mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 14:55:10 +00:00
Code Issues Releases Wiki Activity

Make BaseRule a proper abstract base class

Browse Source
This commit is contained in:
Mark Grassi
2022-09-27 22:14:31 -04:00
parent 9107a0d891
commit 852169948f
15 changed files with 167 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
utils/apparmor/rule/__init__.py
View File

@@ -13,7 +13,7 @@
#
# ----------------------------------------------------------------------
from abc import abstractmethod
from abc import ABCMeta, abstractmethod
from apparmor.aare import AARE
from apparmor.common import AppArmorBug
@@ -22,7 +22,7 @@ from apparmor.translations import init_translation
_ = init_translation()
class BaseRule:
class BaseRule(metaclass=ABCMeta):
"""Base class to handle and store a single rule"""
# type specific rules should inherit from this class.
@@ -89,12 +89,7 @@ class BaseRule:
% {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)})
def __repr__(self):
classname = self.__class__.__name__
try:
raw_content = self.get_raw() # will fail for BaseRule
return '<%s> %s' % (classname, raw_content)
except NotImplementedError:
return '<%s (NotImplementedError - get_clean() not implemented?)>' % classname
return '<%s> %s' % (self.__class__.__name__, self.get_raw())
@classmethod
def match(cls, raw_rule):
@@ -282,18 +277,16 @@ class BaseRule:
returns {'label1': 'value1', 'label2': 'value2'}"""
raise NotImplementedError("'%s' needs to implement logprof_header(), but didn't" % (str(self)))
@abstractmethod
# NOTE: edit_header, validate_edit, and store_edit are not implemented by every subclass.
def edit_header(self):
"""return the prompt for, and the path to edit when using '(N)ew'"""
raise NotImplementedError("'%s' needs to implement edit_header(), but didn't" % (str(self)))
@abstractmethod
def validate_edit(self, newpath):
"""validate the new path.
Returns True if it covers the previous path, False if it doesn't."""
raise NotImplementedError("'%s' needs to implement validate_edit(), but didn't" % (str(self)))
@abstractmethod
def store_edit(self, newpath):
"""store the changed path.
This is done even if the new path doesn't match the original one."""

18
utils/test/test-abi.py
View File

@@ -18,8 +18,6 @@ from collections import namedtuple
from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug, AppArmorException
# from apparmor.logparser import ReadLog
# from apparmor.rule import BaseRule
from apparmor.rule.abi import AbiRule, AbiRuleset
from apparmor.translations import init_translation
@@ -261,18 +259,22 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_invalid_is_covered(self):
# obj = AbiRule.create_instance('abi send,')
#
# testobj = BaseRule() # different type
# raw_rule = 'abi send,'
# class SomeOtherClass(AbiRule):
# pass
#
# obj = AbiRule.create_instance(raw_rule)
# testobj = SomeOtherClass.create_instance(raw_rule) # different type
# with self.assertRaises(AppArmorBug):
# obj.is_covered(testobj)
#
# def test_invalid_is_equal(self):
# obj = AbiRule.create_instance('abi send,')
#
# testobj = BaseRule() # different type
# raw_rule = 'abi send,'
# class SomeOtherClass(AbiRule):
# pass
#
# obj = AbiRule.create_instance(raw_rule)
# testobj = SomeOtherClass.create_instance(raw_rule) # different type
# with self.assertRaises(AppArmorBug):
# obj.is_equal(testobj)

17
utils/test/test-alias.py
View File

@@ -17,7 +17,6 @@ import unittest
from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.rule import BaseRule
from apparmor.rule.alias import AliasRule, AliasRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -218,18 +217,22 @@ class AliasCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
obj = AliasRule.create_instance('alias /foo -> /bar,')
testobj = BaseRule() # different type
raw_rule = 'alias /foo -> /bar,'
class SomeOtherClass(AliasRule):
pass
obj = AliasRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = AliasRule.create_instance('alias /foo -> /bar,')
testobj = BaseRule() # different type
raw_rule = 'alias /foo -> /bar,'
class SomeOtherClass(AliasRule):
pass
obj = AliasRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

