mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-01 14:55:10 +00:00
Merge Rename BaseRule parse() and _parse() methods
As discussed in !920, this MR renames BaseRule's `parse()` and `_parse()` methods to `create_instance()` and `_create_instance()`, respectively. It then removes the `selection_to_rule_obj` function from `apparmor.aa`, which is now an unnecessary alias for the renamed public method. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/923 Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
Christian Boltz
@@ -1262,14 +1262,14 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
|
|||||||
if inc:
|
if inc:
|
||||||
deleted = delete_all_duplicates(the_profile, inc, r_types)
|
deleted = delete_all_duplicates(the_profile, inc, r_types)
|
||||||
|
|
||||||
the_profile['inc_ie'].add(IncludeRule.parse(selection))
|
the_profile['inc_ie'].add(IncludeRule.create_instance(selection))
|
||||||
|
|
||||||
aaui.UI_Info(_('Adding %s to profile.') % selection)
|
aaui.UI_Info(_('Adding %s to profile.') % selection)
|
||||||
if deleted:
|
if deleted:
|
||||||
aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
|
aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
rule_obj = selection_to_rule_obj(rule_obj, selection)
|
rule_obj = rule_obj.create_instance(selection)
|
||||||
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
|
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
|
||||||
|
|
||||||
aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
|
aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
|
||||||
@@ -1284,7 +1284,7 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
|
|||||||
done = True
|
done = True
|
||||||
changed = True
|
changed = True
|
||||||
|
|
||||||
rule_obj = selection_to_rule_obj(rule_obj, selection)
|
rule_obj = rule_obj.create_instance(selection)
|
||||||
rule_obj.deny = True
|
rule_obj.deny = True
|
||||||
rule_obj.raw_rule = None # reset raw rule after manually modifying rule_obj
|
rule_obj.raw_rule = None # reset raw rule after manually modifying rule_obj
|
||||||
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
|
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
|
||||||
@@ -1294,19 +1294,19 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
|
|||||||
|
|
||||||
elif ans == 'CMD_GLOB':
|
elif ans == 'CMD_GLOB':
|
||||||
if not re_match_include(selection):
|
if not re_match_include(selection):
|
||||||
globbed_rule_obj = selection_to_rule_obj(rule_obj, selection)
|
globbed_rule_obj = rule_obj.create_instance(selection)
|
||||||
globbed_rule_obj.glob()
|
globbed_rule_obj.glob()
|
||||||
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
|
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
|
||||||
|
|
||||||
elif ans == 'CMD_GLOBEXT':
|
elif ans == 'CMD_GLOBEXT':
|
||||||
if not re_match_include(selection):
|
if not re_match_include(selection):
|
||||||
globbed_rule_obj = selection_to_rule_obj(rule_obj, selection)
|
globbed_rule_obj = rule_obj.create_instance(selection)
|
||||||
globbed_rule_obj.glob_ext()
|
globbed_rule_obj.glob_ext()
|
||||||
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
|
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
|
||||||
|
|
||||||
elif ans == 'CMD_NEW':
|
elif ans == 'CMD_NEW':
|
||||||
if not re_match_include(selection):
|
if not re_match_include(selection):
|
||||||
edit_rule_obj = selection_to_rule_obj(rule_obj, selection)
|
edit_rule_obj = rule_obj.create_instance(selection)
|
||||||
prompt, oldpath = edit_rule_obj.edit_header()
|
prompt, oldpath = edit_rule_obj.edit_header()
|
||||||
|
|
||||||
newpath = aaui.UI_GetString(prompt, oldpath)
|
newpath = aaui.UI_GetString(prompt, oldpath)
|
||||||
@@ -1339,11 +1339,6 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
|
|||||||
return changed, False
|
return changed, False
|
||||||
|
|
||||||
|
|
||||||
def selection_to_rule_obj(rule_obj, selection):
|
|
||||||
rule_type = type(rule_obj)
|
|
||||||
return rule_type.parse(selection)
|
|
||||||
|
|
||||||
|
|
||||||
def set_options_audit_mode(rule_obj, options):
|
def set_options_audit_mode(rule_obj, options):
|
||||||
"""change audit state in options (proposed rules) to audit state in rule_obj.
|
"""change audit state in options (proposed rules) to audit state in rule_obj.
|
||||||
#include options will be kept unchanged
|
#include options will be kept unchanged
|
||||||
@@ -1366,7 +1361,7 @@ def set_options_mode(rule_obj, options, what):
|
|||||||
if re_match_include(rule):
|
if re_match_include(rule):
|
||||||
new_options.append(rule)
|
new_options.append(rule)
|
||||||
else:
|
else:
|
||||||
parsed_rule = selection_to_rule_obj(rule_obj, rule)
|
parsed_rule = rule_obj.create_instance(rule)
|
||||||
if what == 'audit':
|
if what == 'audit':
|
||||||
parsed_rule.audit = rule_obj.audit
|
parsed_rule.audit = rule_obj.audit
|
||||||
elif what == 'owner':
|
elif what == 'owner':
|
||||||
@@ -2119,7 +2114,7 @@ def match_line_against_rule_classes(line, profile, file, lineno, in_preamble):
|
|||||||
_('Syntax Error: Unexpected %(rule)s entry found in file: %(file)s line: %(line)s')
|
_('Syntax Error: Unexpected %(rule)s entry found in file: %(file)s line: %(line)s')
|
||||||
% {'file': file, 'line': lineno + 1, 'rule': rule_name})
|
% {'file': file, 'line': lineno + 1, 'rule': rule_name})
|
||||||
|
|
||||||
rule_obj = rule_class.parse(line)
|
rule_obj = rule_class.create_instance(line)
|
||||||
return (rule_name, rule_obj)
|
return (rule_name, rule_obj)
|
||||||
|
|
||||||
return (None, None)
|
return (None, None)
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ class BaseRule:
|
|||||||
# __init__
|
# __init__
|
||||||
# _match(cls, raw_rule) (as a class method)
|
# _match(cls, raw_rule) (as a class method)
|
||||||
# - parses a raw rule and returns a regex match object
|
# - parses a raw rule and returns a regex match object
|
||||||
# _parse(cls, raw_rule) (as a class method)
|
# _create_instance(cls, raw_rule) (as a class method)
|
||||||
# - parses a raw rule and returns an object of the Rule subclass
|
# - parses a raw rule and returns an object of the Rule subclass
|
||||||
# get_clean(depth)
|
# get_clean(depth)
|
||||||
# - return rule in clean format
|
# - return rule in clean format
|
||||||
@@ -114,18 +114,18 @@ class BaseRule:
|
|||||||
raise NotImplementedError("'%s' needs to implement _match(), but didn't" % (str(cls)))
|
raise NotImplementedError("'%s' needs to implement _match(), but didn't" % (str(cls)))
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def parse(cls, raw_rule):
|
def create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return a rule object"""
|
"""parse raw_rule and return a rule object"""
|
||||||
rule = cls._parse(raw_rule)
|
rule = cls._create_instance(raw_rule)
|
||||||
rule.raw_rule = raw_rule.strip()
|
rule.raw_rule = raw_rule.strip()
|
||||||
return rule
|
return rule
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
@abstractmethod
|
@abstractmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""returns a Rule object created from parsing the raw rule.
|
"""returns a Rule object created from parsing the raw rule.
|
||||||
required to be implemented by subclasses; raise exception if not"""
|
required to be implemented by subclasses; raise exception if not"""
|
||||||
raise NotImplementedError("'%s' needs to implement _parse(), but didn't" % (str(cls)))
|
raise NotImplementedError("'%s' needs to implement _create_instance(), but didn't" % (str(cls)))
|
||||||
|
|
||||||
@abstractmethod
|
@abstractmethod
|
||||||
def get_clean(self, depth=0):
|
def get_clean(self, depth=0):
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ class AliasRule(BaseRule):
|
|||||||
return RE_PROFILE_ALIAS.search(raw_rule)
|
return RE_PROFILE_ALIAS.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return AliasRule"""
|
"""parse raw_rule and return AliasRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ class BooleanRule(BaseRule):
|
|||||||
return RE_PROFILE_BOOLEAN.search(raw_rule)
|
return RE_PROFILE_BOOLEAN.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return BooleanRule"""
|
"""parse raw_rule and return BooleanRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ class CapabilityRule(BaseRule):
|
|||||||
return RE_PROFILE_CAP.search(raw_rule)
|
return RE_PROFILE_CAP.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return CapabilityRule"""
|
"""parse raw_rule and return CapabilityRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -81,7 +81,7 @@ class ChangeProfileRule(BaseRule):
|
|||||||
return RE_PROFILE_CHANGE_PROFILE.search(raw_rule)
|
return RE_PROFILE_CHANGE_PROFILE.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return ChangeProfileRule"""
|
"""parse raw_rule and return ChangeProfileRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -112,7 +112,7 @@ class DbusRule(BaseRule):
|
|||||||
return RE_PROFILE_DBUS.search(raw_rule)
|
return RE_PROFILE_DBUS.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return DbusRule"""
|
"""parse raw_rule and return DbusRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -137,7 +137,7 @@ class FileRule(BaseRule):
|
|||||||
return RE_PROFILE_FILE_ENTRY.search(raw_rule)
|
return RE_PROFILE_FILE_ENTRY.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return FileRule"""
|
"""parse raw_rule and return FileRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ class IncludeRule(BaseRule):
|
|||||||
return RE_INCLUDE.search(raw_rule)
|
return RE_INCLUDE.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return IncludeRule"""
|
"""parse raw_rule and return IncludeRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ class NetworkRule(BaseRule):
|
|||||||
return RE_PROFILE_NETWORK.search(raw_rule)
|
return RE_PROFILE_NETWORK.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return NetworkRule"""
|
"""parse raw_rule and return NetworkRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ class PtraceRule(BaseRule):
|
|||||||
return RE_PROFILE_PTRACE.search(raw_rule)
|
return RE_PROFILE_PTRACE.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return PtraceRule"""
|
"""parse raw_rule and return PtraceRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -108,7 +108,7 @@ class RlimitRule(BaseRule):
|
|||||||
return RE_PROFILE_RLIMIT.search(raw_rule)
|
return RE_PROFILE_RLIMIT.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return RlimitRule"""
|
"""parse raw_rule and return RlimitRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -103,7 +103,7 @@ class SignalRule(BaseRule):
|
|||||||
return RE_PROFILE_SIGNAL.search(raw_rule)
|
return RE_PROFILE_SIGNAL.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return SignalRule"""
|
"""parse raw_rule and return SignalRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -66,7 +66,7 @@ class VariableRule(BaseRule):
|
|||||||
return RE_PROFILE_VARIABLE.search(raw_rule)
|
return RE_PROFILE_VARIABLE.search(raw_rule)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _parse(cls, raw_rule):
|
def _create_instance(cls, raw_rule):
|
||||||
"""parse raw_rule and return VariableRule"""
|
"""parse raw_rule and return VariableRule"""
|
||||||
|
|
||||||
matches = cls._match(raw_rule)
|
matches = cls._match(raw_rule)
|
||||||
|
|||||||
@@ -411,11 +411,11 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
|
|||||||
|
|
||||||
class AaTest_set_options_audit_mode(AATest):
|
class AaTest_set_options_audit_mode(AATest):
|
||||||
tests = (
|
tests = (
|
||||||
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
|
((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
|
||||||
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
|
((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
|
||||||
((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
((FileRule.create_instance('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
||||||
((FileRule.parse('/foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
((FileRule.create_instance('/foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
||||||
((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '#include <abstractions/base>']), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']),
|
((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '#include <abstractions/base>']), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']),
|
||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
@@ -426,11 +426,11 @@ class AaTest_set_options_audit_mode(AATest):
|
|||||||
|
|
||||||
class AaTest_set_options_owner_mode(AATest):
|
class AaTest_set_options_owner_mode(AATest):
|
||||||
tests = (
|
tests = (
|
||||||
((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
|
((FileRule.create_instance('owner /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
|
||||||
((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
|
((FileRule.create_instance('owner /foo/bar r,'), ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
|
||||||
((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
((FileRule.create_instance('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
||||||
((FileRule.parse('/foo/bar r,'), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
((FileRule.create_instance('/foo/bar r,'), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
|
||||||
((FileRule.parse('audit owner /foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
|
((FileRule.create_instance('audit owner /foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
