needs to implement _match(), but didn't" % (str(cls)))
@classmethod
def parse(cls, raw_rule):
def create_instance(cls, raw_rule):
"""parse raw_rule and return a rule object"""
rule = cls._parse(raw_rule)
rule = cls._create_instance(raw_rule)
rule.raw_rule = raw_rule.strip()
return rule
@classmethod
@abstractmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""returns a Rule object created from parsing the raw rule.
required to be implemented by subclasses; raise exception if not"""
raise NotImplementedError("'%s' needs to implement _parse(), but didn't" % (str(cls)))
raise NotImplementedError("'%s' needs to implement _create_instance(), but didn't" % (str(cls)))
@abstractmethod
def get_clean(self, depth=0):

2
utils/apparmor/rule/alias.py
View File

@ -59,7 +59,7 @@ class AliasRule(BaseRule):
return RE_PROFILE_ALIAS.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return AliasRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/boolean.py
View File

@ -60,7 +60,7 @@ class BooleanRule(BaseRule):
return RE_PROFILE_BOOLEAN.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return BooleanRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/capability.py
View File

@ -64,7 +64,7 @@ class CapabilityRule(BaseRule):
return RE_PROFILE_CAP.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return CapabilityRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/change_profile.py
View File

@ -81,7 +81,7 @@ class ChangeProfileRule(BaseRule):
return RE_PROFILE_CHANGE_PROFILE.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return ChangeProfileRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/dbus.py
View File

@ -112,7 +112,7 @@ class DbusRule(BaseRule):
return RE_PROFILE_DBUS.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return DbusRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/file.py
View File

@ -137,7 +137,7 @@ class FileRule(BaseRule):
return RE_PROFILE_FILE_ENTRY.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return FileRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/include.py
View File

@ -56,7 +56,7 @@ class IncludeRule(BaseRule):
return RE_INCLUDE.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return IncludeRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/network.py
View File

@ -92,7 +92,7 @@ class NetworkRule(BaseRule):
return RE_PROFILE_NETWORK.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return NetworkRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/ptrace.py
View File

@ -69,7 +69,7 @@ class PtraceRule(BaseRule):
return RE_PROFILE_PTRACE.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return PtraceRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/rlimit.py
View File

@ -108,7 +108,7 @@ class RlimitRule(BaseRule):
return RE_PROFILE_RLIMIT.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return RlimitRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/signal.py
View File

@ -103,7 +103,7 @@ class SignalRule(BaseRule):
return RE_PROFILE_SIGNAL.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return SignalRule"""
matches = cls._match(raw_rule)

2
utils/apparmor/rule/variable.py
View File

@ -66,7 +66,7 @@ class VariableRule(BaseRule):
return RE_PROFILE_VARIABLE.search(raw_rule)
@classmethod
def _parse(cls, raw_rule):
def _create_instance(cls, raw_rule):
"""parse raw_rule and return VariableRule"""
matches = cls._match(raw_rule)

62
utils/test/test-aa.py
View File

@ -411,11 +411,11 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
class AaTest_set_options_audit_mode(AATest):
tests = (
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('/foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '#include <abstractions/base>']), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']),
((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
((FileRule.create_instance('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.create_instance('/foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '#include <abstractions/base>']), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']),
)
def _run_test(self, params, expected):
@ -426,11 +426,11 @@ class AaTest_set_options_audit_mode(AATest):
class AaTest_set_options_owner_mode(AATest):
tests = (
((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('/foo/bar r,'), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.parse('audit owner /foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
((FileRule.create_instance('owner /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
((FileRule.create_instance('owner /foo/bar r,'), ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
((FileRule.create_instance('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.create_instance('/foo/bar r,'), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
((FileRule.create_instance('audit owner /foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
)
def _run_test(self, params, expected):
@ -567,9 +567,9 @@ class AaTest_get_file_perms_1(AATest):
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
# simple profile without any includes
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.parse('/dev/null rwk,'))
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
self.assertEqual(perms, expected)
@ -601,14 +601,14 @@ class AaTest_get_file_perms_2(AATest):
apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/aspell'))
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/bash>'))
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/enchant>'))
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
profile['file'].add(FileRule.parse('/dev/null rwk,'))
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
self.assertEqual(perms, expected)
@ -644,14 +644,14 @@ class AaTest_propose_file_rules(AATest):
apparmor.aa.user_globs['/no/thi*ng'] = AARE('/no/thi*ng', True)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/bash>'))
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/enchant>'))
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.parse('/dev/null rwk,'))
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
profile['file'].add(FileRule.parse('/foo/log a,')) # will be replaced with '/foo/log w,' (not 'wa')
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
profile['file'].add(FileRule.create_instance('/foo/log a,')) # will be replaced with '/foo/log w,' (not 'wa')
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
proposals = propose_file_rules(profile, rule_obj)
@ -688,10 +688,10 @@ class AaTest_propose_file_rules_with_absolute_includes(AATest):
apparmor.aa.load_include(abs_include3)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include1))
profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include2))
profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include3))
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
profile['inc_ie'].add(IncludeRule.create_instance('include "%s"' % abs_include1))
profile['inc_ie'].add(IncludeRule.create_instance('include "%s"' % abs_include2))
profile['inc_ie'].add(IncludeRule.create_instance('include "%s"' % abs_include3))
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
proposals = propose_file_rules(profile, rule_obj)

26
utils/test/test-abi.py
View File

@ -60,7 +60,7 @@ class AbiTestParse(AbiTest):
def _run_test(self, rawrule, expected):
self.assertTrue(AbiRule.match(rawrule))
obj = AbiRule.parse(rawrule)
obj = AbiRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -76,7 +76,7 @@ class AbiTestParseInvalid(AbiTest):
def _run_test(self, rawrule, expected):
self.assertTrue(AbiRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
AbiRule.parse(rawrule)
AbiRule.create_instance(rawrule)
# class AbiTestParseFromLog(AbiTest): # we'll never have log events for abi
@ -142,7 +142,7 @@ class InvalidAbiTest(AATest):
obj = None
self.assertEqual(AbiRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
obj = AbiRule.parse(rawrule)
obj = AbiRule.create_instance(rawrule)
self.assertIsNone(obj, 'AbiRule handed back an object unexpectedly')
@ -163,7 +163,7 @@ class InvalidAbiTest(AATest):
class WriteAbiTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(AbiRule.match(rawrule))
obj = AbiRule.parse(rawrule)
obj = AbiRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -196,8 +196,8 @@ class WriteAbiTestAATest(AATest):
class AbiCoveredTest(AATest):
def _run_test(self, param, expected):
obj = AbiRule.parse(self.rule)
check_obj = AbiRule.parse(param)
obj = AbiRule.create_instance(self.rule)
check_obj = AbiRule.create_instance(param)
self.assertTrue(AbiRule.match(param))
@ -234,7 +234,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# class AbiCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
# obj = AbiRule.parse('abi <foo>')
# obj = AbiRule.create_instance('abi <foo>')
#
# testobj = AbiRule('foo', True, True)
# testobj.path = ''
@ -243,7 +243,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_borked_obj_is_covered_2(self):
# obj = AbiRule.parse('abi send set=quit peer=/foo,')
# obj = AbiRule.create_instance('abi send set=quit peer=/foo,')
#
# testobj = AbiRule('send', 'quit', '/foo')
# testobj.abi = ''
@ -252,7 +252,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_borked_obj_is_covered_3(self):
# obj = AbiRule.parse('abi send set=quit peer=/foo,')
# obj = AbiRule.create_instance('abi send set=quit peer=/foo,')
#
# testobj = AbiRule('send', 'quit', '/foo')
# testobj.peer = ''
@ -261,7 +261,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_invalid_is_covered(self):
# obj = AbiRule.parse('abi send,')
# obj = AbiRule.create_instance('abi send,')
#
# testobj = BaseRule() # different type
#
@ -269,7 +269,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_invalid_is_equal(self):
# obj = AbiRule.parse('abi send,')
# obj = AbiRule.create_instance('abi send,')
#
# testobj = BaseRule() # different type
#
@ -284,7 +284,7 @@ class AbiLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = AbiRule.parse(params)
obj = AbiRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -326,7 +326,7 @@ class AbiRulesTest(AATest):
]
for rule in rules:
ruleset.add(AbiRule.parse(rule))
ruleset.add(AbiRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())