57
utils/test/test-baserule.py
View File

@@ -19,6 +19,35 @@ from common_test import AATest, setup_all_loops
class TestBaserule(AATest):
class ValidSubclass(BaseRule):
@classmethod
def _match(cls, raw_rule): pass
@classmethod
def _create_instance(cls, raw_rule): pass
def get_clean(self, depth=0): pass
def is_covered_localvars(self, other_rule): pass
def is_equal_localvars(self, other_rule, strict): pass
def logprof_header_localvars(self): pass
def test_implemented_abstract_methods(self):
self.ValidSubclass()
def test_unimplemented_abstract_methods(self):
with self.assertRaises(TypeError):
BaseRule()
class InvalidSubclass(BaseRule):
pass
with self.assertRaises(TypeError):
InvalidSubclass()
def test_abstract__create_instance(self):
with self.assertRaises(NotImplementedError):
BaseRule._create_instance('foo')
@@ -35,21 +64,6 @@ class TestBaserule(AATest):
with self.assertRaises(NotImplementedError):
BaseRule.match('foo')
def test_abstract_get_clean(self):
obj = BaseRule()
with self.assertRaises(NotImplementedError):
obj.get_clean()
def test_is_equal_localvars(self):
obj = BaseRule()
with self.assertRaises(NotImplementedError):
obj.is_equal_localvars(BaseRule(), False)
def test_is_covered_localvars(self):
obj = BaseRule()
with self.assertRaises(NotImplementedError):
obj.is_covered_localvars(None)
def test_parse_modifiers_invalid(self):
regex = re.compile('^\s*(?P<audit>audit\s+)?(?P<allow>allow\s+|deny\s+|invalid\s+)?')
matches = regex.search('audit invalid ')
@@ -59,27 +73,22 @@ class TestBaserule(AATest):
def test_default_severity(self):
sev_db = severity.Severity('../severity.db', 'unknown')
obj = BaseRule()
obj = self.ValidSubclass()
rank = obj.severity(sev_db)
self.assertEqual(rank, sev_db.NOT_IMPLEMENTED)
def test_logprof_header_localvars(self):
obj = BaseRule()
with self.assertRaises(NotImplementedError):
obj.logprof_header_localvars()
def test_edit_header_localvars(self):
obj = BaseRule()
obj = self.ValidSubclass()
with self.assertRaises(NotImplementedError):
obj.edit_header()
def test_validate_edit_localvars(self):
obj = BaseRule()
obj = self.ValidSubclass()
with self.assertRaises(NotImplementedError):
obj.validate_edit('/foo')
def test_store_edit_localvars(self):
obj = BaseRule()
obj = self.ValidSubclass()
with self.assertRaises(NotImplementedError):
obj.store_edit('/foo')

17
utils/test/test-boolean.py
View File

@@ -17,7 +17,6 @@ import unittest
from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.rule import BaseRule
from apparmor.rule.boolean import BooleanRule, BooleanRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -227,18 +226,22 @@ class BooleanCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
obj = BooleanRule.create_instance('$foo = true')
testobj = BaseRule() # different type
raw_rule = '$foo = true'
class SomeOtherClass(BooleanRule):
pass
obj = BooleanRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = BooleanRule.create_instance('$foo = true')
testobj = BaseRule() # different type
raw_rule = '$foo = true'
class SomeOtherClass(BooleanRule):
pass
obj = BooleanRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-capability.py
View File

@@ -18,7 +18,6 @@ import unittest
import apparmor.severity as severity
from apparmor.common import AppArmorBug, AppArmorException, hasher
from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.capability import CapabilityRule, CapabilityRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -393,10 +392,12 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'deny capability,'))
def test_invalid_is_covered(self):
obj = CapabilityRule.create_instance('capability sys_admin,')
testobj = BaseRule() # different type
raw_rule = 'capability sys_admin,'
class SomeOtherClass(CapabilityRule):
pass
obj = CapabilityRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
@@ -410,10 +411,12 @@ class CapabilityCoveredTest(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = CapabilityRule.create_instance('capability sys_admin,')
testobj = BaseRule() # different type
raw_rule = 'capability sys_admin,'
class SomeOtherClass(CapabilityRule):
pass
obj = CapabilityRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-change_profile.py
View File

@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.change_profile import ChangeProfileRule, ChangeProfileRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -378,18 +377,22 @@ class ChangeProfileCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = ChangeProfileRule.create_instance('change_profile /foo,')
testobj = BaseRule() # different type
raw_rule = 'change_profile /foo,'
class SomeOtherClass(ChangeProfileRule):
pass
obj = ChangeProfileRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = ChangeProfileRule.create_instance('change_profile -> /bar,')
testobj = BaseRule() # different type
raw_rule = 'change_profile -> /bar,'
class SomeOtherClass(ChangeProfileRule):
pass
obj = ChangeProfileRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-dbus.py
View File