|
||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
@@ -567,9 +567,9 @@ class AaTest_get_file_perms_1(AATest):
|
|||||||
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
||||||
|
|
||||||
# simple profile without any includes
|
# simple profile without any includes
|
||||||
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
|
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
|
||||||
profile['file'].add(FileRule.parse('/dev/null rwk,'))
|
profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
|
||||||
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
|
profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
|
||||||
|
|
||||||
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
|
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
|
||||||
self.assertEqual(perms, expected)
|
self.assertEqual(perms, expected)
|
||||||
@@ -601,14 +601,14 @@ class AaTest_get_file_perms_2(AATest):
|
|||||||
apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/aspell'))
|
apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/aspell'))
|
||||||
|
|
||||||
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
|
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
|
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/bash>'))
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
|
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/enchant>'))
|
||||||
|
|
||||||
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
|
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
|
||||||
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
|
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
|
||||||
profile['file'].add(FileRule.parse('/dev/null rwk,'))
|
profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
|
||||||
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
|
profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
|
||||||
|
|
||||||
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
|
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
|
||||||
self.assertEqual(perms, expected)
|
self.assertEqual(perms, expected)
|
||||||
@@ -644,14 +644,14 @@ class AaTest_propose_file_rules(AATest):
|
|||||||
apparmor.aa.user_globs['/no/thi*ng'] = AARE('/no/thi*ng', True)
|
apparmor.aa.user_globs['/no/thi*ng'] = AARE('/no/thi*ng', True)
|
||||||
|
|
||||||
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
|
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
|
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/bash>'))
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
|
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/enchant>'))
|
||||||
|
|
||||||
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
|
profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
|
||||||
profile['file'].add(FileRule.parse('/dev/null rwk,'))
|
profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
|
||||||
profile['file'].add(FileRule.parse('/foo/bar rwix,'))
|
profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
|
||||||
profile['file'].add(FileRule.parse('/foo/log a,')) # will be replaced with '/foo/log w,' (not 'wa')
|
profile['file'].add(FileRule.create_instance('/foo/log a,')) # will be replaced with '/foo/log w,' (not 'wa')
|
||||||
|
|
||||||
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
|
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
|
||||||
proposals = propose_file_rules(profile, rule_obj)
|
proposals = propose_file_rules(profile, rule_obj)
|
||||||
@@ -688,10 +688,10 @@ class AaTest_propose_file_rules_with_absolute_includes(AATest):
|
|||||||
apparmor.aa.load_include(abs_include3)
|
apparmor.aa.load_include(abs_include3)
|
||||||
|
|
||||||
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
|
profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include1))
|
profile['inc_ie'].add(IncludeRule.create_instance('include "%s"' % abs_include1))
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include2))
|
profile['inc_ie'].add(IncludeRule.create_instance('include "%s"' % abs_include2))
|
||||||
profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include3))
|
profile['inc_ie'].add(IncludeRule.create_instance('include "%s"' % abs_include3))
|
||||||
|
|
||||||
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
|
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
|
||||||
proposals = propose_file_rules(profile, rule_obj)
|
proposals = propose_file_rules(profile, rule_obj)
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ class AbiTestParse(AbiTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(AbiRule.match(rawrule))
|
self.assertTrue(AbiRule.match(rawrule))
|
||||||
obj = AbiRule.parse(rawrule)
|
obj = AbiRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -76,7 +76,7 @@ class AbiTestParseInvalid(AbiTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(AbiRule.match(rawrule)) # the above invalid rules still match the main regex!
|
self.assertTrue(AbiRule.match(rawrule)) # the above invalid rules still match the main regex!
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
AbiRule.parse(rawrule)
|
AbiRule.create_instance(rawrule)
|
||||||
|
|
||||||
# class AbiTestParseFromLog(AbiTest): # we'll never have log events for abi
|
# class AbiTestParseFromLog(AbiTest): # we'll never have log events for abi
|
||||||
|
|
||||||
@@ -142,7 +142,7 @@ class InvalidAbiTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertEqual(AbiRule.match(rawrule), matches_regex)
|
self.assertEqual(AbiRule.match(rawrule), matches_regex)
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = AbiRule.parse(rawrule)
|
obj = AbiRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'AbiRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'AbiRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -163,7 +163,7 @@ class InvalidAbiTest(AATest):
|
|||||||
class WriteAbiTestAATest(AATest):
|
class WriteAbiTestAATest(AATest):
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(AbiRule.match(rawrule))
|
self.assertTrue(AbiRule.match(rawrule))
|
||||||
obj = AbiRule.parse(rawrule)
|
obj = AbiRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -196,8 +196,8 @@ class WriteAbiTestAATest(AATest):
|
|||||||
|
|
||||||
class AbiCoveredTest(AATest):
|
class AbiCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = AbiRule.parse(self.rule)
|
obj = AbiRule.create_instance(self.rule)
|
||||||
check_obj = AbiRule.parse(param)
|
check_obj = AbiRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(AbiRule.match(param))
|
self.assertTrue(AbiRule.match(param))
|
||||||
|
|
||||||
@@ -234,7 +234,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
|
|||||||
|
|
||||||
# class AbiCoveredTest_Invalid(AATest):
|
# class AbiCoveredTest_Invalid(AATest):
|
||||||
# def test_borked_obj_is_covered_1(self):
|
# def test_borked_obj_is_covered_1(self):
|
||||||
# obj = AbiRule.parse('abi <foo>')
|
# obj = AbiRule.create_instance('abi <foo>')
|
||||||
#
|
#
|
||||||
# testobj = AbiRule('foo', True, True)
|
# testobj = AbiRule('foo', True, True)
|
||||||
# testobj.path = ''
|
# testobj.path = ''
|
||||||
@@ -243,7 +243,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
#
|
#
|
||||||
# def test_borked_obj_is_covered_2(self):
|
# def test_borked_obj_is_covered_2(self):
|
||||||
# obj = AbiRule.parse('abi send set=quit peer=/foo,')
|
# obj = AbiRule.create_instance('abi send set=quit peer=/foo,')
|
||||||
#
|
#
|
||||||
# testobj = AbiRule('send', 'quit', '/foo')
|
# testobj = AbiRule('send', 'quit', '/foo')
|
||||||
# testobj.abi = ''
|
# testobj.abi = ''
|
||||||
@@ -252,7 +252,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
#
|
#
|
||||||
# def test_borked_obj_is_covered_3(self):
|
# def test_borked_obj_is_covered_3(self):
|
||||||
# obj = AbiRule.parse('abi send set=quit peer=/foo,')
|
# obj = AbiRule.create_instance('abi send set=quit peer=/foo,')
|
||||||
#
|
#
|
||||||
# testobj = AbiRule('send', 'quit', '/foo')
|
# testobj = AbiRule('send', 'quit', '/foo')
|
||||||
# testobj.peer = ''
|
# testobj.peer = ''
|
||||||
@@ -261,7 +261,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
#
|
#
|
||||||
# def test_invalid_is_covered(self):
|
# def test_invalid_is_covered(self):
|
||||||
# obj = AbiRule.parse('abi send,')
|
# obj = AbiRule.create_instance('abi send,')
|
||||||
#
|
#
|
||||||
# testobj = BaseRule() # different type
|
# testobj = BaseRule() # different type
|
||||||
#
|
#
|
||||||
@@ -269,7 +269,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
#
|
#
|
||||||
# def test_invalid_is_equal(self):
|
# def test_invalid_is_equal(self):
|
||||||
# obj = AbiRule.parse('abi send,')
|
# obj = AbiRule.create_instance('abi send,')
|
||||||
#
|
#
|
||||||
# testobj = BaseRule() # different type
|
# testobj = BaseRule() # different type
|
||||||
#
|
#
|
||||||
@@ -284,7 +284,7 @@ class AbiLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = AbiRule.parse(params)
|
obj = AbiRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -326,7 +326,7 @@ class AbiRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(AbiRule.parse(rule))
|
ruleset.add(AbiRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ class AliasTestParse(AliasTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(AliasRule.match(rawrule))
|
self.assertTrue(AliasRule.match(rawrule))
|
||||||
obj = AliasRule.parse(rawrule)
|
obj = AliasRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -69,7 +69,7 @@ class AliasTestParseInvalid(AliasTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertEqual(AliasRule.match(rawrule), expected[0])
|
self.assertEqual(AliasRule.match(rawrule), expected[0])
|
||||||
with self.assertRaises(expected[1]):
|
with self.assertRaises(expected[1]):
|
||||||
AliasRule.parse(rawrule)
|
AliasRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class AliasFromInit(AliasTest):
|
class AliasFromInit(AliasTest):
|
||||||
@@ -121,7 +121,7 @@ class InvalidAliasTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertEqual(AliasRule.match(rawrule), matches_regex)
|
self.assertEqual(AliasRule.match(rawrule), matches_regex)
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = AliasRule.parse(rawrule)
|
obj = AliasRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'AliasRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'AliasRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -146,7 +146,7 @@ class WriteAliasTestAATest(AATest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(AliasRule.match(rawrule))
|
self.assertTrue(AliasRule.match(rawrule))
|
||||||
obj = AliasRule.parse(rawrule)
|
obj = AliasRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -172,8 +172,8 @@ class WriteAliasTestAATest(AATest):
|
|||||||
|
|
||||||
class AliasCoveredTest(AATest):
|
class AliasCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = AliasRule.parse(self.rule)
|
obj = AliasRule.create_instance(self.rule)
|
||||||
check_obj = AliasRule.parse(param)
|
check_obj = AliasRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(AliasRule.match(param))
|
self.assertTrue(AliasRule.match(param))
|
||||||
|
|
||||||
@@ -201,7 +201,7 @@ class AliasCoveredTest_01(AliasCoveredTest):
|
|||||||
|
|
||||||
class AliasCoveredTest_Invalid(AATest):
|
class AliasCoveredTest_Invalid(AATest):
|
||||||
# def test_borked_obj_is_covered_1(self):
|
# def test_borked_obj_is_covered_1(self):
|
||||||
# obj = AliasRule.parse('alias /foo -> /bar,')
|
# obj = AliasRule.create_instance('alias /foo -> /bar,')
|
||||||
#
|
#
|
||||||
# testobj = AliasRule('/foo', '/bar')
|
# testobj = AliasRule('/foo', '/bar')
|
||||||
#
|
#
|
||||||
@@ -209,7 +209,7 @@ class AliasCoveredTest_Invalid(AATest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
#
|
#
|
||||||
# def test_borked_obj_is_covered_2(self):
|
# def test_borked_obj_is_covered_2(self):
|
||||||
# obj = AliasRule.parse('alias /foo -> /bar,')
|
# obj = AliasRule.create_instance('alias /foo -> /bar,')
|
||||||
#
|
#
|
||||||
# testobj = AliasRule('/foo', '/bar')
|
# testobj = AliasRule('/foo', '/bar')
|
||||||
# testobj.target = ''
|
# testobj.target = ''
|
||||||
@@ -218,7 +218,7 @@ class AliasCoveredTest_Invalid(AATest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered_3(self):
|
def test_invalid_is_covered_3(self):
|
||||||
obj = AliasRule.parse('alias /foo -> /bar,')
|
obj = AliasRule.create_instance('alias /foo -> /bar,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -226,7 +226,7 @@ class AliasCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = AliasRule.parse('alias /foo -> /bar,')
|
obj = AliasRule.create_instance('alias /foo -> /bar,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -240,7 +240,7 @@ class AliasLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = AliasRule.parse(params)
|
obj = AliasRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -289,7 +289,7 @@ class AliasRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(AliasRule.parse(rule))
|
ruleset.add(AliasRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
|
|||||||
@@ -19,13 +19,13 @@ from common_test import AATest, setup_all_loops
|
|||||||
|
|
||||||
|
|
||||||
class TestBaserule(AATest):
|
class TestBaserule(AATest):
|
||||||
def test_abstract__parse(self):
|
def test_abstract__create_instance(self):
|
||||||
with self.assertRaises(NotImplementedError):
|
with self.assertRaises(NotImplementedError):
|
||||||
BaseRule._parse('foo')
|
BaseRule._create_instance('foo')
|
||||||
|
|
||||||