24
utils/test/test-alias.py
View File

@ -51,7 +51,7 @@ class AliasTestParse(AliasTest):
def _run_test(self, rawrule, expected):
self.assertTrue(AliasRule.match(rawrule))
obj = AliasRule.parse(rawrule)
obj = AliasRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -69,7 +69,7 @@ class AliasTestParseInvalid(AliasTest):
def _run_test(self, rawrule, expected):
self.assertEqual(AliasRule.match(rawrule), expected[0])
with self.assertRaises(expected[1]):
AliasRule.parse(rawrule)
AliasRule.create_instance(rawrule)
class AliasFromInit(AliasTest):
@ -121,7 +121,7 @@ class InvalidAliasTest(AATest):
obj = None
self.assertEqual(AliasRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
obj = AliasRule.parse(rawrule)
obj = AliasRule.create_instance(rawrule)
self.assertIsNone(obj, 'AliasRule handed back an object unexpectedly')
@ -146,7 +146,7 @@ class WriteAliasTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(AliasRule.match(rawrule))
obj = AliasRule.parse(rawrule)
obj = AliasRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -172,8 +172,8 @@ class WriteAliasTestAATest(AATest):
class AliasCoveredTest(AATest):
def _run_test(self, param, expected):
obj = AliasRule.parse(self.rule)
check_obj = AliasRule.parse(param)
obj = AliasRule.create_instance(self.rule)
check_obj = AliasRule.create_instance(param)
self.assertTrue(AliasRule.match(param))
@ -201,7 +201,7 @@ class AliasCoveredTest_01(AliasCoveredTest):
class AliasCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
# obj = AliasRule.parse('alias /foo -> /bar,')
# obj = AliasRule.create_instance('alias /foo -> /bar,')
#
# testobj = AliasRule('/foo', '/bar')
#
@ -209,7 +209,7 @@ class AliasCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
#
# def test_borked_obj_is_covered_2(self):
# obj = AliasRule.parse('alias /foo -> /bar,')
# obj = AliasRule.create_instance('alias /foo -> /bar,')
#
# testobj = AliasRule('/foo', '/bar')
# testobj.target = ''
@ -218,7 +218,7 @@ class AliasCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
obj = AliasRule.parse('alias /foo -> /bar,')
obj = AliasRule.create_instance('alias /foo -> /bar,')
testobj = BaseRule() # different type
@ -226,7 +226,7 @@ class AliasCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = AliasRule.parse('alias /foo -> /bar,')
obj = AliasRule.create_instance('alias /foo -> /bar,')
testobj = BaseRule() # different type
@ -240,7 +240,7 @@ class AliasLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = AliasRule.parse(params)
obj = AliasRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -289,7 +289,7 @@ class AliasRulesTest(AATest):
]
for rule in rules:
ruleset.add(AliasRule.parse(rule))
ruleset.add(AliasRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())

8
utils/test/test-baserule.py
View File

@ -19,13 +19,13 @@ from common_test import AATest, setup_all_loops
class TestBaserule(AATest):
def test_abstract__parse(self):
def test_abstract__create_instance(self):
with self.assertRaises(NotImplementedError):
BaseRule._parse('foo')
BaseRule._create_instance('foo')
def test_abstract__parse_2(self):
def test_abstract__create_instance_2(self):
with self.assertRaises(NotImplementedError):
BaseRule.parse('foo')
BaseRule.create_instance('foo')
def test_abstract__match(self):
with self.assertRaises(NotImplementedError):

26
utils/test/test-boolean.py
View File

@ -54,7 +54,7 @@ class BooleanTestParse(BooleanTest):
def _run_test(self, rawrule, expected):
self.assertTrue(BooleanRule.match(rawrule))
obj = BooleanRule.parse(rawrule)
obj = BooleanRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -74,7 +74,7 @@ class BooleanTestParseInvalid(BooleanTest):
def _run_test(self, rawrule, expected):
self.assertEqual(BooleanRule.match(rawrule), expected[0])
with self.assertRaises(expected[1]):
BooleanRule.parse(rawrule)
BooleanRule.create_instance(rawrule)
class BooleanFromInit(BooleanTest):
@ -129,7 +129,7 @@ class InvalidBooleanTest(AATest):
obj = None
self.assertEqual(BooleanRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
obj = BooleanRule.parse(rawrule)
obj = BooleanRule.create_instance(rawrule)
self.assertIsNone(obj, 'BooleanRule handed back an object unexpectedly')
@ -151,7 +151,7 @@ class WriteBooleanTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(BooleanRule.match(rawrule))
obj = BooleanRule.parse(rawrule)
obj = BooleanRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -177,8 +177,8 @@ class WriteBooleanTestAATest(AATest):
class BooleanCoveredTest(AATest):
def _run_test(self, param, expected):
obj = BooleanRule.parse(self.rule)
check_obj = BooleanRule.parse(param)
obj = BooleanRule.create_instance(self.rule)
check_obj = BooleanRule.create_instance(param)
self.assertTrue(BooleanRule.match(param))
@ -218,7 +218,7 @@ class BooleanCoveredTest_02(BooleanCoveredTest):
class BooleanCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_2(self):
obj = BooleanRule.parse('$foo = true')
obj = BooleanRule.create_instance('$foo = true')
testobj = BooleanRule('$foo', 'true')
testobj.value = ''
@ -227,7 +227,7 @@ class BooleanCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
obj = BooleanRule.parse('$foo = true')
obj = BooleanRule.create_instance('$foo = true')
testobj = BaseRule() # different type
@ -235,7 +235,7 @@ class BooleanCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = BooleanRule.parse('$foo = true')
obj = BooleanRule.create_instance('$foo = true')
testobj = BaseRule() # different type
@ -249,7 +249,7 @@ class BooleanLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = BooleanRule.parse(params)
obj = BooleanRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -290,7 +290,7 @@ class BooleanRulesTest(AATest):
]
for rule in rules:
ruleset.add(BooleanRule.parse(rule))
ruleset.add(BooleanRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -299,9 +299,9 @@ class BooleanRulesTest(AATest):
def test_ruleset_overwrite(self):
ruleset = BooleanRuleset()
ruleset.add(BooleanRule.parse('$foo = true'))
ruleset.add(BooleanRule.create_instance('$foo = true'))
with self.assertRaises(AppArmorException):
ruleset.add(BooleanRule.parse('$foo = false')) # attempt to redefine @{foo}
ruleset.add(BooleanRule.create_instance('$foo = false')) # attempt to redefine @{foo}
class BooleanGlobTestAATest(AATest):

