mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 13:58:22 +00:00
utils: move tests for invalid priority to test-*
... instead of having them in test-modifiers.py for all rule types Also add a few additional tests while on it.
This commit is contained in:
Christian Boltz
parent
83e9be1035
commit
a13d8cfffb
@ -48,6 +48,7 @@ class AllTestParse(AllTest):
|
||||
('deny all, # comment', exp(False, False, True, ' # comment')),
|
||||
('audit allow all,', exp(True, True, False, '')),
|
||||
('audit allow all,', exp(True, True, False, '')),
|
||||
('priority=-1 all,', exp(False, False, False, '')),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -69,6 +70,14 @@ class AllTestParseInvalid(AllTest):
|
||||
with self.assertRaises(expected):
|
||||
AllRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
AllRule.create_instance('priority=a all,')
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
AllRule.create_instance('priority=1042 all,')
|
||||
|
||||
|
||||
# we won't ever support converting a log event to an 'all,' rule
|
||||
# class AllTestParseFromLog(AllTest):
|
||||
@ -84,6 +93,14 @@ class AllFromInit(AllTest):
|
||||
def _run_test(self, obj, expected):
|
||||
self._compare_obj(obj, expected)
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
AllRule(priority=AllRule)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
AllRule(priority='invalid')
|
||||
|
||||
|
||||
# no localvars -> no way to hand over invalid values, or to miss a required parameter
|
||||
# class InvalidAllInit(AATest):
|
||||
|
||||
@ -245,6 +245,8 @@ class CapabilityTestParseInvalid(AATest):
|
||||
# rule exception, matches regex?
|
||||
('capability', (AppArmorException, False)), # missing comma
|
||||
('network,', (AppArmorException, False)), # not a capability rule
|
||||
('priority=1042 capability,', (AppArmorException, True)),
|
||||
('priority=a capability,', (AppArmorException, False)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -286,6 +288,14 @@ class InvalidCapabilityTest(AATest):
|
||||
with self.assertRaises(AppArmorBug):
|
||||
CapabilityRule(dict())
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
CapabilityRule(CapabilityRule.ALL, priority=CapabilityRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
CapabilityRule(CapabilityRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class WriteCapabilityTest(AATest):
|
||||
def _check_write_rule(self, rawrule, cleanrule):
|
||||
|
||||
@ -91,6 +91,8 @@ class ChangeProfileTestParseInvalid(ChangeProfileTest):
|
||||
('change_profile foo -> ,', (AppArmorException, False)),
|
||||
('change_profile notsafe,', (AppArmorException, False)),
|
||||
('change_profile safety -> /bar,', (AppArmorException, False)),
|
||||
('priority=-1042 change_profile,', (AppArmorException, True)),
|
||||
('priority=a change_profile,', (AppArmorException, False)),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -192,6 +194,14 @@ class InvalidChangeProfileInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
ChangeProfileRule(None, ChangeProfileRule.ALL)
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
ChangeProfileRule(None, ChangeProfileRule.ALL, '/bar', priority=ChangeProfileRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
ChangeProfileRule(None, ChangeProfileRule.ALL, '/bar', priority='invalid')
|
||||
|
||||
|
||||
class InvalidChangeProfileTest(AATest):
|
||||
def test_empty_net_data_1(self):
|
||||
|
||||
@ -120,6 +120,7 @@ class DbusTestParseInvalid(DbusTest):
|
||||
('dbus peer=,', AppArmorException),
|
||||
('dbus bus=session bind bus=system,', AppArmorException),
|
||||
('dbus bus=1 bus=2 bus=3 bus=4 bus=5 bus=6 bus=7,', AppArmorException),
|
||||
('priority=1042 dbus,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -127,6 +128,10 @@ class DbusTestParseInvalid(DbusTest):
|
||||
with self.assertRaises(expected):
|
||||
DbusRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
DbusRule.create_instance('priority=a dbus,')
|
||||
|
||||
|
||||
class DbusTestParseFromLog(DbusTest):
|
||||
def test_dbus_from_log(self):
|
||||
@ -275,6 +280,14 @@ class InvalidDbusInit(AATest):
|
||||
with self.assertRaises(expected):
|
||||
DbusRule(*params)
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
DbusRule(DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, priority=DbusRule.ALL) # invalid priority ALL
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
DbusRule(DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, priority='invalid') # invalid priority (text)
|
||||
|
||||
def test_missing_params_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
DbusRule('send')
|
||||
|
||||
@ -122,6 +122,7 @@ class FileTestParseInvalid(FileTest):
|
||||
('/foo PxUx,', AppArmorException), # exec mode conflict
|
||||