def test_abstract__parse_2(self):
|
def test_abstract__create_instance_2(self):
|
||||||
with self.assertRaises(NotImplementedError):
|
with self.assertRaises(NotImplementedError):
|
||||||
BaseRule.parse('foo')
|
BaseRule.create_instance('foo')
|
||||||
|
|
||||||
def test_abstract__match(self):
|
def test_abstract__match(self):
|
||||||
with self.assertRaises(NotImplementedError):
|
with self.assertRaises(NotImplementedError):
|
||||||
|
|||||||
@@ -54,7 +54,7 @@ class BooleanTestParse(BooleanTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(BooleanRule.match(rawrule))
|
self.assertTrue(BooleanRule.match(rawrule))
|
||||||
obj = BooleanRule.parse(rawrule)
|
obj = BooleanRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -74,7 +74,7 @@ class BooleanTestParseInvalid(BooleanTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertEqual(BooleanRule.match(rawrule), expected[0])
|
self.assertEqual(BooleanRule.match(rawrule), expected[0])
|
||||||
with self.assertRaises(expected[1]):
|
with self.assertRaises(expected[1]):
|
||||||
BooleanRule.parse(rawrule)
|
BooleanRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class BooleanFromInit(BooleanTest):
|
class BooleanFromInit(BooleanTest):
|
||||||
@@ -129,7 +129,7 @@ class InvalidBooleanTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertEqual(BooleanRule.match(rawrule), matches_regex)
|
self.assertEqual(BooleanRule.match(rawrule), matches_regex)
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = BooleanRule.parse(rawrule)
|
obj = BooleanRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'BooleanRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'BooleanRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -151,7 +151,7 @@ class WriteBooleanTestAATest(AATest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(BooleanRule.match(rawrule))
|
self.assertTrue(BooleanRule.match(rawrule))
|
||||||
obj = BooleanRule.parse(rawrule)
|
obj = BooleanRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -177,8 +177,8 @@ class WriteBooleanTestAATest(AATest):
|
|||||||
|
|
||||||
class BooleanCoveredTest(AATest):
|
class BooleanCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = BooleanRule.parse(self.rule)
|
obj = BooleanRule.create_instance(self.rule)
|
||||||
check_obj = BooleanRule.parse(param)
|
check_obj = BooleanRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(BooleanRule.match(param))
|
self.assertTrue(BooleanRule.match(param))
|
||||||
|
|
||||||
@@ -218,7 +218,7 @@ class BooleanCoveredTest_02(BooleanCoveredTest):
|
|||||||
|
|
||||||
class BooleanCoveredTest_Invalid(AATest):
|
class BooleanCoveredTest_Invalid(AATest):
|
||||||
def test_borked_obj_is_covered_2(self):
|
def test_borked_obj_is_covered_2(self):
|
||||||
obj = BooleanRule.parse('$foo = true')
|
obj = BooleanRule.create_instance('$foo = true')
|
||||||
|
|
||||||
testobj = BooleanRule('$foo', 'true')
|
testobj = BooleanRule('$foo', 'true')
|
||||||
testobj.value = ''
|
testobj.value = ''
|
||||||
@@ -227,7 +227,7 @@ class BooleanCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered_3(self):
|
def test_invalid_is_covered_3(self):
|
||||||
obj = BooleanRule.parse('$foo = true')
|
obj = BooleanRule.create_instance('$foo = true')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -235,7 +235,7 @@ class BooleanCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = BooleanRule.parse('$foo = true')
|
obj = BooleanRule.create_instance('$foo = true')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -249,7 +249,7 @@ class BooleanLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = BooleanRule.parse(params)
|
obj = BooleanRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -290,7 +290,7 @@ class BooleanRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(BooleanRule.parse(rule))
|
ruleset.add(BooleanRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -299,9 +299,9 @@ class BooleanRulesTest(AATest):
|
|||||||
def test_ruleset_overwrite(self):
|
def test_ruleset_overwrite(self):
|
||||||
ruleset = BooleanRuleset()
|
ruleset = BooleanRuleset()
|
||||||
|
|
||||||
ruleset.add(BooleanRule.parse('$foo = true'))
|
ruleset.add(BooleanRule.create_instance('$foo = true'))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
ruleset.add(BooleanRule.parse('$foo = false')) # attempt to redefine @{foo}
|
ruleset.add(BooleanRule.create_instance('$foo = false')) # attempt to redefine @{foo}
|
||||||
|
|
||||||
|
|
||||||
class BooleanGlobTestAATest(AATest):
|
class BooleanGlobTestAATest(AATest):
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ _ = init_translation()
|
|||||||
class CapabilityTest(AATest):
|
class CapabilityTest(AATest):
|
||||||
def _compare_obj_with_rawrule(self, rawrule, expected):
|
def _compare_obj_with_rawrule(self, rawrule, expected):
|
||||||
|
|
||||||
obj = CapabilityRule.parse(rawrule)
|
obj = CapabilityRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertTrue(CapabilityRule.match(rawrule))
|
self.assertTrue(CapabilityRule.match(rawrule))
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
@@ -222,7 +222,7 @@ class InvalidCapabilityTest(AATest):
|
|||||||
def _check_invalid_rawrule(self, rawrule):
|
def _check_invalid_rawrule(self, rawrule):
|
||||||
obj = None
|
obj = None
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = CapabilityRule.parse(rawrule)
|
obj = CapabilityRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertFalse(CapabilityRule.match(rawrule))
|
self.assertFalse(CapabilityRule.match(rawrule))
|
||||||
self.assertIsNone(obj, 'CapbilityRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'CapbilityRule handed back an object unexpectedly')
|
||||||
@@ -267,7 +267,7 @@ class InvalidCapabilityTest(AATest):
|
|||||||
|
|
||||||
class WriteCapabilityTest(AATest):
|
class WriteCapabilityTest(AATest):
|
||||||
def _check_write_rule(self, rawrule, cleanrule):
|
def _check_write_rule(self, rawrule, cleanrule):
|
||||||
obj = CapabilityRule.parse(rawrule)
|
obj = CapabilityRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -296,18 +296,18 @@ class WriteCapabilityTest(AATest):
|
|||||||
class CapabilityCoveredTest(AATest):
|
class CapabilityCoveredTest(AATest):
|
||||||
def _is_covered(self, obj, rule_to_test):
|
def _is_covered(self, obj, rule_to_test):
|
||||||
self.assertTrue(CapabilityRule.match(rule_to_test))
|
self.assertTrue(CapabilityRule.match(rule_to_test))
|
||||||
return obj.is_covered(CapabilityRule.parse(rule_to_test))
|
return obj.is_covered(CapabilityRule.create_instance(rule_to_test))
|
||||||
|
|
||||||
def _is_covered_exact(self, obj, rule_to_test):
|
def _is_covered_exact(self, obj, rule_to_test):
|
||||||
self.assertTrue(CapabilityRule.match(rule_to_test))
|
self.assertTrue(CapabilityRule.match(rule_to_test))
|
||||||
return obj.is_covered(CapabilityRule.parse(rule_to_test), True, True)
|
return obj.is_covered(CapabilityRule.create_instance(rule_to_test), True, True)
|
||||||
|
|
||||||
def _is_equal(self, obj, rule_to_test, strict):
|
def _is_equal(self, obj, rule_to_test, strict):
|
||||||
self.assertTrue(CapabilityRule.match(rule_to_test))
|
self.assertTrue(CapabilityRule.match(rule_to_test))
|
||||||
return obj.is_equal(CapabilityRule.parse(rule_to_test), strict)
|
return obj.is_equal(CapabilityRule.create_instance(rule_to_test), strict)
|
||||||
|
|
||||||
def test_covered_single(self):
|
def test_covered_single(self):
|
||||||
obj = CapabilityRule.parse('capability sys_admin,')
|
obj = CapabilityRule.create_instance('capability sys_admin,')
|
||||||
|
|
||||||
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
||||||
|
|
||||||
@@ -317,7 +317,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_covered(obj, 'capability,'))
|
self.assertFalse(self._is_covered(obj, 'capability,'))
|
||||||
|
|
||||||
def test_covered_audit(self):
|
def test_covered_audit(self):
|
||||||
obj = CapabilityRule.parse('audit capability sys_admin,')
|
obj = CapabilityRule.create_instance('audit capability sys_admin,')
|
||||||
|
|
||||||
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
||||||
self.assertTrue(self._is_covered(obj, 'audit capability sys_admin,'))
|
self.assertTrue(self._is_covered(obj, 'audit capability sys_admin,'))
|
||||||
@@ -327,7 +327,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_covered(obj, 'capability,'))
|
self.assertFalse(self._is_covered(obj, 'capability,'))
|
||||||
|
|
||||||
def test_covered_check_audit(self):
|
def test_covered_check_audit(self):
|
||||||
obj = CapabilityRule.parse('audit capability sys_admin,')
|
obj = CapabilityRule.create_instance('audit capability sys_admin,')
|
||||||
|
|
||||||
self.assertFalse(self._is_covered_exact(obj, 'capability sys_admin,'))
|
self.assertFalse(self._is_covered_exact(obj, 'capability sys_admin,'))
|
||||||
self.assertTrue(self._is_covered_exact(obj, 'audit capability sys_admin,'))
|
self.assertTrue(self._is_covered_exact(obj, 'audit capability sys_admin,'))
|
||||||
@@ -337,7 +337,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_covered_exact(obj, 'capability,'))
|
self.assertFalse(self._is_covered_exact(obj, 'capability,'))
|
||||||
|
|
||||||
def test_equal(self):
|
def test_equal(self):
|
||||||
obj = CapabilityRule.parse('capability sys_admin,')
|
obj = CapabilityRule.create_instance('capability sys_admin,')
|
||||||
|
|
||||||
self.assertTrue(self._is_equal(obj, 'capability sys_admin,', True))
|
self.assertTrue(self._is_equal(obj, 'capability sys_admin,', True))
|
||||||
self.assertFalse(self._is_equal(obj, 'allow capability sys_admin,', True))
|
self.assertFalse(self._is_equal(obj, 'allow capability sys_admin,', True))
|
||||||
@@ -349,7 +349,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_equal(obj, 'audit capability sys_admin,', False))
|
self.assertFalse(self._is_equal(obj, 'audit capability sys_admin,', False))
|
||||||
|
|
||||||
def test_covered_multi(self):
|
def test_covered_multi(self):
|
||||||
obj = CapabilityRule.parse('capability audit_write sys_admin,')
|
obj = CapabilityRule.create_instance('capability audit_write sys_admin,')
|
||||||
|
|
||||||
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
||||||
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
|
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
|
||||||
@@ -361,7 +361,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_covered(obj, 'capability,'))
|
self.assertFalse(self._is_covered(obj, 'capability,'))
|
||||||
|
|
||||||
def test_covered_all(self):
|
def test_covered_all(self):
|
||||||
obj = CapabilityRule.parse('capability,')
|
obj = CapabilityRule.create_instance('capability,')
|
||||||
|
|
||||||
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
||||||
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
|
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
|
||||||
@@ -372,7 +372,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_covered(obj, 'audit capability,'))
|
self.assertFalse(self._is_covered(obj, 'audit capability,'))
|
||||||
|
|
||||||
def test_covered_deny(self):
|
def test_covered_deny(self):
|
||||||
obj = CapabilityRule.parse('capability sys_admin,')
|
obj = CapabilityRule.create_instance('capability sys_admin,')
|
||||||
|
|
||||||
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
|
||||||
|
|
||||||
@@ -382,7 +382,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_covered(obj, 'capability,'))
|
self.assertFalse(self._is_covered(obj, 'capability,'))
|
||||||
|
|
||||||
def test_covered_deny_2(self):
|
def test_covered_deny_2(self):
|
||||||
obj = CapabilityRule.parse('deny capability sys_admin,')
|
obj = CapabilityRule.create_instance('deny capability sys_admin,')
|
||||||
|
|
||||||
self.assertTrue(self._is_covered(obj, 'deny capability sys_admin,'))
|
self.assertTrue(self._is_covered(obj, 'deny capability sys_admin,'))
|
||||||
|
|
||||||
@@ -392,7 +392,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
self.assertFalse(self._is_covered(obj, 'deny capability,'))
|
self.assertFalse(self._is_covered(obj, 'deny capability,'))
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = CapabilityRule.parse('capability sys_admin,')
|
obj = CapabilityRule.create_instance('capability sys_admin,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -400,7 +400,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered(self):
|
def test_borked_obj_is_covered(self):
|
||||||
obj = CapabilityRule.parse('capability sys_admin,')
|
obj = CapabilityRule.create_instance('capability sys_admin,')
|
||||||
|
|
||||||
testobj = CapabilityRule('chown')
|
testobj = CapabilityRule('chown')
|
||||||
testobj.capability.clear()
|
testobj.capability.clear()
|
||||||
@@ -409,7 +409,7 @@ class CapabilityCoveredTest(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = CapabilityRule.parse('capability sys_admin,')
|
obj = CapabilityRule.create_instance('capability sys_admin,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -457,7 +457,7 @@ class CapabilityLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = CapabilityRule.parse(params)
|
obj = CapabilityRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -492,7 +492,7 @@ class CapabilityRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(CapabilityRule.parse(rule))
|
ruleset.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -521,7 +521,7 @@ class CapabilityRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(CapabilityRule.parse(rule))
|
ruleset.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
||||||