104
utils/test/test-capability.py
View File

@ -31,7 +31,7 @@ _ = init_translation()
class CapabilityTest(AATest):
def _compare_obj_with_rawrule(self, rawrule, expected):
obj = CapabilityRule.parse(rawrule)
obj = CapabilityRule.create_instance(rawrule)
self.assertTrue(CapabilityRule.match(rawrule))
self.assertEqual(rawrule.strip(), obj.raw_rule)
@ -222,7 +222,7 @@ class InvalidCapabilityTest(AATest):
def _check_invalid_rawrule(self, rawrule):
obj = None
with self.assertRaises(AppArmorException):
obj = CapabilityRule.parse(rawrule)
obj = CapabilityRule.create_instance(rawrule)
self.assertFalse(CapabilityRule.match(rawrule))
self.assertIsNone(obj, 'CapbilityRule handed back an object unexpectedly')
@ -267,7 +267,7 @@ class InvalidCapabilityTest(AATest):
class WriteCapabilityTest(AATest):
def _check_write_rule(self, rawrule, cleanrule):
obj = CapabilityRule.parse(rawrule)
obj = CapabilityRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -296,18 +296,18 @@ class WriteCapabilityTest(AATest):
class CapabilityCoveredTest(AATest):
def _is_covered(self, obj, rule_to_test):
self.assertTrue(CapabilityRule.match(rule_to_test))
return obj.is_covered(CapabilityRule.parse(rule_to_test))
return obj.is_covered(CapabilityRule.create_instance(rule_to_test))
def _is_covered_exact(self, obj, rule_to_test):
self.assertTrue(CapabilityRule.match(rule_to_test))
return obj.is_covered(CapabilityRule.parse(rule_to_test), True, True)
return obj.is_covered(CapabilityRule.create_instance(rule_to_test), True, True)
def _is_equal(self, obj, rule_to_test, strict):
self.assertTrue(CapabilityRule.match(rule_to_test))
return obj.is_equal(CapabilityRule.parse(rule_to_test), strict)
return obj.is_equal(CapabilityRule.create_instance(rule_to_test), strict)
def test_covered_single(self):
obj = CapabilityRule.parse('capability sys_admin,')
obj = CapabilityRule.create_instance('capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
@ -317,7 +317,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_audit(self):
obj = CapabilityRule.parse('audit capability sys_admin,')
obj = CapabilityRule.create_instance('audit capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered(obj, 'audit capability sys_admin,'))
@ -327,7 +327,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_check_audit(self):
obj = CapabilityRule.parse('audit capability sys_admin,')
obj = CapabilityRule.create_instance('audit capability sys_admin,')
self.assertFalse(self._is_covered_exact(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered_exact(obj, 'audit capability sys_admin,'))
@ -337,7 +337,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered_exact(obj, 'capability,'))
def test_equal(self):
obj = CapabilityRule.parse('capability sys_admin,')
obj = CapabilityRule.create_instance('capability sys_admin,')
self.assertTrue(self._is_equal(obj, 'capability sys_admin,', True))
self.assertFalse(self._is_equal(obj, 'allow capability sys_admin,', True))
@ -349,7 +349,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_equal(obj, 'audit capability sys_admin,', False))
def test_covered_multi(self):
obj = CapabilityRule.parse('capability audit_write sys_admin,')
obj = CapabilityRule.create_instance('capability audit_write sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
@ -361,7 +361,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_all(self):
obj = CapabilityRule.parse('capability,')
obj = CapabilityRule.create_instance('capability,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
@ -372,7 +372,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'audit capability,'))
def test_covered_deny(self):
obj = CapabilityRule.parse('capability sys_admin,')
obj = CapabilityRule.create_instance('capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
@ -382,7 +382,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_deny_2(self):
obj = CapabilityRule.parse('deny capability sys_admin,')
obj = CapabilityRule.create_instance('deny capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'deny capability sys_admin,'))
@ -392,7 +392,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'deny capability,'))
def test_invalid_is_covered(self):
obj = CapabilityRule.parse('capability sys_admin,')
obj = CapabilityRule.create_instance('capability sys_admin,')
testobj = BaseRule() # different type
@ -400,7 +400,7 @@ class CapabilityCoveredTest(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered(self):
obj = CapabilityRule.parse('capability sys_admin,')
obj = CapabilityRule.create_instance('capability sys_admin,')
testobj = CapabilityRule('chown')
testobj.capability.clear()
@ -409,7 +409,7 @@ class CapabilityCoveredTest(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = CapabilityRule.parse('capability sys_admin,')
obj = CapabilityRule.create_instance('capability sys_admin,')
testobj = BaseRule() # different type
@ -457,7 +457,7 @@ class CapabilityLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = CapabilityRule.parse(params)
obj = CapabilityRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -492,7 +492,7 @@ class CapabilityRulesTest(AATest):
]
for rule in rules:
ruleset.add(CapabilityRule.parse(rule))
ruleset.add(CapabilityRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -521,7 +521,7 @@ class CapabilityRulesTest(AATest):
]
for rule in rules:
ruleset.add(CapabilityRule.parse(rule))
ruleset.add(CapabilityRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
@ -555,59 +555,59 @@ class CapabilityRulesCoveredTest(AATest):
]
for rule in rules:
self.ruleset.add(CapabilityRule.parse(rule))
self.ruleset.add(CapabilityRule.create_instance(rule))
def test_ruleset_is_covered_1(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chown,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability chown,')))
def test_ruleset_is_covered_2(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability sys_admin,')))
def test_ruleset_is_covered_3(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability sys_admin,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('allow capability sys_admin,')))
def test_ruleset_is_covered_4(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setuid,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability setuid,')))
def test_ruleset_is_covered_5(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability setgid,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('allow capability setgid,')))
def test_ruleset_is_covered_6(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setgid setuid,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability setgid setuid,')))
def test_ruleset_is_covered_7(self):
pass # self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin chown,'))) # fails because it is split over two rule objects internally
pass # self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability sys_admin chown,'))) # fails because it is split over two rule objects internally
def test_ruleset_is_covered_8(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability kill,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability kill,')))
def test_ruleset_is_covered_9(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chown,')))
def test_ruleset_is_covered_10(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability sys_admin,')))
def test_ruleset_is_covered_11(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin chown,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability sys_admin chown,')))
def test_ruleset_is_covered_12(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability setgid,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability setgid,')))
def test_ruleset_is_covered_13(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability kill,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability kill,')))
def test_ruleset_is_covered_14(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chown,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability chown,')))
def test_ruleset_is_covered_15(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability sys_admin,')))
def test_ruleset_is_covered_16(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin chown,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability sys_admin chown,')))
def test_ruleset_is_covered_17(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability setgid,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability setgid,')))
def test_ruleset_is_covered_18(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('audit capability kill,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability kill,')))
def test_ruleset_is_covered_19(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('deny capability chgrp,')))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chgrp,')))
def test_ruleset_is_covered_20(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit deny capability chgrp,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit deny capability chgrp,')))
def test_ruleset_is_covered_21(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chgrp,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability chgrp,')))
def test_ruleset_is_covered_22(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,')))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('capability chgrp,')))
def test_ruleset_is_covered_23(self):
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,'), check_allow_deny=False))
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability chgrp,'), check_allow_deny=False))
def test_ruleset_is_covered_24(self):
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,'), check_allow_deny=False))
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chown,'), check_allow_deny=False))
# XXX - disabling these until we decide whether or not checking whether
# a log is covered by rules should be a separate entry point, possibly
@ -660,7 +660,7 @@ class CapabilityDeleteTest(AATest):
]
for rule in rules:
self.ruleset.add(CapabilityRule.parse(rule))
self.ruleset.add(CapabilityRule.create_instance(rule))
def test_delete(self):
expected_raw = [
@ -745,7 +745,7 @@ class CapabilityDeleteTest(AATest):
]
for rule in rules:
inc.add(CapabilityRule.parse(rule))
inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
' allow capability sys_admin,',
@ -766,7 +766,7 @@ class CapabilityDeleteTest(AATest):
]
for rule in rules:
inc.add(CapabilityRule.parse(rule))
inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
' capability chown,',
@ -788,7 +788,7 @@ class CapabilityDeleteTest(AATest):
self.assertEqual(expected_clean, self.ruleset.get_clean(1))
def test_delete_duplicates_3(self):
self.ruleset.add(CapabilityRule.parse('audit capability dac_override,'))
self.ruleset.add(CapabilityRule.create_instance('audit capability dac_override,'))
inc = CapabilityRuleset()
rules = [
@ -796,7 +796,7 @@ class CapabilityDeleteTest(AATest):
]
for rule in rules:
inc.add(CapabilityRule.parse(rule))
inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
' capability chown,',
@ -824,7 +824,7 @@ class CapabilityDeleteTest(AATest):
rules = ['capability,']
for rule in rules:
inc.add(CapabilityRule.parse(rule))
inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
' deny capability chgrp, # example comment',
@ -884,7 +884,7 @@ class CapabilityDeleteTest(AATest):
obj = CapabilityRuleset()
for rule in rules:
obj.add(CapabilityRule.parse(rule))
obj.add(CapabilityRule.create_instance(rule))
deleted = obj.delete_duplicates(None)