('/foo PUxPix,', AppArmorException), # exec mode conflict
|
||||
('/foo Pi,', AppArmorException), # missing 'x'
|
||||
('priority=-1042 file,', AppArmorException), # priority must be a number
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -129,6 +130,10 @@ class FileTestParseInvalid(FileTest):
|
||||
with self.assertRaises(expected):
|
||||
FileRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
FileRule.create_instance('priority=a file,')
|
||||
|
||||
|
||||
class FileTestNonMatch(AATest):
|
||||
tests = (
|
||||
@ -299,6 +304,14 @@ class InvalidFileInit(AATest):
|
||||
with self.assertRaises(AppArmorException):
|
||||
FileRule('/foo', 'rw', 'ix', '/bar', False, False, False, deny=True)
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
FileRule('/foo', '', 'ix', '/bar', False, False, False, priority=FileRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
FileRule('/foo', '', 'ix', '/bar', False, False, False, priority='invalid')
|
||||
|
||||
|
||||
class InvalidFileTest(AATest):
|
||||
def _check_invalid_rawrule(self, rawrule):
|
||||
|
||||
@ -52,6 +52,7 @@ class IOUringTestParseInvalid(AATest):
|
||||
('io_uring label=,', AppArmorException),
|
||||
('io_uring invalidaccess label=foo,', AppArmorException),
|
||||
('io_uring sqpoll label=,', AppArmorException),
|
||||
('priority=1042 io_uring,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -59,6 +60,10 @@ class IOUringTestParseInvalid(AATest):
|
||||
with self.assertRaises(expected):
|
||||
IOUringRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
IOUringRule.create_instance('priority=a io_uring,')
|
||||
|
||||
def test_parse_fail(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
IOUringRule.create_instance('foo,')
|
||||
@ -106,6 +111,14 @@ class InvalidIOUringInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
IOUringRule('override_creds')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
IOUringRule(IOUringRule.ALL, IOUringRule.ALL, priority=IOUringRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
IOUringRule(IOUringRule.ALL, IOUringRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class WriteIOUringTestAATest(AATest):
|
||||
tests = (
|
||||
|
||||
@ -1,90 +0,0 @@
|
||||
#! /usr/bin/python3
|
||||
# ------------------------------------------------------------------
|
||||
#
|
||||
# Copyright (C) 2025 Canonical Ltd.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of version 2 of the GNU General Public
|
||||
# License as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
import unittest
|
||||
|
||||
from apparmor.common import AppArmorException
|
||||
from apparmor.rule.capability import CapabilityRule
|
||||
from apparmor.rule.change_profile import ChangeProfileRule
|
||||
from apparmor.rule.dbus import DbusRule
|
||||
from apparmor.rule.file import FileRule
|
||||
from apparmor.rule.io_uring import IOUringRule
|
||||
from apparmor.rule.mount import MountRule
|
||||
from apparmor.rule.mqueue import MessageQueueRule
|
||||
from apparmor.rule.network import NetworkRule
|
||||
from apparmor.rule.pivot_root import PivotRootRule
|
||||
from apparmor.rule.ptrace import PtraceRule
|
||||
from apparmor.rule.signal import SignalRule
|
||||
from apparmor.rule.unix import UnixRule
|
||||
from apparmor.rule.userns import UserNamespaceRule
|
||||
from apparmor.rule.all import AllRule
|
||||
from common_test import AATest, setup_all_loops
|
||||
|
||||
|
||||
class TestInvalid_parse_priority(AATest):
|
||||
tests = (
|
||||
((CapabilityRule, 'priority=a capability,'), AppArmorException),
|
||||
((DbusRule, 'priority=a dbus,'), AppArmorException),
|
||||
((MountRule, 'priority=a mount,'), AppArmorException),
|
||||
((MountRule, 'priority=a umount,'), AppArmorException),
|
||||
((MountRule, 'priority=a unmount,'), AppArmorException),
|
||||
((MountRule, 'priority=a remount,'), AppArmorException),
|
||||
((SignalRule, 'priority=a signal,'), AppArmorException),
|
||||
((PtraceRule, 'priority=a ptrace,'), AppArmorException),
|
||||
((PivotRootRule, 'priority=a pivot_root,'), AppArmorException),
|
||||
((UnixRule, 'priority=a unix,'), AppArmorException),
|
||||
((NetworkRule, 'priority=a network,'), AppArmorException),
|
||||
((UserNamespaceRule, 'priority=a userns,'), AppArmorException),
|
||||
((MessageQueueRule, 'priority=a mqueue,'), AppArmorException),
|
||||
((IOUringRule, 'priority=a io_uring,'), AppArmorException),
|
||||
((ChangeProfileRule, 'priority=a change_profile,'), AppArmorException),
|
||||
((FileRule, 'priority=a file,'), AppArmorException),
|
||||
((AllRule, 'priority=a all,'), AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, params, expected):
|
||||
rule_cls, rule = params
|
||||
with self.assertRaises(expected):
|
||||
rule_cls.create_instance(rule) # Invalid rule