@@ -555,59 +555,59 @@ class CapabilityRulesCoveredTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
self.ruleset.add(CapabilityRule.parse(rule))
|
self.ruleset.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
def test_ruleset_is_covered_1(self):
|
def test_ruleset_is_covered_1(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chown,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability chown,')))
|
||||||
def test_ruleset_is_covered_2(self):
|
def test_ruleset_is_covered_2(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability sys_admin,')))
|
||||||
def test_ruleset_is_covered_3(self):
|
def test_ruleset_is_covered_3(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability sys_admin,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('allow capability sys_admin,')))
|
||||||
def test_ruleset_is_covered_4(self):
|
def test_ruleset_is_covered_4(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setuid,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability setuid,')))
|
||||||
def test_ruleset_is_covered_5(self):
|
def test_ruleset_is_covered_5(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability setgid,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('allow capability setgid,')))
|
||||||
def test_ruleset_is_covered_6(self):
|
def test_ruleset_is_covered_6(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setgid setuid,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability setgid setuid,')))
|
||||||
def test_ruleset_is_covered_7(self):
|
def test_ruleset_is_covered_7(self):
|
||||||
pass # self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin chown,'))) # fails because it is split over two rule objects internally
|
pass # self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability sys_admin chown,'))) # fails because it is split over two rule objects internally
|
||||||
def test_ruleset_is_covered_8(self):
|
def test_ruleset_is_covered_8(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability kill,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability kill,')))
|
||||||
|
|
||||||
def test_ruleset_is_covered_9(self):
|
def test_ruleset_is_covered_9(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chown,')))
|
||||||
def test_ruleset_is_covered_10(self):
|
def test_ruleset_is_covered_10(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability sys_admin,')))
|
||||||
def test_ruleset_is_covered_11(self):
|
def test_ruleset_is_covered_11(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin chown,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability sys_admin chown,')))
|
||||||
def test_ruleset_is_covered_12(self):
|
def test_ruleset_is_covered_12(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability setgid,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability setgid,')))
|
||||||
def test_ruleset_is_covered_13(self):
|
def test_ruleset_is_covered_13(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability kill,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability kill,')))
|
||||||
|
|
||||||
def test_ruleset_is_covered_14(self):
|
def test_ruleset_is_covered_14(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chown,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability chown,')))
|
||||||
def test_ruleset_is_covered_15(self):
|
def test_ruleset_is_covered_15(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability sys_admin,')))
|
||||||
def test_ruleset_is_covered_16(self):
|
def test_ruleset_is_covered_16(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin chown,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability sys_admin chown,')))
|
||||||
def test_ruleset_is_covered_17(self):
|
def test_ruleset_is_covered_17(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability setgid,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability setgid,')))
|
||||||
def test_ruleset_is_covered_18(self):
|
def test_ruleset_is_covered_18(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('audit capability kill,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability kill,')))
|
||||||
|
|
||||||
def test_ruleset_is_covered_19(self):
|
def test_ruleset_is_covered_19(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('deny capability chgrp,')))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chgrp,')))
|
||||||
def test_ruleset_is_covered_20(self):
|
def test_ruleset_is_covered_20(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit deny capability chgrp,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit deny capability chgrp,')))
|
||||||
def test_ruleset_is_covered_21(self):
|
def test_ruleset_is_covered_21(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chgrp,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability chgrp,')))
|
||||||
def test_ruleset_is_covered_22(self):
|
def test_ruleset_is_covered_22(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,')))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('capability chgrp,')))
|
||||||
def test_ruleset_is_covered_23(self):
|
def test_ruleset_is_covered_23(self):
|
||||||
self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,'), check_allow_deny=False))
|
self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability chgrp,'), check_allow_deny=False))
|
||||||
def test_ruleset_is_covered_24(self):
|
def test_ruleset_is_covered_24(self):
|
||||||
self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,'), check_allow_deny=False))
|
self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chown,'), check_allow_deny=False))
|
||||||
|
|
||||||
# XXX - disabling these until we decide whether or not checking whether
|
# XXX - disabling these until we decide whether or not checking whether
|
||||||
# a log is covered by rules should be a separate entry point, possibly
|
# a log is covered by rules should be a separate entry point, possibly
|
||||||
@@ -660,7 +660,7 @@ class CapabilityDeleteTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
self.ruleset.add(CapabilityRule.parse(rule))
|
self.ruleset.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
def test_delete(self):
|
def test_delete(self):
|
||||||
expected_raw = [
|
expected_raw = [
|
||||||
@@ -745,7 +745,7 @@ class CapabilityDeleteTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
inc.add(CapabilityRule.parse(rule))
|
inc.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
expected_raw = [
|
expected_raw = [
|
||||||
' allow capability sys_admin,',
|
' allow capability sys_admin,',
|
||||||
@@ -766,7 +766,7 @@ class CapabilityDeleteTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
inc.add(CapabilityRule.parse(rule))
|
inc.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
expected_raw = [
|
expected_raw = [
|
||||||
' capability chown,',
|
' capability chown,',
|
||||||
@@ -788,7 +788,7 @@ class CapabilityDeleteTest(AATest):
|
|||||||
self.assertEqual(expected_clean, self.ruleset.get_clean(1))
|
self.assertEqual(expected_clean, self.ruleset.get_clean(1))
|
||||||
|
|
||||||
def test_delete_duplicates_3(self):
|
def test_delete_duplicates_3(self):
|
||||||
self.ruleset.add(CapabilityRule.parse('audit capability dac_override,'))
|
self.ruleset.add(CapabilityRule.create_instance('audit capability dac_override,'))
|
||||||
|
|
||||||
inc = CapabilityRuleset()
|
inc = CapabilityRuleset()
|
||||||
rules = [
|
rules = [
|
||||||
@@ -796,7 +796,7 @@ class CapabilityDeleteTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
inc.add(CapabilityRule.parse(rule))
|
inc.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
expected_raw = [
|
expected_raw = [
|
||||||
' capability chown,',
|
' capability chown,',
|
||||||
@@ -824,7 +824,7 @@ class CapabilityDeleteTest(AATest):
|
|||||||
rules = ['capability,']
|
rules = ['capability,']
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
inc.add(CapabilityRule.parse(rule))
|
inc.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
expected_raw = [
|
expected_raw = [
|
||||||
' deny capability chgrp, # example comment',
|
' deny capability chgrp, # example comment',
|
||||||
@@ -884,7 +884,7 @@ class CapabilityDeleteTest(AATest):
|
|||||||
obj = CapabilityRuleset()
|
obj = CapabilityRuleset()
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
obj.add(CapabilityRule.parse(rule))
|
obj.add(CapabilityRule.create_instance(rule))
|
||||||
|
|
||||||
deleted = obj.delete_duplicates(None)
|
deleted = obj.delete_duplicates(None)
|
||||||
|
|
||||||
|
|||||||
@@ -78,7 +78,7 @@ class ChangeProfileTestParse(ChangeProfileTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(ChangeProfileRule.match(rawrule))
|
self.assertTrue(ChangeProfileRule.match(rawrule))
|
||||||
obj = ChangeProfileRule.parse(rawrule)
|
obj = ChangeProfileRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -94,7 +94,7 @@ class ChangeProfileTestParseInvalid(ChangeProfileTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertFalse(ChangeProfileRule.match(rawrule))
|
self.assertFalse(ChangeProfileRule.match(rawrule))
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
ChangeProfileRule.parse(rawrule)
|
ChangeProfileRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class ChangeProfileTestParseFromLog(ChangeProfileTest):
|
class ChangeProfileTestParseFromLog(ChangeProfileTest):
|
||||||
@@ -190,7 +190,7 @@ class InvalidChangeProfileTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertFalse(ChangeProfileRule.match(rawrule))
|
self.assertFalse(ChangeProfileRule.match(rawrule))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = ChangeProfileRule.parse(rawrule)
|
obj = ChangeProfileRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'ChangeProfileRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'ChangeProfileRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -229,7 +229,7 @@ class WriteChangeProfileTestAATest(AATest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(ChangeProfileRule.match(rawrule))
|
self.assertTrue(ChangeProfileRule.match(rawrule))
|
||||||
obj = ChangeProfileRule.parse(rawrule)
|
obj = ChangeProfileRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -247,8 +247,8 @@ class WriteChangeProfileTestAATest(AATest):
|
|||||||
|
|
||||||
class ChangeProfileCoveredTest(AATest):
|
class ChangeProfileCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = ChangeProfileRule.parse(self.rule)
|
obj = ChangeProfileRule.create_instance(self.rule)
|
||||||
check_obj = ChangeProfileRule.parse(param)
|
check_obj = ChangeProfileRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(ChangeProfileRule.match(param))
|
self.assertTrue(ChangeProfileRule.match(param))
|
||||||
|
|
||||||
@@ -359,7 +359,7 @@ class ChangeProfileCoveredTest_06(ChangeProfileCoveredTest):
|
|||||||
|
|
||||||
class ChangeProfileCoveredTest_Invalid(AATest):
|
class ChangeProfileCoveredTest_Invalid(AATest):
|
||||||
def test_borked_obj_is_covered_1(self):
|
def test_borked_obj_is_covered_1(self):
|
||||||
obj = ChangeProfileRule.parse('change_profile /foo,')
|
obj = ChangeProfileRule.create_instance('change_profile /foo,')
|
||||||
|
|
||||||
testobj = ChangeProfileRule(None, '/foo', '/bar')
|
testobj = ChangeProfileRule(None, '/foo', '/bar')
|
||||||
testobj.execcond = ''
|
testobj.execcond = ''
|
||||||
@@ -368,7 +368,7 @@ class ChangeProfileCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered_2(self):
|
def test_borked_obj_is_covered_2(self):
|
||||||
obj = ChangeProfileRule.parse('change_profile /foo,')
|
obj = ChangeProfileRule.create_instance('change_profile /foo,')
|
||||||
|
|
||||||
testobj = ChangeProfileRule(None, '/foo', '/bar')
|
testobj = ChangeProfileRule(None, '/foo', '/bar')
|
||||||
testobj.targetprofile = ''
|
testobj.targetprofile = ''
|
||||||
@@ -377,7 +377,7 @@ class ChangeProfileCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = ChangeProfileRule.parse('change_profile /foo,')
|
obj = ChangeProfileRule.create_instance('change_profile /foo,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -385,7 +385,7 @@ class ChangeProfileCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = ChangeProfileRule.parse('change_profile -> /bar,')
|
obj = ChangeProfileRule.create_instance('change_profile -> /bar,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -406,7 +406,7 @@ class ChangeProfileLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = ChangeProfileRule.parse(params)
|
obj = ChangeProfileRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -441,7 +441,7 @@ class ChangeProfileRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(ChangeProfileRule.parse(rule))
|
ruleset.add(ChangeProfileRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -470,7 +470,7 @@ class ChangeProfileRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(ChangeProfileRule.parse(rule))
|
ruleset.add(ChangeProfileRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
||||||
|
|||||||
@@ -103,7 +103,7 @@ class DbusTestParse(DbusTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(DbusRule.match(rawrule))
|
self.assertTrue(DbusRule.match(rawrule))
|
||||||
obj = DbusRule.parse(rawrule)
|
obj = DbusRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -126,7 +126,7 @@ class DbusTestParseInvalid(DbusTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(DbusRule.match(rawrule)) # the above invalid rules still match the main regex!
|
self.assertTrue(DbusRule.match(rawrule)) # the above invalid rules still match the main regex!