26
utils/test/test-change_profile.py
View File

@ -78,7 +78,7 @@ class ChangeProfileTestParse(ChangeProfileTest):
def _run_test(self, rawrule, expected):
self.assertTrue(ChangeProfileRule.match(rawrule))
obj = ChangeProfileRule.parse(rawrule)
obj = ChangeProfileRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -94,7 +94,7 @@ class ChangeProfileTestParseInvalid(ChangeProfileTest):
def _run_test(self, rawrule, expected):
self.assertFalse(ChangeProfileRule.match(rawrule))
with self.assertRaises(expected):
ChangeProfileRule.parse(rawrule)
ChangeProfileRule.create_instance(rawrule)
class ChangeProfileTestParseFromLog(ChangeProfileTest):
@ -190,7 +190,7 @@ class InvalidChangeProfileTest(AATest):
obj = None
self.assertFalse(ChangeProfileRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = ChangeProfileRule.parse(rawrule)
obj = ChangeProfileRule.create_instance(rawrule)
self.assertIsNone(obj, 'ChangeProfileRule handed back an object unexpectedly')
@ -229,7 +229,7 @@ class WriteChangeProfileTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(ChangeProfileRule.match(rawrule))
obj = ChangeProfileRule.parse(rawrule)
obj = ChangeProfileRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -247,8 +247,8 @@ class WriteChangeProfileTestAATest(AATest):
class ChangeProfileCoveredTest(AATest):
def _run_test(self, param, expected):
obj = ChangeProfileRule.parse(self.rule)
check_obj = ChangeProfileRule.parse(param)
obj = ChangeProfileRule.create_instance(self.rule)
check_obj = ChangeProfileRule.create_instance(param)
self.assertTrue(ChangeProfileRule.match(param))
@ -359,7 +359,7 @@ class ChangeProfileCoveredTest_06(ChangeProfileCoveredTest):
class ChangeProfileCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
obj = ChangeProfileRule.parse('change_profile /foo,')
obj = ChangeProfileRule.create_instance('change_profile /foo,')
testobj = ChangeProfileRule(None, '/foo', '/bar')
testobj.execcond = ''
@ -368,7 +368,7 @@ class ChangeProfileCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
obj = ChangeProfileRule.parse('change_profile /foo,')
obj = ChangeProfileRule.create_instance('change_profile /foo,')
testobj = ChangeProfileRule(None, '/foo', '/bar')
testobj.targetprofile = ''
@ -377,7 +377,7 @@ class ChangeProfileCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = ChangeProfileRule.parse('change_profile /foo,')
obj = ChangeProfileRule.create_instance('change_profile /foo,')
testobj = BaseRule() # different type
@ -385,7 +385,7 @@ class ChangeProfileCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = ChangeProfileRule.parse('change_profile -> /bar,')
obj = ChangeProfileRule.create_instance('change_profile -> /bar,')
testobj = BaseRule() # different type
@ -406,7 +406,7 @@ class ChangeProfileLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = ChangeProfileRule.parse(params)
obj = ChangeProfileRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -441,7 +441,7 @@ class ChangeProfileRulesTest(AATest):
]
for rule in rules:
ruleset.add(ChangeProfileRule.parse(rule))
ruleset.add(ChangeProfileRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -470,7 +470,7 @@ class ChangeProfileRulesTest(AATest):
]
for rule in rules:
ruleset.add(ChangeProfileRule.parse(rule))
ruleset.add(ChangeProfileRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))

22
utils/test/test-dbus.py
View File

@ -103,7 +103,7 @@ class DbusTestParse(DbusTest):
def _run_test(self, rawrule, expected):
self.assertTrue(DbusRule.match(rawrule))
obj = DbusRule.parse(rawrule)
obj = DbusRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -126,7 +126,7 @@ class DbusTestParseInvalid(DbusTest):
def _run_test(self, rawrule, expected):
self.assertTrue(DbusRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
DbusRule.parse(rawrule)
DbusRule.create_instance(rawrule)
class DbusTestParseFromLog(DbusTest):
@ -309,7 +309,7 @@ class InvalidDbusTest(AATest):
obj = None
self.assertFalse(DbusRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = DbusRule.parse(rawrule)
obj = DbusRule.create_instance(rawrule)
self.assertIsNone(obj, 'DbusRule handed back an object unexpectedly')
@ -380,7 +380,7 @@ class InvalidDbusTest(AATest):
class WriteDbusTest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(DbusRule.match(rawrule), 'DbusRule.match() failed')
obj = DbusRule.parse(rawrule)
obj = DbusRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -436,8 +436,8 @@ class WriteDbusTest(AATest):
class DbusCoveredTest(AATest):
def _run_test(self, param, expected):
obj = DbusRule.parse(self.rule)
check_obj = DbusRule.parse(param)
obj = DbusRule.create_instance(self.rule)
check_obj = DbusRule.create_instance(param)
self.assertTrue(DbusRule.match(param))
@ -766,7 +766,7 @@ class DbusCoveredTest_Invalid(AATest):
self.obj.is_covered(self.testobj)
def test_invalid_is_covered(self):
obj = DbusRule.parse('dbus send,')
obj = DbusRule.create_instance('dbus send,')
testobj = BaseRule() # different type
@ -774,7 +774,7 @@ class DbusCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = DbusRule.parse('dbus send,')
obj = DbusRule.create_instance('dbus send,')
testobj = BaseRule() # different type
@ -798,7 +798,7 @@ class DbusLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = DbusRule.parse(params)
obj = DbusRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -833,7 +833,7 @@ class DbusRulesTest(AATest):
]
for rule in rules:
ruleset.add(DbusRule.parse(rule))
ruleset.add(DbusRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -862,7 +862,7 @@ class DbusRulesTest(AATest):
]
for rule in rules:
ruleset.add(DbusRule.parse(rule))
ruleset.add(DbusRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))