|
||||
|
||||
|
||||
class TestInvalid_init_priority(AATest):
|
||||
tests = (
|
||||
((CapabilityRule, (CapabilityRule.ALL,)), AppArmorException),
|
||||
((DbusRule, (DbusRule.ALL,) * 8), AppArmorException),
|
||||
((MountRule, (MountRule.ALL,) * 5), AppArmorException),
|
||||
((SignalRule, (SignalRule.ALL,) * 3), AppArmorException),
|
||||
((PtraceRule, (PtraceRule.ALL,) * 2), AppArmorException),
|
||||
((PivotRootRule, (PivotRootRule.ALL,) * 3), AppArmorException),
|
||||
((UnixRule, (UnixRule.ALL,) * 4), AppArmorException),
|
||||
((NetworkRule, (NetworkRule.ALL,) * 5), AppArmorException),
|
||||
((UserNamespaceRule, (UserNamespaceRule.ALL,) * 1), AppArmorException),
|
||||
((MessageQueueRule, (MessageQueueRule.ALL,) * 4), AppArmorException),
|
||||
((IOUringRule, (IOUringRule.ALL,) * 2), AppArmorException),
|
||||
((ChangeProfileRule, (ChangeProfileRule.ALL,) * 3), AppArmorException),
|
||||
((FileRule, (FileRule.ALL,) * 5), AppArmorException),
|
||||
((AllRule, ()), AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, params, expected):
|
||||
rule_cls, args = params
|
||||
with self.assertRaises(expected):
|
||||
rule_cls(*args, priority="invalid") # ValueError
|
||||
|
||||
|
||||
setup_all_loops(__name__)
|
||||
if __name__ == '__main__':
|
||||
unittest.main(verbosity=1)
|
||||
@ -124,6 +124,7 @@ class MountTestParseInvalid(AATest):
|
||||
('mount options=(),', AppArmorException),
|
||||
('mount option=(invalid),', AppArmorException),
|
||||
('mount option=(ext3ext4),', AppArmorException),
|
||||
('priority=-1042 umount,', AppArmorException),
|
||||
('mount fstype=({unclosed_regex),', AppArmorException), # invalid AARE
|
||||
('mount fstype=({closed}twice}),', AppArmorException), # invalid AARE
|
||||
)
|
||||
@ -137,6 +138,19 @@ class MountTestParseInvalid(AATest):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MountRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
for keyword in ['mount', 'umount', 'unmount', 'remount']:
|
||||
with self.assertRaises(AppArmorException):
|
||||
MountRule.create_instance('priority=a %s,' % keyword)
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
MountRule('mount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL, priority=MountRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MountRule('mount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL, priority='invalid')
|
||||
|
||||
def test_diff_non_mountrule(self):
|
||||
exp = namedtuple('exp', ('audit', 'deny', 'priority'))
|
||||
obj = MountRule('mount', ('=', ['ext4']), MountRule.ALL, MountRule.ALL, MountRule.ALL)
|
||||
|
||||
@ -65,6 +65,7 @@ class MessageQueueTestParseInvalid(AATest):
|
||||
('mqueue type=,', AppArmorException),
|
||||
('mqueue type=sysv /foo,', AppArmorException),
|
||||
('mqueue type=posix 1234,', AppArmorException),
|
||||
('priority=-1042 mqueue,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -76,6 +77,10 @@ class MessageQueueTestParseInvalid(AATest):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MessageQueueRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MessageQueueRule.create_instance('priority=a mqueue,')
|
||||
|
||||
def test_diff_non_mqueuerule(self):
|
||||
exp = namedtuple('exp', ('audit', 'deny', 'priority'))
|
||||
obj = MessageQueueRule(('open'), 'posix', 'bar', '/foo')
|
||||
@ -145,6 +150,14 @@ class InvalidMessageQueueInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
MessageQueueRule('r', 'sysv', 'foo')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
MessageQueueRule(MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, priority=MessageQueueRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
MessageQueueRule(MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class WriteMessageQueueTestAATest(AATest):
|
||||
tests = (
|
||||
|
||||
@ -129,6 +129,7 @@ class NetworkTestParseInvalid(NetworkTest):
|
||||
('network inet peer=(ip=1:2:3:4:5:6:7:8:9:0:0:0),', AppArmorException), # too many segments
|
||||
('network packet ip=1::,', AppArmorException), # Only inet[6] domains can be used in conjunction with a local expression
|
||||
('network packet peer=(ip=1::),', AppArmorException), # Only inet[6] domains can be used in conjunction with a peer expression
|
||||
('priority=-1042 network,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -136,6 +137,10 @@ class NetworkTestParseInvalid(NetworkTest):
|
||||
with self.assertRaises(expected):
|
||||
NetworkRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
NetworkRule.create_instance('priority=a network,')
|
||||
|
||||
|
||||
class NetworkTestParseFromLog(NetworkTest):
|
||||
def test_net_from_log(self):
|
||||
@ -235,6 +240,14 @@ class InvalidNetworkInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