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
DbusRule.parse(rawrule)
|
DbusRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class DbusTestParseFromLog(DbusTest):
|
class DbusTestParseFromLog(DbusTest):
|
||||||
@@ -309,7 +309,7 @@ class InvalidDbusTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertFalse(DbusRule.match(rawrule))
|
self.assertFalse(DbusRule.match(rawrule))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = DbusRule.parse(rawrule)
|
obj = DbusRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'DbusRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'DbusRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -380,7 +380,7 @@ class InvalidDbusTest(AATest):
|
|||||||
class WriteDbusTest(AATest):
|
class WriteDbusTest(AATest):
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(DbusRule.match(rawrule), 'DbusRule.match() failed')
|
self.assertTrue(DbusRule.match(rawrule), 'DbusRule.match() failed')
|
||||||
obj = DbusRule.parse(rawrule)
|
obj = DbusRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -436,8 +436,8 @@ class WriteDbusTest(AATest):
|
|||||||
|
|
||||||
class DbusCoveredTest(AATest):
|
class DbusCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = DbusRule.parse(self.rule)
|
obj = DbusRule.create_instance(self.rule)
|
||||||
check_obj = DbusRule.parse(param)
|
check_obj = DbusRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(DbusRule.match(param))
|
self.assertTrue(DbusRule.match(param))
|
||||||
|
|
||||||
@@ -766,7 +766,7 @@ class DbusCoveredTest_Invalid(AATest):
|
|||||||
self.obj.is_covered(self.testobj)
|
self.obj.is_covered(self.testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = DbusRule.parse('dbus send,')
|
obj = DbusRule.create_instance('dbus send,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -774,7 +774,7 @@ class DbusCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = DbusRule.parse('dbus send,')
|
obj = DbusRule.create_instance('dbus send,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -798,7 +798,7 @@ class DbusLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = DbusRule.parse(params)
|
obj = DbusRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -833,7 +833,7 @@ class DbusRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(DbusRule.parse(rule))
|
ruleset.add(DbusRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -862,7 +862,7 @@ class DbusRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(DbusRule.parse(rule))
|
ruleset.add(DbusRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
||||||
|
|||||||
@@ -105,7 +105,7 @@ class FileTestParse(FileTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(FileRule.match(rawrule))
|
self.assertTrue(FileRule.match(rawrule))
|
||||||
obj = FileRule.parse(rawrule)
|
obj = FileRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -128,7 +128,7 @@ class FileTestParseInvalid(FileTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(FileRule.match(rawrule)) # the above invalid rules still match the main regex!
|
self.assertTrue(FileRule.match(rawrule)) # the above invalid rules still match the main regex!
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
FileRule.parse(rawrule)
|
FileRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class FileTestNonMatch(AATest):
|
class FileTestNonMatch(AATest):
|
||||||
@@ -305,7 +305,7 @@ class InvalidFileTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertFalse(FileRule.match(rawrule))
|
self.assertFalse(FileRule.match(rawrule))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = FileRule.parse(rawrule)
|
obj = FileRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'FileRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'FileRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -358,7 +358,7 @@ class FileGlobTest(AATest):
|
|||||||
exp_can_glob, exp_can_glob_ext, exp_rule_glob, exp_rule_glob_ext = expected
|
exp_can_glob, exp_can_glob_ext, exp_rule_glob, exp_rule_glob_ext = expected
|
||||||
|
|
||||||
# test glob()
|
# test glob()
|
||||||
rule_obj = FileRule.parse(params)
|
rule_obj = FileRule.create_instance(params)
|
||||||
self.assertEqual(exp_can_glob, rule_obj.can_glob)
|
self.assertEqual(exp_can_glob, rule_obj.can_glob)
|
||||||
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
|
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
|
||||||
|
|
||||||
@@ -366,7 +366,7 @@ class FileGlobTest(AATest):
|
|||||||
self.assertEqual(rule_obj.get_clean(), exp_rule_glob)
|
self.assertEqual(rule_obj.get_clean(), exp_rule_glob)
|
||||||
|
|
||||||
# test glob_ext()
|
# test glob_ext()
|
||||||
rule_obj = FileRule.parse(params)
|
rule_obj = FileRule.create_instance(params)
|
||||||
self.assertEqual(exp_can_glob, rule_obj.can_glob)
|
self.assertEqual(exp_can_glob, rule_obj.can_glob)
|
||||||
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
|
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
|
||||||
|
|
||||||
@@ -389,7 +389,7 @@ class FileGlobTest(AATest):
|
|||||||
class WriteFileTest(AATest):
|
class WriteFileTest(AATest):
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(FileRule.match(rawrule), 'FileRule.match() failed')
|
self.assertTrue(FileRule.match(rawrule), 'FileRule.match() failed')
|
||||||
obj = FileRule.parse(rawrule)
|
obj = FileRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -459,8 +459,8 @@ class WriteFileTest(AATest):
|
|||||||
|
|
||||||
class FileCoveredTest(AATest):
|
class FileCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = FileRule.parse(self.rule)
|
obj = FileRule.create_instance(self.rule)
|
||||||
check_obj = FileRule.parse(param)
|
check_obj = FileRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(FileRule.match(param))
|
self.assertTrue(FileRule.match(param))
|
||||||
|
|
||||||
@@ -790,7 +790,7 @@ class FileCoveredTest_ManualOrInvalid(AATest):
|
|||||||
self.obj.is_covered(self.testobj)
|
self.obj.is_covered(self.testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = FileRule.parse('file,')
|
obj = FileRule.create_instance('file,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -798,7 +798,7 @@ class FileCoveredTest_ManualOrInvalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = FileRule.parse('file,')
|
obj = FileRule.create_instance('file,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -824,7 +824,7 @@ class FileSeverityTest(AATest):
|
|||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
sev_db = severity.Severity('../severity.db', 'unknown')
|
sev_db = severity.Severity('../severity.db', 'unknown')
|
||||||
obj = FileRule.parse(params)
|
obj = FileRule.create_instance(params)
|
||||||
rank = obj.severity(sev_db)
|
rank = obj.severity(sev_db)
|
||||||
self.assertEqual(rank, expected)
|
self.assertEqual(rank, expected)
|
||||||
|
|
||||||
@@ -850,20 +850,20 @@ class FileLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = FileRule.parse(params[0])
|
obj = FileRule.create_instance(params[0])
|
||||||
if params[1] or params[2]:
|
if params[1] or params[2]:
|
||||||
obj.original_perms = {'allow': {'all': params[1], 'owner': params[2]}}
|
obj.original_perms = {'allow': {'all': params[1], 'owner': params[2]}}
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
def test_empty_original_perms(self):
|
def test_empty_original_perms(self):
|
||||||
obj = FileRule.parse('/foo rw,')
|
obj = FileRule.create_instance('/foo rw,')
|
||||||
obj.original_perms = {'allow': {'all': set(), 'owner': set()}}
|
obj.original_perms = {'allow': {'all': set(), 'owner': set()}}
|
||||||
self.assertEqual(obj.logprof_header(), [_('Path'), '/foo', _('New Mode'), _('rw')])
|
self.assertEqual(obj.logprof_header(), [_('Path'), '/foo', _('New Mode'), _('rw')])
|
||||||
|
|
||||||
|
|
||||||
class FileEditHeaderTest(AATest):
|
class FileEditHeaderTest(AATest):
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
rule_obj = FileRule.parse(params)
|
rule_obj = FileRule.create_instance(params)
|
||||||
self.assertEqual(rule_obj.can_edit, True)
|
self.assertEqual(rule_obj.can_edit, True)
|
||||||
prompt, path_to_edit = rule_obj.edit_header()
|
prompt, path_to_edit = rule_obj.edit_header()
|
||||||
self.assertEqual(path_to_edit, expected)
|
self.assertEqual(path_to_edit, expected)
|
||||||
@@ -875,7 +875,7 @@ class FileEditHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def test_edit_header_bare_file(self):
|
def test_edit_header_bare_file(self):
|
||||||
rule_obj = FileRule.parse('file,')
|
rule_obj = FileRule.create_instance('file,')
|
||||||
self.assertEqual(rule_obj.can_edit, False)
|
self.assertEqual(rule_obj.can_edit, False)
|
||||||
with self.assertRaises(AppArmorBug):
|
with self.assertRaises(AppArmorBug):
|
||||||
rule_obj.edit_header()
|
rule_obj.edit_header()
|
||||||
@@ -900,7 +900,7 @@ class FileValidateAndStoreEditTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def test_validate_not_a_path(self):
|
def test_validate_not_a_path(self):
|
||||||
rule_obj = FileRule.parse('/foo/bar/baz r,')
|
rule_obj = FileRule.create_instance('/foo/bar/baz r,')
|
||||||
|
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
rule_obj.validate_edit('foo/bar/baz')
|
rule_obj.validate_edit('foo/bar/baz')
|
||||||
@@ -909,7 +909,7 @@ class FileValidateAndStoreEditTest(AATest):
|
|||||||
rule_obj.store_edit('foo/bar/baz')
|
rule_obj.store_edit('foo/bar/baz')
|
||||||
|
|
||||||
def test_validate_edit_bare_file(self):
|
def test_validate_edit_bare_file(self):
|
||||||
rule_obj = FileRule.parse('file,')
|
rule_obj = FileRule.create_instance('file,')
|
||||||
self.assertEqual(rule_obj.can_edit, False)
|
self.assertEqual(rule_obj.can_edit, False)
|
||||||
|
|
||||||