@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.dbus import DbusRule, DbusRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -767,18 +766,22 @@ class DbusCoveredTest_Invalid(AATest):
self.obj.is_covered(self.testobj)
def test_invalid_is_covered(self):
obj = DbusRule.create_instance('dbus send,')
testobj = BaseRule() # different type
raw_rule = 'dbus send,'
class SomeOtherClass(DbusRule):
pass
obj = DbusRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = DbusRule.create_instance('dbus send,')
testobj = BaseRule() # different type
raw_rule = 'dbus send,'
class SomeOtherClass(DbusRule):
pass
obj = DbusRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-file.py
View File

@@ -19,7 +19,6 @@ from collections import namedtuple
import apparmor.severity as severity
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.file import FileRule, FileRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -791,18 +790,22 @@ class FileCoveredTest_ManualOrInvalid(AATest):
self.obj.is_covered(self.testobj)
def test_invalid_is_covered(self):
obj = FileRule.create_instance('file,')
testobj = BaseRule() # different type
raw_rule = 'file,'
class SomeOtherClass(FileRule):
pass
obj = FileRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = FileRule.create_instance('file,')
testobj = BaseRule() # different type
raw_rule = 'file,'
class SomeOtherClass(FileRule):
pass
obj = FileRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

18
utils/test/test-include.py
View File

@@ -19,8 +19,6 @@ import unittest
from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
# from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.include import IncludeRule, IncludeRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops, write_file
@@ -298,18 +296,22 @@ class IncludeCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = IncludeRule.create_instance('include <abstractions/base>')
testobj = BaseRule() # different type
raw_rule = 'include <abstractions/base>'
class SomeOtherClass(IncludeRule):
pass
obj = IncludeRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = IncludeRule.create_instance('include <abstractions/base>')
testobj = BaseRule() # different type
raw_rule = 'include <abstractions/base>'
class SomeOtherClass(IncludeRule):
pass
obj = IncludeRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-network.py
View File

@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException, cmd
from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.network import NetworkRule, NetworkRuleset, network_domain_keywords
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -370,18 +369,22 @@ class NetworkCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = NetworkRule.create_instance('network inet,')
testobj = BaseRule() # different type
raw_rule = 'network inet,'
class SomeOtherClass(NetworkRule):
pass
obj = NetworkRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = NetworkRule.create_instance('network inet,')
testobj = BaseRule() # different type
raw_rule = 'network inet,'
class SomeOtherClass(NetworkRule):
pass
obj = NetworkRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-ptrace.py
View File

@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.ptrace import PtraceRule, PtraceRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -455,18 +454,22 @@ class PtraceCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = PtraceRule.create_instance('ptrace read,')
testobj = BaseRule() # different type
raw_rule = 'ptrace read,'
class SomeOtherClass(PtraceRule):
pass
obj = PtraceRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal_1(self):
obj = PtraceRule.create_instance('ptrace read,')
testobj = BaseRule() # different type
raw_rule = 'ptrace read,'
class SomeOtherClass(PtraceRule):
pass
obj = PtraceRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-rlimit.py
View File

@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
# from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.rlimit import RlimitRule, RlimitRuleset, split_unit
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -354,18 +353,22 @@ class RlimitCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = BaseRule() # different type
raw_rule = 'set rlimit cpu <= 1024,'
class SomeOtherClass(RlimitRule):
pass
obj = RlimitRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = BaseRule() # different type
raw_rule = 'set rlimit cpu <= 1024,'
class SomeOtherClass(RlimitRule):
pass
obj = RlimitRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-signal.py
View File

@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.logparser import ReadLog
from apparmor.rule import BaseRule
from apparmor.rule.signal import SignalRule, SignalRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -526,18 +525,22 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
obj = SignalRule.create_instance('signal send,')
testobj = BaseRule() # different type
raw_rule = 'signal send,'
class SomeOtherClass(SignalRule):
pass
obj = SignalRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = SignalRule.create_instance('signal send,')
testobj = BaseRule() # different type
raw_rule = 'signal send,'
class SomeOtherClass(SignalRule):
pass
obj = SignalRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)

17
utils/test/test-variable.py
View File

@@ -18,7 +18,6 @@ from collections import namedtuple
from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.rule import BaseRule
from apparmor.rule.variable import VariableRule, VariableRuleset, separate_vars
from apparmor.translations import init_translation
@@ -298,18 +297,22 @@ class VariableCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
obj = VariableRule.create_instance('@{foo} = /bar')
testobj = BaseRule() # different type
raw_rule = '@{foo} = /bar'
class SomeOtherClass(VariableRule):
pass
obj = VariableRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
obj = VariableRule.create_instance('@{foo} = /bar')
testobj = BaseRule() # different type
raw_rule = '@{foo} = /bar'
class SomeOtherClass(VariableRule):
pass
obj = VariableRule.create_instance(raw_rule)
testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)