56
utils/test/test-file.py
View File

@ -105,7 +105,7 @@ class FileTestParse(FileTest):
def _run_test(self, rawrule, expected):
self.assertTrue(FileRule.match(rawrule))
obj = FileRule.parse(rawrule)
obj = FileRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -128,7 +128,7 @@ class FileTestParseInvalid(FileTest):
def _run_test(self, rawrule, expected):
self.assertTrue(FileRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
FileRule.parse(rawrule)
FileRule.create_instance(rawrule)
class FileTestNonMatch(AATest):
@ -305,7 +305,7 @@ class InvalidFileTest(AATest):
obj = None
self.assertFalse(FileRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = FileRule.parse(rawrule)
obj = FileRule.create_instance(rawrule)
self.assertIsNone(obj, 'FileRule handed back an object unexpectedly')
@ -358,7 +358,7 @@ class FileGlobTest(AATest):
exp_can_glob, exp_can_glob_ext, exp_rule_glob, exp_rule_glob_ext = expected
# test glob()
rule_obj = FileRule.parse(params)
rule_obj = FileRule.create_instance(params)
self.assertEqual(exp_can_glob, rule_obj.can_glob)
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
@ -366,7 +366,7 @@ class FileGlobTest(AATest):
self.assertEqual(rule_obj.get_clean(), exp_rule_glob)
# test glob_ext()
rule_obj = FileRule.parse(params)
rule_obj = FileRule.create_instance(params)
self.assertEqual(exp_can_glob, rule_obj.can_glob)
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
@ -389,7 +389,7 @@ class FileGlobTest(AATest):
class WriteFileTest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(FileRule.match(rawrule), 'FileRule.match() failed')
obj = FileRule.parse(rawrule)
obj = FileRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -459,8 +459,8 @@ class WriteFileTest(AATest):
class FileCoveredTest(AATest):
def _run_test(self, param, expected):
obj = FileRule.parse(self.rule)
check_obj = FileRule.parse(param)
obj = FileRule.create_instance(self.rule)
check_obj = FileRule.create_instance(param)
self.assertTrue(FileRule.match(param))
@ -790,7 +790,7 @@ class FileCoveredTest_ManualOrInvalid(AATest):
self.obj.is_covered(self.testobj)
def test_invalid_is_covered(self):
obj = FileRule.parse('file,')
obj = FileRule.create_instance('file,')
testobj = BaseRule() # different type
@ -798,7 +798,7 @@ class FileCoveredTest_ManualOrInvalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = FileRule.parse('file,')
obj = FileRule.create_instance('file,')
testobj = BaseRule() # different type
@ -824,7 +824,7 @@ class FileSeverityTest(AATest):
def _run_test(self, params, expected):
sev_db = severity.Severity('../severity.db', 'unknown')
obj = FileRule.parse(params)
obj = FileRule.create_instance(params)
rank = obj.severity(sev_db)
self.assertEqual(rank, expected)
@ -850,20 +850,20 @@ class FileLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = FileRule.parse(params[0])
obj = FileRule.create_instance(params[0])
if params[1] or params[2]:
obj.original_perms = {'allow': {'all': params[1], 'owner': params[2]}}
self.assertEqual(obj.logprof_header(), expected)
def test_empty_original_perms(self):
obj = FileRule.parse('/foo rw,')
obj = FileRule.create_instance('/foo rw,')
obj.original_perms = {'allow': {'all': set(), 'owner': set()}}
self.assertEqual(obj.logprof_header(), [_('Path'), '/foo', _('New Mode'), _('rw')])
class FileEditHeaderTest(AATest):
def _run_test(self, params, expected):
rule_obj = FileRule.parse(params)
rule_obj = FileRule.create_instance(params)
self.assertEqual(rule_obj.can_edit, True)
prompt, path_to_edit = rule_obj.edit_header()
self.assertEqual(path_to_edit, expected)
@ -875,7 +875,7 @@ class FileEditHeaderTest(AATest):
)
def test_edit_header_bare_file(self):
rule_obj = FileRule.parse('file,')
rule_obj = FileRule.create_instance('file,')
self.assertEqual(rule_obj.can_edit, False)
with self.assertRaises(AppArmorBug):
rule_obj.edit_header()
@ -900,7 +900,7 @@ class FileValidateAndStoreEditTest(AATest):
)
def test_validate_not_a_path(self):
rule_obj = FileRule.parse('/foo/bar/baz r,')
rule_obj = FileRule.create_instance('/foo/bar/baz r,')
with self.assertRaises(AppArmorException):
rule_obj.validate_edit('foo/bar/baz')
@ -909,7 +909,7 @@ class FileValidateAndStoreEditTest(AATest):
rule_obj.store_edit('foo/bar/baz')
def test_validate_edit_bare_file(self):
rule_obj = FileRule.parse('file,')
rule_obj = FileRule.create_instance('file,')
self.assertEqual(rule_obj.can_edit, False)
with self.assertRaises(AppArmorBug):
@ -954,7 +954,7 @@ class FileRulesTest(AATest):
deleted = 0
for rule in rules:
deleted += ruleset.add(FileRule.parse(rule))
deleted += ruleset.add(FileRule.create_instance(rule))
self.assertEqual(deleted, 0)
self.assertEqual(expected_raw, ruleset.get_raw())
@ -985,7 +985,7 @@ class FileRulesTest(AATest):
deleted = 0
for rule in rules:
deleted += ruleset.add(FileRule.parse(rule))
deleted += ruleset.add(FileRule.create_instance(rule))
self.assertEqual(deleted, 0)
self.assertEqual(expected_raw, ruleset.get_raw(1))
@ -1019,12 +1019,12 @@ class FileRulesTest(AATest):
deleted = 0
for rule in rules:
deleted += ruleset.add(FileRule.parse(rule))
deleted += ruleset.add(FileRule.create_instance(rule))
self.assertEqual(deleted, 0) # rules[] are added without cleanup mode, so the superfluous '/foo/baz rw,' should be kept
for rule in rules_with_cleanup:
deleted += ruleset.add(FileRule.parse(rule), cleanup=True)
deleted += ruleset.add(FileRule.create_instance(rule), cleanup=True)
self.assertEqual(deleted, 1) # rules_with_cleanup made '/foo/bar r,' superfluous
self.assertEqual(expected_raw, ruleset.get_raw(1))
@ -1062,7 +1062,7 @@ class FileGetRulesForPath(AATest):
ruleset = FileRuleset()
for rule in rules:
ruleset.add(FileRule.parse(rule))
ruleset.add(FileRule.create_instance(rule))
matching = ruleset.get_rules_for_path(*params)
self. assertEqual(matching.get_clean(), expected)
@ -1095,7 +1095,7 @@ class FileGetPermsForPath_1(AATest):
ruleset = FileRuleset()
for rule in rules:
ruleset.add(FileRule.parse(rule))
ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_perms_for_path(*params)
self. assertEqual(perms, expected)
@ -1132,7 +1132,7 @@ class FileGetPermsForPath_2(AATest):
ruleset = FileRuleset()
for rule in rules:
ruleset.add(FileRule.parse(rule))
ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_perms_for_path(*params)
self. assertEqual(perms, expected)
@ -1155,7 +1155,7 @@ class FileGetExecRulesForPath_1(AATest):
ruleset = FileRuleset()
for rule in rules:
ruleset.add(FileRule.parse(rule))
ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_exec_rules_for_path(params)
matches = perms.get_clean()
@ -1179,7 +1179,7 @@ class FileGetExecRulesForPath_2(AATest):
ruleset = FileRuleset()
for rule in rules:
ruleset.add(FileRule.parse(rule))
ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_exec_rules_for_path(params, only_exact_matches=False)
matches = perms.get_clean()
@ -1206,9 +1206,9 @@ class FileGetExecConflictRules_1(AATest):
ruleset = FileRuleset()
for rule in rules:
ruleset.add(FileRule.parse(rule))
ruleset.add(FileRule.create_instance(rule))
rule_obj = FileRule.parse(params)
rule_obj = FileRule.create_instance(params)
conflicts = ruleset.get_exec_conflict_rules(rule_obj)
self. assertEqual(conflicts.get_clean(), expected)