with self.assertRaises(AppArmorBug):
|
with self.assertRaises(AppArmorBug):
|
||||||
@@ -954,7 +954,7 @@ class FileRulesTest(AATest):
|
|||||||
|
|
||||||
deleted = 0
|
deleted = 0
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
deleted += ruleset.add(FileRule.parse(rule))
|
deleted += ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(deleted, 0)
|
self.assertEqual(deleted, 0)
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
@@ -985,7 +985,7 @@ class FileRulesTest(AATest):
|
|||||||
|
|
||||||
deleted = 0
|
deleted = 0
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
deleted += ruleset.add(FileRule.parse(rule))
|
deleted += ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(deleted, 0)
|
self.assertEqual(deleted, 0)
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
@@ -1019,12 +1019,12 @@ class FileRulesTest(AATest):
|
|||||||
|
|
||||||
deleted = 0
|
deleted = 0
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
deleted += ruleset.add(FileRule.parse(rule))
|
deleted += ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(deleted, 0) # rules[] are added without cleanup mode, so the superfluous '/foo/baz rw,' should be kept
|
self.assertEqual(deleted, 0) # rules[] are added without cleanup mode, so the superfluous '/foo/baz rw,' should be kept
|
||||||
|
|
||||||
for rule in rules_with_cleanup:
|
for rule in rules_with_cleanup:
|
||||||
deleted += ruleset.add(FileRule.parse(rule), cleanup=True)
|
deleted += ruleset.add(FileRule.create_instance(rule), cleanup=True)
|
||||||
|
|
||||||
self.assertEqual(deleted, 1) # rules_with_cleanup made '/foo/bar r,' superfluous
|
self.assertEqual(deleted, 1) # rules_with_cleanup made '/foo/bar r,' superfluous
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
@@ -1062,7 +1062,7 @@ class FileGetRulesForPath(AATest):
|
|||||||
|
|
||||||
ruleset = FileRuleset()
|
ruleset = FileRuleset()
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(FileRule.parse(rule))
|
ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
matching = ruleset.get_rules_for_path(*params)
|
matching = ruleset.get_rules_for_path(*params)
|
||||||
self. assertEqual(matching.get_clean(), expected)
|
self. assertEqual(matching.get_clean(), expected)
|
||||||
@@ -1095,7 +1095,7 @@ class FileGetPermsForPath_1(AATest):
|
|||||||
|
|
||||||
ruleset = FileRuleset()
|
ruleset = FileRuleset()
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(FileRule.parse(rule))
|
ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
perms = ruleset.get_perms_for_path(*params)
|
perms = ruleset.get_perms_for_path(*params)
|
||||||
self. assertEqual(perms, expected)
|
self. assertEqual(perms, expected)
|
||||||
@@ -1132,7 +1132,7 @@ class FileGetPermsForPath_2(AATest):
|
|||||||
|
|
||||||
ruleset = FileRuleset()
|
ruleset = FileRuleset()
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(FileRule.parse(rule))
|
ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
perms = ruleset.get_perms_for_path(*params)
|
perms = ruleset.get_perms_for_path(*params)
|
||||||
self. assertEqual(perms, expected)
|
self. assertEqual(perms, expected)
|
||||||
@@ -1155,7 +1155,7 @@ class FileGetExecRulesForPath_1(AATest):
|
|||||||
|
|
||||||
ruleset = FileRuleset()
|
ruleset = FileRuleset()
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(FileRule.parse(rule))
|
ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
perms = ruleset.get_exec_rules_for_path(params)
|
perms = ruleset.get_exec_rules_for_path(params)
|
||||||
matches = perms.get_clean()
|
matches = perms.get_clean()
|
||||||
@@ -1179,7 +1179,7 @@ class FileGetExecRulesForPath_2(AATest):
|
|||||||
|
|
||||||
ruleset = FileRuleset()
|
ruleset = FileRuleset()
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(FileRule.parse(rule))
|
ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
perms = ruleset.get_exec_rules_for_path(params, only_exact_matches=False)
|
perms = ruleset.get_exec_rules_for_path(params, only_exact_matches=False)
|
||||||
matches = perms.get_clean()
|
matches = perms.get_clean()
|
||||||
@@ -1206,9 +1206,9 @@ class FileGetExecConflictRules_1(AATest):
|
|||||||
|
|
||||||
ruleset = FileRuleset()
|
ruleset = FileRuleset()
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(FileRule.parse(rule))
|
ruleset.add(FileRule.create_instance(rule))
|
||||||
|
|
||||||
rule_obj = FileRule.parse(params)
|
rule_obj = FileRule.create_instance(params)
|
||||||
conflicts = ruleset.get_exec_conflict_rules(rule_obj)
|
conflicts = ruleset.get_exec_conflict_rules(rule_obj)
|
||||||
self. assertEqual(conflicts.get_clean(), expected)
|
self. assertEqual(conflicts.get_clean(), expected)
|
||||||
|
|
||||||
|
|||||||
@@ -89,7 +89,7 @@ class IncludeTestParse(IncludeTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(IncludeRule.match(rawrule))
|
self.assertTrue(IncludeRule.match(rawrule))
|
||||||
obj = IncludeRule.parse(rawrule)
|
obj = IncludeRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -105,7 +105,7 @@ class IncludeTestParseInvalid(IncludeTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(IncludeRule.match(rawrule)) # the above invalid rules still match the main regex!
|
self.assertTrue(IncludeRule.match(rawrule)) # the above invalid rules still match the main regex!
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
IncludeRule.parse(rawrule)
|
IncludeRule.create_instance(rawrule)
|
||||||
|
|
||||||
# class IncludeTestParseFromLog(IncludeTest): # we'll never have log events for includes
|
# class IncludeTestParseFromLog(IncludeTest): # we'll never have log events for includes
|
||||||
|
|
||||||
@@ -167,7 +167,7 @@ class InvalidIncludeTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertEqual(IncludeRule.match(rawrule), matches_regex)
|
self.assertEqual(IncludeRule.match(rawrule), matches_regex)
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = IncludeRule.parse(rawrule)
|
obj = IncludeRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'IncludeRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'IncludeRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -188,7 +188,7 @@ class InvalidIncludeTest(AATest):
|
|||||||
class WriteIncludeTestAATest(AATest):
|
class WriteIncludeTestAATest(AATest):
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(IncludeRule.match(rawrule))
|
self.assertTrue(IncludeRule.match(rawrule))
|
||||||
obj = IncludeRule.parse(rawrule)
|
obj = IncludeRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -246,8 +246,8 @@ class WriteIncludeTestAATest(AATest):
|
|||||||
|
|
||||||
class IncludeCoveredTest(AATest):
|
class IncludeCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = IncludeRule.parse(self.rule)
|
obj = IncludeRule.create_instance(self.rule)
|
||||||
check_obj = IncludeRule.parse(param)
|
check_obj = IncludeRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(IncludeRule.match(param))
|
self.assertTrue(IncludeRule.match(param))
|
||||||
|
|
||||||
@@ -289,7 +289,7 @@ class IncludeCoveredTest_02(IncludeCoveredTest):
|
|||||||
|
|
||||||
class IncludeCoveredTest_Invalid(AATest):
|
class IncludeCoveredTest_Invalid(AATest):
|
||||||
# def test_borked_obj_is_covered_1(self):
|
# def test_borked_obj_is_covered_1(self):
|
||||||
# obj = IncludeRule.parse('include <foo>')
|
# obj = IncludeRule.create_instance('include <foo>')
|
||||||
#
|
#
|
||||||
# testobj = IncludeRule('foo', True, True)
|
# testobj = IncludeRule('foo', True, True)
|
||||||
# testobj.path = ''
|
# testobj.path = ''
|
||||||
@@ -298,7 +298,7 @@ class IncludeCoveredTest_Invalid(AATest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = IncludeRule.parse('include <abstractions/base>')
|
obj = IncludeRule.create_instance('include <abstractions/base>')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -306,7 +306,7 @@ class IncludeCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = IncludeRule.parse('include <abstractions/base>')
|
obj = IncludeRule.create_instance('include <abstractions/base>')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -321,7 +321,7 @@ class IncludeLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = IncludeRule.parse(params)
|
obj = IncludeRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -361,7 +361,7 @@ class IncludeFullPathsTest(AATest):
|
|||||||
for path in expected:
|
for path in expected:
|
||||||
exp2.append(path.replace('@@', self.profile_dir))
|
exp2.append(path.replace('@@', self.profile_dir))
|
||||||
|
|
||||||
obj = IncludeRule.parse(params)
|
obj = IncludeRule.create_instance(params)
|
||||||
self.assertEqual(obj.get_full_paths(self.profile_dir), exp2)
|
self.assertEqual(obj.get_full_paths(self.profile_dir), exp2)
|
||||||
|
|
||||||
|
|
||||||
@@ -418,7 +418,7 @@ class IncludeRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(IncludeRule.parse(rule))
|
ruleset.add(IncludeRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -465,7 +465,7 @@ class IncludeRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(IncludeRule.parse(rule))
|
ruleset.add(IncludeRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
|
|||||||
@@ -85,7 +85,7 @@ class NetworkTestParse(NetworkTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(NetworkRule.match(rawrule))
|
self.assertTrue(NetworkRule.match(rawrule))
|
||||||
obj = NetworkRule.parse(rawrule)
|
obj = NetworkRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -101,7 +101,7 @@ class NetworkTestParseInvalid(NetworkTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(NetworkRule.match(rawrule)) # the above invalid rules still match the main regex!
|
self.assertTrue(NetworkRule.match(rawrule)) # the above invalid rules still match the main regex!