26
utils/test/test-include.py
View File

@ -89,7 +89,7 @@ class IncludeTestParse(IncludeTest):
def _run_test(self, rawrule, expected):
self.assertTrue(IncludeRule.match(rawrule))
obj = IncludeRule.parse(rawrule)
obj = IncludeRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -105,7 +105,7 @@ class IncludeTestParseInvalid(IncludeTest):
def _run_test(self, rawrule, expected):
self.assertTrue(IncludeRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
IncludeRule.parse(rawrule)
IncludeRule.create_instance(rawrule)
# class IncludeTestParseFromLog(IncludeTest): # we'll never have log events for includes
@ -167,7 +167,7 @@ class InvalidIncludeTest(AATest):
obj = None
self.assertEqual(IncludeRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
obj = IncludeRule.parse(rawrule)
obj = IncludeRule.create_instance(rawrule)
self.assertIsNone(obj, 'IncludeRule handed back an object unexpectedly')
@ -188,7 +188,7 @@ class InvalidIncludeTest(AATest):
class WriteIncludeTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(IncludeRule.match(rawrule))
obj = IncludeRule.parse(rawrule)
obj = IncludeRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -246,8 +246,8 @@ class WriteIncludeTestAATest(AATest):
class IncludeCoveredTest(AATest):
def _run_test(self, param, expected):
obj = IncludeRule.parse(self.rule)
check_obj = IncludeRule.parse(param)
obj = IncludeRule.create_instance(self.rule)
check_obj = IncludeRule.create_instance(param)
self.assertTrue(IncludeRule.match(param))
@ -289,7 +289,7 @@ class IncludeCoveredTest_02(IncludeCoveredTest):
class IncludeCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
# obj = IncludeRule.parse('include <foo>')
# obj = IncludeRule.create_instance('include <foo>')
#
# testobj = IncludeRule('foo', True, True)
# testobj.path = ''
@ -298,7 +298,7 @@ class IncludeCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = IncludeRule.parse('include <abstractions/base>')
obj = IncludeRule.create_instance('include <abstractions/base>')
testobj = BaseRule() # different type
@ -306,7 +306,7 @@ class IncludeCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = IncludeRule.parse('include <abstractions/base>')
obj = IncludeRule.create_instance('include <abstractions/base>')
testobj = BaseRule() # different type
@ -321,7 +321,7 @@ class IncludeLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = IncludeRule.parse(params)
obj = IncludeRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -361,7 +361,7 @@ class IncludeFullPathsTest(AATest):
for path in expected:
exp2.append(path.replace('@@', self.profile_dir))
obj = IncludeRule.parse(params)
obj = IncludeRule.create_instance(params)
self.assertEqual(obj.get_full_paths(self.profile_dir), exp2)
@ -418,7 +418,7 @@ class IncludeRulesTest(AATest):
]
for rule in rules:
ruleset.add(IncludeRule.parse(rule))
ruleset.add(IncludeRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -465,7 +465,7 @@ class IncludeRulesTest(AATest):
]
for rule in rules:
ruleset.add(IncludeRule.parse(rule))
ruleset.add(IncludeRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())

32
utils/test/test-network.py
View File

@ -85,7 +85,7 @@ class NetworkTestParse(NetworkTest):
def _run_test(self, rawrule, expected):
self.assertTrue(NetworkRule.match(rawrule))
obj = NetworkRule.parse(rawrule)
obj = NetworkRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -101,7 +101,7 @@ class NetworkTestParseInvalid(NetworkTest):
def _run_test(self, rawrule, expected):
self.assertTrue(NetworkRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
NetworkRule.parse(rawrule)
NetworkRule.create_instance(rawrule)
class NetworkTestParseFromLog(NetworkTest):
@ -192,7 +192,7 @@ class InvalidNetworkTest(AATest):
obj = None
self.assertFalse(NetworkRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = NetworkRule.parse(rawrule)
obj = NetworkRule.create_instance(rawrule)
self.assertIsNone(obj, 'NetworkRule handed back an object unexpectedly')
@ -220,7 +220,7 @@ class InvalidNetworkTest(AATest):
class WriteNetworkTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(NetworkRule.match(rawrule))
obj = NetworkRule.parse(rawrule)
obj = NetworkRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -247,8 +247,8 @@ class WriteNetworkTestAATest(AATest):
class NetworkCoveredTest(AATest):
def _run_test(self, param, expected):
obj = NetworkRule.parse(self.rule)
check_obj = NetworkRule.parse(param)
obj = NetworkRule.create_instance(self.rule)
check_obj = NetworkRule.create_instance(param)
self.assertTrue(NetworkRule.match(param))
@ -351,7 +351,7 @@ class NetworkCoveredTest_05(NetworkCoveredTest):
class NetworkCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
obj = NetworkRule.parse('network inet,')
obj = NetworkRule.create_instance('network inet,')
testobj = NetworkRule('inet', 'stream')
testobj.domain = ''
@ -360,7 +360,7 @@ class NetworkCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
obj = NetworkRule.parse('network inet,')
obj = NetworkRule.create_instance('network inet,')
testobj = NetworkRule('inet', 'stream')
testobj.type_or_protocol = ''
@ -369,7 +369,7 @@ class NetworkCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = NetworkRule.parse('network inet,')
obj = NetworkRule.create_instance('network inet,')
testobj = BaseRule() # different type
@ -377,7 +377,7 @@ class NetworkCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = NetworkRule.parse('network inet,')
obj = NetworkRule.create_instance('network inet,')
testobj = BaseRule() # different type
@ -397,14 +397,14 @@ class NetworkLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = NetworkRule.parse(params)
obj = NetworkRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
class NetworkRuleReprTest(AATest):
tests = (
(NetworkRule('inet', 'stream'), '<NetworkRule> network inet stream,'),
(NetworkRule.parse(' allow network inet stream, # foo'), '<NetworkRule> allow network inet stream, # foo'),
(NetworkRule('inet', 'stream'), '<NetworkRule> network inet stream,'),
(NetworkRule.create_instance(' allow network inet stream, # foo'), '<NetworkRule> allow network inet stream, # foo'),
)
def _run_test(self, params, expected):
@ -442,7 +442,7 @@ class NetworkRulesTest(AATest):
]
for rule in rules:
ruleset.add(NetworkRule.parse(rule))
ruleset.add(NetworkRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -471,7 +471,7 @@ class NetworkRulesTest(AATest):
]
for rule in rules:
ruleset.add(NetworkRule.parse(rule))
ruleset.add(NetworkRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
@ -503,7 +503,7 @@ class NetworkRulesetReprTest(AATest):
def test_network_ruleset_repr(self):
obj = NetworkRuleset()
obj.add(NetworkRule('inet', 'stream'))
obj.add(NetworkRule.parse(' allow network inet stream, # foo'))
obj.add(NetworkRule.create_instance(' allow network inet stream, # foo'))
expected = '<NetworkRuleset>\n network inet stream,\n allow network inet stream, # foo\n</NetworkRuleset>'
self.assertEqual(str(obj), expected)

16
utils/test/test-profile-list.py
View File

@ -176,9 +176,9 @@ class TestAdd_inc_ie(AATest):
self.assertEqual(list(self.pl.files.keys()), [])
def test_dedup_inc_ie_1(self):
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('include <tunables/global>'))
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('#include if exists <tunables/global> # comment'))
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse(' #include <tunables/global> '))
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance('include <tunables/global>'))
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance('#include if exists <tunables/global> # comment'))
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance(' #include <tunables/global> '))
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
self.assertEqual(deleted, 2)
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
@ -214,8 +214,8 @@ class TestAdd_abi(AATest):
self.assertEqual(list(self.pl.files.keys()), [])
def test_dedup_abi_1(self):
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse('abi <abi/4.19>,'))
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse(' abi <abi/4.19> , # comment'))
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.create_instance('abi <abi/4.19>,'))
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.create_instance(' abi <abi/4.19> , # comment'))
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
self.assertEqual(deleted, 1)
@ -296,9 +296,9 @@ class TestAdd_variable(AATest):
self.assertEqual(list(self.pl.files.keys()), [])
def test_dedup_variable_1(self):
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} = /foo'))
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar # comment'))
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar /baz'))
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} = /foo'))
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} += /bar # comment'))
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} += /bar /baz'))
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
self.assertEqual(deleted, 1)
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])

30
utils/test/test-ptrace.py
View File

@ -68,7 +68,7 @@ class PtraceTestParse(PtraceTest):
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule))
obj = PtraceRule.parse(rawrule)
obj = PtraceRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -86,7 +86,7 @@ class PtraceTestParseInvalid(PtraceTest):
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
PtraceRule.parse(rawrule)
PtraceRule.create_instance(rawrule)
class PtraceTestParseFromLog(PtraceTest):
@ -180,7 +180,7 @@ class InvalidPtraceTest(AATest):
obj = None
self.assertFalse(PtraceRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = PtraceRule.parse(rawrule)
obj = PtraceRule.create_instance(rawrule)
self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
@ -208,7 +208,7 @@ class InvalidPtraceTest(AATest):
class WritePtraceTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule))
obj = PtraceRule.parse(rawrule)
obj = PtraceRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -256,8 +256,8 @@ class WritePtraceTestAATest(AATest):
class PtraceCoveredTest(AATest):
def _run_test(self, param, expected):
obj = PtraceRule.parse(self.rule)
check_obj = PtraceRule.parse(param)
obj = PtraceRule.create_instance(self.rule)
check_obj = PtraceRule.create_instance(param)
self.assertTrue(PtraceRule.match(param))
@ -436,7 +436,7 @@ class PtraceCoveredTest_08(PtraceCoveredTest):
class PtraceCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
obj = PtraceRule.parse('ptrace read peer=/foo,')
obj = PtraceRule.create_instance('ptrace read peer=/foo,')
testobj = PtraceRule('read', '/foo')
testobj.access = ''
@ -445,7 +445,7 @@ class PtraceCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
obj = PtraceRule.parse('ptrace read peer=/foo,')
obj = PtraceRule.create_instance('ptrace read peer=/foo,')
testobj = PtraceRule('read', '/foo')
testobj.peer = ''
@ -454,7 +454,7 @@ class PtraceCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = PtraceRule.parse('ptrace read,')
obj = PtraceRule.create_instance('ptrace read,')
testobj = BaseRule() # different type
@ -462,7 +462,7 @@ class PtraceCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal_1(self):
obj = PtraceRule.parse('ptrace read,')
obj = PtraceRule.create_instance('ptrace read,')
testobj = BaseRule() # different type
@ -470,9 +470,9 @@ class PtraceCoveredTest_Invalid(AATest):
obj.is_equal(testobj)
def test_invalid_is_equal_2(self):
obj = PtraceRule.parse('ptrace read,')
obj = PtraceRule.create_instance('ptrace read,')
testobj = PtraceRule.parse('ptrace read,')
testobj = PtraceRule.create_instance('ptrace read,')
testobj.all_peers = False # make testobj invalid (should trigger exception in _is_equal_aare())
with self.assertRaises(AppArmorBug):
@ -491,7 +491,7 @@ class PtraceLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = PtraceRule.parse(params)
obj = PtraceRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -530,7 +530,7 @@ class PtraceRulesTest(AATest):
]
for rule in rules:
ruleset.add(PtraceRule.parse(rule))
ruleset.add(PtraceRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -564,7 +564,7 @@ class PtraceRulesTest(AATest):
]
for rule in rules:
ruleset.add(PtraceRule.parse(rule))
ruleset.add(PtraceRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))

24
utils/test/test-rlimit.py
View File

@ -71,7 +71,7 @@ class RlimitTestParse(RlimitTest):
def _run_test(self, rawrule, expected):
self.assertTrue(RlimitRule.match(rawrule))
obj = RlimitRule.parse(rawrule)
obj = RlimitRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -95,7 +95,7 @@ class RlimitTestParseInvalid(RlimitTest):
def _run_test(self, rawrule, expected):
# self.assertFalse(RlimitRule.match(rawrule)) # the main regex isn't very strict
with self.assertRaises(expected):
RlimitRule.parse(rawrule)
RlimitRule.create_instance(rawrule)
class RlimitTestParseFromLog(RlimitTest):
@ -181,7 +181,7 @@ class InvalidRlimitTest(AATest):
obj = None
self.assertFalse(RlimitRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = RlimitRule.parse(rawrule)
obj = RlimitRule.create_instance(rawrule)
self.assertIsNone(obj, 'RlimitRule handed back an object unexpectedly')
@ -220,7 +220,7 @@ class WriteRlimitTest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(RlimitRule.match(rawrule))
obj = RlimitRule.parse(rawrule)
obj = RlimitRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -238,8 +238,8 @@ class WriteRlimitTest(AATest):
class RlimitCoveredTest(AATest):
def _run_test(self, param, expected):
obj = RlimitRule.parse(self.rule)
check_obj = RlimitRule.parse(param)
obj = RlimitRule.create_instance(self.rule)
check_obj = RlimitRule.create_instance(param)
self.assertTrue(RlimitRule.match(param))
@ -336,7 +336,7 @@ class RlimitCoveredTest_05(RlimitCoveredTest):
class RlimitCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = RlimitRule('cpu', '1024')
testobj.rlimit = ''
@ -345,7 +345,7 @@ class RlimitCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = RlimitRule('cpu', '1024')
testobj.value = ''
@ -354,7 +354,7 @@ class RlimitCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = BaseRule() # different type
@ -362,7 +362,7 @@ class RlimitCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = BaseRule() # different type
@ -379,7 +379,7 @@ class RlimitLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = RlimitRule.parse(params)
obj = RlimitRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -414,7 +414,7 @@ class RlimitRulesTest(AATest):
]
for rule in rules:
ruleset.add(RlimitRule.parse(rule))
ruleset.add(RlimitRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())