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
NetworkRule.parse(rawrule)
|
NetworkRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class NetworkTestParseFromLog(NetworkTest):
|
class NetworkTestParseFromLog(NetworkTest):
|
||||||
@@ -192,7 +192,7 @@ class InvalidNetworkTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertFalse(NetworkRule.match(rawrule))
|
self.assertFalse(NetworkRule.match(rawrule))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = NetworkRule.parse(rawrule)
|
obj = NetworkRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'NetworkRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'NetworkRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -220,7 +220,7 @@ class InvalidNetworkTest(AATest):
|
|||||||
class WriteNetworkTestAATest(AATest):
|
class WriteNetworkTestAATest(AATest):
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(NetworkRule.match(rawrule))
|
self.assertTrue(NetworkRule.match(rawrule))
|
||||||
obj = NetworkRule.parse(rawrule)
|
obj = NetworkRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -247,8 +247,8 @@ class WriteNetworkTestAATest(AATest):
|
|||||||
|
|
||||||
class NetworkCoveredTest(AATest):
|
class NetworkCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = NetworkRule.parse(self.rule)
|
obj = NetworkRule.create_instance(self.rule)
|
||||||
check_obj = NetworkRule.parse(param)
|
check_obj = NetworkRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(NetworkRule.match(param))
|
self.assertTrue(NetworkRule.match(param))
|
||||||
|
|
||||||
@@ -351,7 +351,7 @@ class NetworkCoveredTest_05(NetworkCoveredTest):
|
|||||||
|
|
||||||
class NetworkCoveredTest_Invalid(AATest):
|
class NetworkCoveredTest_Invalid(AATest):
|
||||||
def test_borked_obj_is_covered_1(self):
|
def test_borked_obj_is_covered_1(self):
|
||||||
obj = NetworkRule.parse('network inet,')
|
obj = NetworkRule.create_instance('network inet,')
|
||||||
|
|
||||||
testobj = NetworkRule('inet', 'stream')
|
testobj = NetworkRule('inet', 'stream')
|
||||||
testobj.domain = ''
|
testobj.domain = ''
|
||||||
@@ -360,7 +360,7 @@ class NetworkCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered_2(self):
|
def test_borked_obj_is_covered_2(self):
|
||||||
obj = NetworkRule.parse('network inet,')
|
obj = NetworkRule.create_instance('network inet,')
|
||||||
|
|
||||||
testobj = NetworkRule('inet', 'stream')
|
testobj = NetworkRule('inet', 'stream')
|
||||||
testobj.type_or_protocol = ''
|
testobj.type_or_protocol = ''
|
||||||
@@ -369,7 +369,7 @@ class NetworkCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = NetworkRule.parse('network inet,')
|
obj = NetworkRule.create_instance('network inet,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -377,7 +377,7 @@ class NetworkCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = NetworkRule.parse('network inet,')
|
obj = NetworkRule.create_instance('network inet,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -397,14 +397,14 @@ class NetworkLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = NetworkRule.parse(params)
|
obj = NetworkRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
class NetworkRuleReprTest(AATest):
|
class NetworkRuleReprTest(AATest):
|
||||||
tests = (
|
tests = (
|
||||||
(NetworkRule('inet', 'stream'), '<NetworkRule> network inet stream,'),
|
(NetworkRule('inet', 'stream'), '<NetworkRule> network inet stream,'),
|
||||||
(NetworkRule.parse(' allow network inet stream, # foo'), '<NetworkRule> allow network inet stream, # foo'),
|
(NetworkRule.create_instance(' allow network inet stream, # foo'), '<NetworkRule> allow network inet stream, # foo'),
|
||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
@@ -442,7 +442,7 @@ class NetworkRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(NetworkRule.parse(rule))
|
ruleset.add(NetworkRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -471,7 +471,7 @@ class NetworkRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(NetworkRule.parse(rule))
|
ruleset.add(NetworkRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
||||||
@@ -503,7 +503,7 @@ class NetworkRulesetReprTest(AATest):
|
|||||||
def test_network_ruleset_repr(self):
|
def test_network_ruleset_repr(self):
|
||||||
obj = NetworkRuleset()
|
obj = NetworkRuleset()
|
||||||
obj.add(NetworkRule('inet', 'stream'))
|
obj.add(NetworkRule('inet', 'stream'))
|
||||||
obj.add(NetworkRule.parse(' allow network inet stream, # foo'))
|
obj.add(NetworkRule.create_instance(' allow network inet stream, # foo'))
|
||||||
|
|
||||||
expected = '<NetworkRuleset>\n network inet stream,\n allow network inet stream, # foo\n</NetworkRuleset>'
|
expected = '<NetworkRuleset>\n network inet stream,\n allow network inet stream, # foo\n</NetworkRuleset>'
|
||||||
self.assertEqual(str(obj), expected)
|
self.assertEqual(str(obj), expected)
|
||||||
|
|||||||
@@ -176,9 +176,9 @@ class TestAdd_inc_ie(AATest):
|
|||||||
self.assertEqual(list(self.pl.files.keys()), [])
|
self.assertEqual(list(self.pl.files.keys()), [])
|
||||||
|
|
||||||
def test_dedup_inc_ie_1(self):
|
def test_dedup_inc_ie_1(self):
|
||||||
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('include <tunables/global>'))
|
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance('include <tunables/global>'))
|
||||||
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('#include if exists <tunables/global> # comment'))
|
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance('#include if exists <tunables/global> # comment'))
|
||||||
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse(' #include <tunables/global> '))
|
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance(' #include <tunables/global> '))
|
||||||
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
|
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
|
||||||
self.assertEqual(deleted, 2)
|
self.assertEqual(deleted, 2)
|
||||||
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
|
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
|
||||||
@@ -214,8 +214,8 @@ class TestAdd_abi(AATest):
|
|||||||
self.assertEqual(list(self.pl.files.keys()), [])
|
self.assertEqual(list(self.pl.files.keys()), [])
|
||||||
|
|
||||||
def test_dedup_abi_1(self):
|
def test_dedup_abi_1(self):
|
||||||
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse('abi <abi/4.19>,'))
|
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.create_instance('abi <abi/4.19>,'))
|
||||||
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse(' abi <abi/4.19> , # comment'))
|
self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.create_instance(' abi <abi/4.19> , # comment'))
|
||||||
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
|
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
|
||||||
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
|
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
|
||||||
self.assertEqual(deleted, 1)
|
self.assertEqual(deleted, 1)
|
||||||
@@ -296,9 +296,9 @@ class TestAdd_variable(AATest):
|
|||||||
self.assertEqual(list(self.pl.files.keys()), [])
|
self.assertEqual(list(self.pl.files.keys()), [])
|
||||||
|
|
||||||
def test_dedup_variable_1(self):
|
def test_dedup_variable_1(self):
|
||||||
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} = /foo'))
|
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} = /foo'))
|
||||||
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar # comment'))
|
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} += /bar # comment'))
|
||||||
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar /baz'))
|
self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} += /bar /baz'))
|
||||||
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
|
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
|
||||||
self.assertEqual(deleted, 1)
|
self.assertEqual(deleted, 1)
|
||||||
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
|
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ class PtraceTestParse(PtraceTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(PtraceRule.match(rawrule))
|
self.assertTrue(PtraceRule.match(rawrule))
|
||||||
obj = PtraceRule.parse(rawrule)
|
obj = PtraceRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -86,7 +86,7 @@ class PtraceTestParseInvalid(PtraceTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(PtraceRule.match(rawrule)) # the above invalid rules still match the main regex!
|
self.assertTrue(PtraceRule.match(rawrule)) # the above invalid rules still match the main regex!
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
PtraceRule.parse(rawrule)
|
PtraceRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class PtraceTestParseFromLog(PtraceTest):
|
class PtraceTestParseFromLog(PtraceTest):
|
||||||
@@ -180,7 +180,7 @@ class InvalidPtraceTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertFalse(PtraceRule.match(rawrule))
|
self.assertFalse(PtraceRule.match(rawrule))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = PtraceRule.parse(rawrule)
|
obj = PtraceRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -208,7 +208,7 @@ class InvalidPtraceTest(AATest):
|
|||||||
class WritePtraceTestAATest(AATest):
|
class WritePtraceTestAATest(AATest):
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(PtraceRule.match(rawrule))
|
self.assertTrue(PtraceRule.match(rawrule))
|
||||||
obj = PtraceRule.parse(rawrule)
|
obj = PtraceRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -256,8 +256,8 @@ class WritePtraceTestAATest(AATest):
|
|||||||
|
|
||||||
class PtraceCoveredTest(AATest):
|
class PtraceCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = PtraceRule.parse(self.rule)
|
obj = PtraceRule.create_instance(self.rule)
|
||||||
check_obj = PtraceRule.parse(param)
|
check_obj = PtraceRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(PtraceRule.match(param))
|
self.assertTrue(PtraceRule.match(param))
|
||||||
|
|
||||||
@@ -436,7 +436,7 @@ class PtraceCoveredTest_08(PtraceCoveredTest):
|
|||||||
|
|
||||||
class PtraceCoveredTest_Invalid(AATest):
|
class PtraceCoveredTest_Invalid(AATest):
|
||||||
def test_borked_obj_is_covered_1(self):
|
def test_borked_obj_is_covered_1(self):
|
||||||
obj = PtraceRule.parse('ptrace read peer=/foo,')
|
obj = PtraceRule.create_instance('ptrace read peer=/foo,')
|
||||||
|
|
||||||
testobj = PtraceRule('read', '/foo')
|
testobj = PtraceRule('read', '/foo')
|
||||||
testobj.access = ''
|
testobj.access = ''
|
||||||
@@ -445,7 +445,7 @@ class PtraceCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered_2(self):
|
def test_borked_obj_is_covered_2(self):
|
||||||
obj = PtraceRule.parse('ptrace read peer=/foo,')
|
obj = PtraceRule.create_instance('ptrace read peer=/foo,')
|
||||||
|
|
||||||
testobj = PtraceRule('read', '/foo')
|
testobj = PtraceRule('read', '/foo')
|
||||||
testobj.peer = ''
|
testobj.peer = ''
|
||||||
@@ -454,7 +454,7 @@ class PtraceCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = PtraceRule.parse('ptrace read,')
|
obj = PtraceRule.create_instance('ptrace read,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -462,7 +462,7 @@ class PtraceCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal_1(self):
|
def test_invalid_is_equal_1(self):
|
||||||
obj = PtraceRule.parse('ptrace read,')
|
obj = PtraceRule.create_instance('ptrace read,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -470,9 +470,9 @@ class PtraceCoveredTest_Invalid(AATest):
|
|||||||
obj.is_equal(testobj)
|
obj.is_equal(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal_2(self):
|
def test_invalid_is_equal_2(self):
|
||||||
obj = PtraceRule.parse('ptrace read,')
|
obj = PtraceRule.create_instance('ptrace read,')
|
||||||
|
|
||||||
testobj = PtraceRule.parse('ptrace read,')
|
testobj = PtraceRule.create_instance('ptrace read,')
|
||||||
testobj.all_peers = False # make testobj invalid (should trigger exception in _is_equal_aare())
|
testobj.all_peers = False # make testobj invalid (should trigger exception in _is_equal_aare())
|
||||||
|
|
||||||
with self.assertRaises(AppArmorBug):
|
with self.assertRaises(AppArmorBug):
|
||||||
@@ -491,7 +491,7 @@ class PtraceLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = PtraceRule.parse(params)
|
obj = PtraceRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -530,7 +530,7 @@ class PtraceRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(PtraceRule.parse(rule))
|
ruleset.add(PtraceRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -564,7 +564,7 @@ class PtraceRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(PtraceRule.parse(rule))
|
ruleset.add(PtraceRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
||||||
|
|||||||
@@ -71,7 +71,7 @@ class RlimitTestParse(RlimitTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(RlimitRule.match(rawrule))
|
self.assertTrue(RlimitRule.match(rawrule))
|
||||||
obj = RlimitRule.parse(rawrule)
|
obj = RlimitRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -95,7 +95,7 @@ class RlimitTestParseInvalid(RlimitTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
# self.assertFalse(RlimitRule.match(rawrule)) # the main regex isn't very strict
|
# self.assertFalse(RlimitRule.match(rawrule)) # the main regex isn't very strict
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
RlimitRule.parse(rawrule)
|
RlimitRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class RlimitTestParseFromLog(RlimitTest):
|
class RlimitTestParseFromLog(RlimitTest):
|
||||||
@@ -181,7 +181,7 @@ class InvalidRlimitTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertFalse(RlimitRule.match(rawrule))
|
self.assertFalse(RlimitRule.match(rawrule))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = RlimitRule.parse(rawrule)
|
obj = RlimitRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'RlimitRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'RlimitRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -220,7 +220,7 @@ class WriteRlimitTest(AATest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(RlimitRule.match(rawrule))
|
self.assertTrue(RlimitRule.match(rawrule))
|
||||||
obj = RlimitRule.parse(rawrule)
|
obj = RlimitRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -238,8 +238,8 @@ class WriteRlimitTest(AATest):
|
|||||||
|
|
||||||
class RlimitCoveredTest(AATest):
|
class RlimitCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = RlimitRule.parse(self.rule)
|
obj = RlimitRule.create_instance(self.rule)
|
||||||
check_obj = RlimitRule.parse(param)
|
check_obj = RlimitRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(RlimitRule.match(param))
|
self.assertTrue(RlimitRule.match(param))
|
||||||
|
|
||||||
@@ -336,7 +336,7 @@ class RlimitCoveredTest_05(RlimitCoveredTest):
|
|||||||
|
|
||||||
class RlimitCoveredTest_Invalid(AATest):
|
class RlimitCoveredTest_Invalid(AATest):
|
||||||
def test_borked_obj_is_covered_1(self):
|
def test_borked_obj_is_covered_1(self):
|
||||||
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
|
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
|
||||||
|
|
||||||
testobj = RlimitRule('cpu', '1024')
|
testobj = RlimitRule('cpu', '1024')
|
||||||
testobj.rlimit = ''
|
testobj.rlimit = ''
|
||||||
@@ -345,7 +345,7 @@ class RlimitCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered_2(self):
|
def test_borked_obj_is_covered_2(self):
|
||||||
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
|
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
|
||||||
|
|
||||||
testobj = RlimitRule('cpu', '1024')
|
testobj = RlimitRule('cpu', '1024')
|
||||||
testobj.value = ''
|
testobj.value = ''
|
||||||
@@ -354,7 +354,7 @@ class RlimitCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
|
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -362,7 +362,7 @@ class RlimitCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = RlimitRule.parse('set rlimit cpu <= 1024,')
|
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -379,7 +379,7 @@ class RlimitLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = RlimitRule.parse(params)
|
obj = RlimitRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -414,7 +414,7 @@ class RlimitRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(RlimitRule.parse(rule))
|
ruleset.add(RlimitRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ class SignalTestParse(SignalTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(SignalRule.match(rawrule))
|
self.assertTrue(SignalRule.match(rawrule))
|
||||||
obj = SignalRule.parse(rawrule)
|
obj = SignalRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -90,7 +90,7 @@ class SignalTestParseInvalid(SignalTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(SignalRule.match(rawrule)) # the above invalid rules still match the main regex!