28
utils/test/test-signal.py
View File

@ -69,7 +69,7 @@ class SignalTestParse(SignalTest):
def _run_test(self, rawrule, expected):
self.assertTrue(SignalRule.match(rawrule))
obj = SignalRule.parse(rawrule)
obj = SignalRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -90,7 +90,7 @@ class SignalTestParseInvalid(SignalTest):
def _run_test(self, rawrule, expected):
self.assertTrue(SignalRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
SignalRule.parse(rawrule)
SignalRule.create_instance(rawrule)
class SignalTestParseFromLog(SignalTest):
@ -192,7 +192,7 @@ class InvalidSignalTest(AATest):
obj = None
self.assertFalse(SignalRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = SignalRule.parse(rawrule)
obj = SignalRule.create_instance(rawrule)
self.assertIsNone(obj, 'SignalRule handed back an object unexpectedly')
@ -227,7 +227,7 @@ class InvalidSignalTest(AATest):
class WriteSignalTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(SignalRule.match(rawrule))
obj = SignalRule.parse(rawrule)
obj = SignalRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -272,8 +272,8 @@ class WriteSignalTestAATest(AATest):
class SignalCoveredTest(AATest):
def _run_test(self, param, expected):
obj = SignalRule.parse(self.rule)
check_obj = SignalRule.parse(param)
obj = SignalRule.create_instance(self.rule)
check_obj = SignalRule.create_instance(param)
self.assertTrue(SignalRule.match(param))
@ -498,7 +498,7 @@ class SignalCoveredTest_09(SignalCoveredTest):
class SignalCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
obj = SignalRule.parse('signal send peer=/foo,')
obj = SignalRule.create_instance('signal send peer=/foo,')
testobj = SignalRule('send', 'quit', '/foo')
testobj.access = ''
@ -507,7 +507,7 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
obj = SignalRule.parse('signal send set=quit peer=/foo,')
obj = SignalRule.create_instance('signal send set=quit peer=/foo,')
testobj = SignalRule('send', 'quit', '/foo')
testobj.signal = ''
@ -516,7 +516,7 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_3(self):
obj = SignalRule.parse('signal send set=quit peer=/foo,')
obj = SignalRule.create_instance('signal send set=quit peer=/foo,')
testobj = SignalRule('send', 'quit', '/foo')
testobj.peer = ''
@ -525,7 +525,7 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = SignalRule.parse('signal send,')
obj = SignalRule.create_instance('signal send,')
testobj = BaseRule() # different type
@ -533,7 +533,7 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = SignalRule.parse('signal send,')
obj = SignalRule.create_instance('signal send,')
testobj = BaseRule() # different type
@ -556,7 +556,7 @@ class SignalLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = SignalRule.parse(params)
obj = SignalRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@ -591,7 +591,7 @@ class SignalRulesTest(AATest):
]
for rule in rules:
ruleset.add(SignalRule.parse(rule))
ruleset.add(SignalRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -620,7 +620,7 @@ class SignalRulesTest(AATest):
]
for rule in rules:
ruleset.add(SignalRule.parse(rule))
ruleset.add(SignalRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))

28
utils/test/test-variable.py
View File

@ -87,7 +87,7 @@ class VariableTestParse(VariableTest):
def _run_test(self, rawrule, expected):
self.assertTrue(VariableRule.match(rawrule))
obj = VariableRule.parse(rawrule)
obj = VariableRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@ -108,7 +108,7 @@ class VariableTestParseInvalid(VariableTest):
def _run_test(self, rawrule, expected):
self.assertEqual(VariableRule.match(rawrule), expected[0])
with self.assertRaises(expected[1]):
VariableRule.parse(rawrule)
VariableRule.create_instance(rawrule)
class VariableFromInit(VariableTest):
@ -173,7 +173,7 @@ class InvalidVariableTest(AATest):
obj = None
self.assertEqual(VariableRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
obj = VariableRule.parse(rawrule)
obj = VariableRule.create_instance(rawrule)
self.assertIsNone(obj, 'VariableRule handed back an object unexpectedly')
@ -200,7 +200,7 @@ class WriteVariableTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(VariableRule.match(rawrule))
obj = VariableRule.parse(rawrule)
obj = VariableRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@ -226,8 +226,8 @@ class WriteVariableTestAATest(AATest):
class VariableCoveredTest(AATest):
def _run_test(self, param, expected):
obj = VariableRule.parse(self.rule)
check_obj = VariableRule.parse(param)
obj = VariableRule.create_instance(self.rule)
check_obj = VariableRule.create_instance(param)
self.assertTrue(VariableRule.match(param))
@ -280,7 +280,7 @@ class VariableCoveredTest_02(VariableCoveredTest):
class VariableCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
# obj = VariableRule.parse('@{foo} = /bar')
# obj = VariableRule.create_instance('@{foo} = /bar')
#
# testobj = VariableRule('@{foo}', '=', '/bar')
# testobj.mode = ''
@ -289,7 +289,7 @@ class VariableCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
obj = VariableRule.parse('@{foo} = /bar')
obj = VariableRule.create_instance('@{foo} = /bar')
testobj = VariableRule('@{foo}', '=', {'/bar'})
testobj.values = ''
@ -298,7 +298,7 @@ class VariableCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
obj = VariableRule.parse('@{foo} = /bar')
obj = VariableRule.create_instance('@{foo} = /bar')
testobj = BaseRule() # different type
@ -306,7 +306,7 @@ class VariableCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = VariableRule.parse('@{foo} = /bar')
obj = VariableRule.create_instance('@{foo} = /bar')
testobj = BaseRule() # different type
@ -320,7 +320,7 @@ class VariableLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
obj = VariableRule.parse(params)
obj = VariableRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
# --- tests for VariableRuleset --- #
@ -380,7 +380,7 @@ class VariableRulesTest(AATest):
}
for rule in rules:
ruleset.add(VariableRule.parse(rule))
ruleset.add(VariableRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@ -390,9 +390,9 @@ class VariableRulesTest(AATest):
def test_ruleset_overwrite(self):
ruleset = VariableRuleset()
ruleset.add(VariableRule.parse('@{foo} = /bar'))
ruleset.add(VariableRule.create_instance('@{foo} = /bar'))
with self.assertRaises(AppArmorException):
ruleset.add(VariableRule.parse('@{foo} = /asdf')) # attempt to redefine @{foo}
ruleset.add(VariableRule.create_instance('@{foo} = /asdf')) # attempt to redefine @{foo}
self.assertEqual({'=': {'@{foo}': {'/bar'}}, '+=': {}}, ruleset.get_merged_variables())