|
self.assertTrue(SignalRule.match(rawrule)) # the above invalid rules still match the main regex!
|
||||||
with self.assertRaises(expected):
|
with self.assertRaises(expected):
|
||||||
SignalRule.parse(rawrule)
|
SignalRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class SignalTestParseFromLog(SignalTest):
|
class SignalTestParseFromLog(SignalTest):
|
||||||
@@ -192,7 +192,7 @@ class InvalidSignalTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertFalse(SignalRule.match(rawrule))
|
self.assertFalse(SignalRule.match(rawrule))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = SignalRule.parse(rawrule)
|
obj = SignalRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'SignalRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'SignalRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -227,7 +227,7 @@ class InvalidSignalTest(AATest):
|
|||||||
class WriteSignalTestAATest(AATest):
|
class WriteSignalTestAATest(AATest):
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(SignalRule.match(rawrule))
|
self.assertTrue(SignalRule.match(rawrule))
|
||||||
obj = SignalRule.parse(rawrule)
|
obj = SignalRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -272,8 +272,8 @@ class WriteSignalTestAATest(AATest):
|
|||||||
|
|
||||||
class SignalCoveredTest(AATest):
|
class SignalCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = SignalRule.parse(self.rule)
|
obj = SignalRule.create_instance(self.rule)
|
||||||
check_obj = SignalRule.parse(param)
|
check_obj = SignalRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(SignalRule.match(param))
|
self.assertTrue(SignalRule.match(param))
|
||||||
|
|
||||||
@@ -498,7 +498,7 @@ class SignalCoveredTest_09(SignalCoveredTest):
|
|||||||
|
|
||||||
class SignalCoveredTest_Invalid(AATest):
|
class SignalCoveredTest_Invalid(AATest):
|
||||||
def test_borked_obj_is_covered_1(self):
|
def test_borked_obj_is_covered_1(self):
|
||||||
obj = SignalRule.parse('signal send peer=/foo,')
|
obj = SignalRule.create_instance('signal send peer=/foo,')
|
||||||
|
|
||||||
testobj = SignalRule('send', 'quit', '/foo')
|
testobj = SignalRule('send', 'quit', '/foo')
|
||||||
testobj.access = ''
|
testobj.access = ''
|
||||||
@@ -507,7 +507,7 @@ class SignalCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered_2(self):
|
def test_borked_obj_is_covered_2(self):
|
||||||
obj = SignalRule.parse('signal send set=quit peer=/foo,')
|
obj = SignalRule.create_instance('signal send set=quit peer=/foo,')
|
||||||
|
|
||||||
testobj = SignalRule('send', 'quit', '/foo')
|
testobj = SignalRule('send', 'quit', '/foo')
|
||||||
testobj.signal = ''
|
testobj.signal = ''
|
||||||
@@ -516,7 +516,7 @@ class SignalCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered_3(self):
|
def test_borked_obj_is_covered_3(self):
|
||||||
obj = SignalRule.parse('signal send set=quit peer=/foo,')
|
obj = SignalRule.create_instance('signal send set=quit peer=/foo,')
|
||||||
|
|
||||||
testobj = SignalRule('send', 'quit', '/foo')
|
testobj = SignalRule('send', 'quit', '/foo')
|
||||||
testobj.peer = ''
|
testobj.peer = ''
|
||||||
@@ -525,7 +525,7 @@ class SignalCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered(self):
|
def test_invalid_is_covered(self):
|
||||||
obj = SignalRule.parse('signal send,')
|
obj = SignalRule.create_instance('signal send,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -533,7 +533,7 @@ class SignalCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = SignalRule.parse('signal send,')
|
obj = SignalRule.create_instance('signal send,')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -556,7 +556,7 @@ class SignalLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = SignalRule.parse(params)
|
obj = SignalRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
|
|
||||||
@@ -591,7 +591,7 @@ class SignalRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(SignalRule.parse(rule))
|
ruleset.add(SignalRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -620,7 +620,7 @@ class SignalRulesTest(AATest):
|
|||||||
]
|
]
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(SignalRule.parse(rule))
|
ruleset.add(SignalRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
self.assertEqual(expected_raw, ruleset.get_raw(1))
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
self.assertEqual(expected_clean, ruleset.get_clean(1))
|
||||||
|
|||||||
@@ -87,7 +87,7 @@ class VariableTestParse(VariableTest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(VariableRule.match(rawrule))
|
self.assertTrue(VariableRule.match(rawrule))
|
||||||
obj = VariableRule.parse(rawrule)
|
obj = VariableRule.create_instance(rawrule)
|
||||||
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
self.assertEqual(rawrule.strip(), obj.raw_rule)
|
||||||
self._compare_obj(obj, expected)
|
self._compare_obj(obj, expected)
|
||||||
|
|
||||||
@@ -108,7 +108,7 @@ class VariableTestParseInvalid(VariableTest):
|
|||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertEqual(VariableRule.match(rawrule), expected[0])
|
self.assertEqual(VariableRule.match(rawrule), expected[0])
|
||||||
with self.assertRaises(expected[1]):
|
with self.assertRaises(expected[1]):
|
||||||
VariableRule.parse(rawrule)
|
VariableRule.create_instance(rawrule)
|
||||||
|
|
||||||
|
|
||||||
class VariableFromInit(VariableTest):
|
class VariableFromInit(VariableTest):
|
||||||
@@ -173,7 +173,7 @@ class InvalidVariableTest(AATest):
|
|||||||
obj = None
|
obj = None
|
||||||
self.assertEqual(VariableRule.match(rawrule), matches_regex)
|
self.assertEqual(VariableRule.match(rawrule), matches_regex)
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
obj = VariableRule.parse(rawrule)
|
obj = VariableRule.create_instance(rawrule)
|
||||||
|
|
||||||
self.assertIsNone(obj, 'VariableRule handed back an object unexpectedly')
|
self.assertIsNone(obj, 'VariableRule handed back an object unexpectedly')
|
||||||
|
|
||||||
@@ -200,7 +200,7 @@ class WriteVariableTestAATest(AATest):
|
|||||||
|
|
||||||
def _run_test(self, rawrule, expected):
|
def _run_test(self, rawrule, expected):
|
||||||
self.assertTrue(VariableRule.match(rawrule))
|
self.assertTrue(VariableRule.match(rawrule))
|
||||||
obj = VariableRule.parse(rawrule)
|
obj = VariableRule.create_instance(rawrule)
|
||||||
clean = obj.get_clean()
|
clean = obj.get_clean()
|
||||||
raw = obj.get_raw()
|
raw = obj.get_raw()
|
||||||
|
|
||||||
@@ -226,8 +226,8 @@ class WriteVariableTestAATest(AATest):
|
|||||||
|
|
||||||
class VariableCoveredTest(AATest):
|
class VariableCoveredTest(AATest):
|
||||||
def _run_test(self, param, expected):
|
def _run_test(self, param, expected):
|
||||||
obj = VariableRule.parse(self.rule)
|
obj = VariableRule.create_instance(self.rule)
|
||||||
check_obj = VariableRule.parse(param)
|
check_obj = VariableRule.create_instance(param)
|
||||||
|
|
||||||
self.assertTrue(VariableRule.match(param))
|
self.assertTrue(VariableRule.match(param))
|
||||||
|
|
||||||
@@ -280,7 +280,7 @@ class VariableCoveredTest_02(VariableCoveredTest):
|
|||||||
|
|
||||||
class VariableCoveredTest_Invalid(AATest):
|
class VariableCoveredTest_Invalid(AATest):
|
||||||
# def test_borked_obj_is_covered_1(self):
|
# def test_borked_obj_is_covered_1(self):
|
||||||
# obj = VariableRule.parse('@{foo} = /bar')
|
# obj = VariableRule.create_instance('@{foo} = /bar')
|
||||||
#
|
#
|
||||||
# testobj = VariableRule('@{foo}', '=', '/bar')
|
# testobj = VariableRule('@{foo}', '=', '/bar')
|
||||||
# testobj.mode = ''
|
# testobj.mode = ''
|
||||||
@@ -289,7 +289,7 @@ class VariableCoveredTest_Invalid(AATest):
|
|||||||
# obj.is_covered(testobj)
|
# obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_borked_obj_is_covered_2(self):
|
def test_borked_obj_is_covered_2(self):
|
||||||
obj = VariableRule.parse('@{foo} = /bar')
|
obj = VariableRule.create_instance('@{foo} = /bar')
|
||||||
|
|
||||||
testobj = VariableRule('@{foo}', '=', {'/bar'})
|
testobj = VariableRule('@{foo}', '=', {'/bar'})
|
||||||
testobj.values = ''
|
testobj.values = ''
|
||||||
@@ -298,7 +298,7 @@ class VariableCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_covered_3(self):
|
def test_invalid_is_covered_3(self):
|
||||||
obj = VariableRule.parse('@{foo} = /bar')
|
obj = VariableRule.create_instance('@{foo} = /bar')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -306,7 +306,7 @@ class VariableCoveredTest_Invalid(AATest):
|
|||||||
obj.is_covered(testobj)
|
obj.is_covered(testobj)
|
||||||
|
|
||||||
def test_invalid_is_equal(self):
|
def test_invalid_is_equal(self):
|
||||||
obj = VariableRule.parse('@{foo} = /bar')
|
obj = VariableRule.create_instance('@{foo} = /bar')
|
||||||
|
|
||||||
testobj = BaseRule() # different type
|
testobj = BaseRule() # different type
|
||||||
|
|
||||||
@@ -320,7 +320,7 @@ class VariableLogprofHeaderTest(AATest):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def _run_test(self, params, expected):
|
def _run_test(self, params, expected):
|
||||||
obj = VariableRule.parse(params)
|
obj = VariableRule.create_instance(params)
|
||||||
self.assertEqual(obj.logprof_header(), expected)
|
self.assertEqual(obj.logprof_header(), expected)
|
||||||
|
|
||||||
# --- tests for VariableRuleset --- #
|
# --- tests for VariableRuleset --- #
|
||||||
@@ -380,7 +380,7 @@ class VariableRulesTest(AATest):
|
|||||||
}
|
}
|
||||||
|
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
ruleset.add(VariableRule.parse(rule))
|
ruleset.add(VariableRule.create_instance(rule))
|
||||||
|
|
||||||
self.assertEqual(expected_raw, ruleset.get_raw())
|
self.assertEqual(expected_raw, ruleset.get_raw())
|
||||||
self.assertEqual(expected_clean, ruleset.get_clean())
|
self.assertEqual(expected_clean, ruleset.get_clean())
|
||||||
@@ -390,9 +390,9 @@ class VariableRulesTest(AATest):
|
|||||||
def test_ruleset_overwrite(self):
|
def test_ruleset_overwrite(self):
|
||||||
ruleset = VariableRuleset()
|
ruleset = VariableRuleset()
|
||||||
|
|
||||||
ruleset.add(VariableRule.parse('@{foo} = /bar'))
|
ruleset.add(VariableRule.create_instance('@{foo} = /bar'))
|
||||||
with self.assertRaises(AppArmorException):
|
with self.assertRaises(AppArmorException):
|
||||||
ruleset.add(VariableRule.parse('@{foo} = /asdf')) # attempt to redefine @{foo}
|
ruleset.add(VariableRule.create_instance('@{foo} = /asdf')) # attempt to redefine @{foo}
|
||||||
self.assertEqual({'=': {'@{foo}': {'/bar'}}, '+=': {}}, ruleset.get_merged_variables())
|
self.assertEqual({'=': {'@{foo}': {'/bar'}}, '+=': {}}, ruleset.get_merged_variables())
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user