NetworkRule('inet')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
NetworkRule(NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, priority=NetworkRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
NetworkRule(NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class InvalidNetworkTest(AATest):
|
||||
def _check_invalid_rawrule(self, rawrule):
|
||||
|
||||
@ -91,6 +91,7 @@ class PivotRootTestParseInvalid(PivotRootTest):
|
||||
('pivot_root foo bar,', AppArmorException),
|
||||
('pivot_root oldroot= ,', AppArmorException),
|
||||
('pivot_root -> ,', AppArmorException),
|
||||
('priority=-1042 pivot_root,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -98,6 +99,10 @@ class PivotRootTestParseInvalid(PivotRootTest):
|
||||
with self.assertRaises(expected):
|
||||
PivotRootRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
PivotRootRule.create_instance('priority=a pivot_root,')
|
||||
|
||||
def test_invalid_rule_name(self):
|
||||
self.assertFalse(PivotRootRule.match('pivot_rootbeer,'))
|
||||
with self.assertRaises(AppArmorException):
|
||||
@ -201,6 +206,14 @@ class InvalidPivotRootInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
PivotRootRule('/foo', '/bar')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
PivotRootRule(PivotRootRule.ALL, PivotRootRule.ALL, PivotRootRule.ALL, priority=PivotRootRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
PivotRootRule(PivotRootRule.ALL, PivotRootRule.ALL, PivotRootRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class InvalidPivotRootTest(AATest):
|
||||
def _check_invalid_rawrule(self, rawrule):
|
||||
|
||||
@ -80,6 +80,7 @@ class PtraceTestParseInvalid(PtraceTest):
|
||||
('ptrace read bar,', AppArmorException),
|
||||
('ptrace read tracedby,', AppArmorException),
|
||||
('ptrace peer=,', AppArmorException),
|
||||
('priority=1042 ptrace,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -87,6 +88,10 @@ class PtraceTestParseInvalid(PtraceTest):
|
||||
with self.assertRaises(expected):
|
||||
PtraceRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
PtraceRule.create_instance('priority=a ptrace,')
|
||||
|
||||
|
||||
class PtraceTestParseFromLog(PtraceTest):
|
||||
def test_ptrace_from_log(self):
|
||||
@ -191,6 +196,14 @@ class InvalidPtraceInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
PtraceRule('r')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
PtraceRule(PtraceRule.ALL, PtraceRule.ALL, priority=PtraceRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
PtraceRule(PtraceRule.ALL, PtraceRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class InvalidPtraceTest(AATest):
|
||||
def _check_invalid_rawrule(self, rawrule):
|
||||
|
||||
@ -84,6 +84,7 @@ class SignalTestParseInvalid(SignalTest):
|
||||
('signal set=int set=,', AppArmorException),
|
||||
('signal set=invalid,', AppArmorException),
|
||||
('signal peer=,', AppArmorException),
|
||||
('priority=-1042 signal,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -91,6 +92,10 @@ class SignalTestParseInvalid(SignalTest):
|
||||
with self.assertRaises(expected):
|
||||
SignalRule.create_instance(rawrule)
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
SignalRule.create_instance('priority=a signal,')
|
||||
|
||||
|
||||
class SignalTestParseFromLog(SignalTest):
|
||||
def test_signal_from_log(self):
|
||||
@ -204,6 +209,14 @@ class InvalidSignalInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
SignalRule('r', 'int')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
SignalRule(SignalRule.ALL, SignalRule.ALL, priority=SignalRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
SignalRule(SignalRule.ALL, SignalRule.ALL, SignalRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class InvalidSignalTest(AATest):
|
||||
def _check_invalid_rawrule(self, rawrule):
|
||||
|
||||
@ -69,6 +69,7 @@ class UnixTestParseInvalid(AATest):
|
||||
tests = (
|
||||
('unix invalid,', AppArmorException),
|
||||
('unix (invalid),', AppArmorException),
|
||||
('priority=1042 unix,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -80,6 +81,18 @@ class UnixTestParseInvalid(AATest):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UnixRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UnixRule.create_instance('priority=a unix,')
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '', priority=UnixRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '', priority='invalid')
|
||||
|
||||
def test_invalid_key(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UnixRule('send', UnixRule.ALL, {'invalid': 'whatever'}, UnixRule.ALL, False, False, False, '')
|
||||
|
||||
@ -47,6 +47,7 @@ class UserNamespaceTestParse(AATest):
|
||||
class UserNamespaceTestParseInvalid(AATest):
|
||||
tests = (
|
||||
('userns invalidaccess,', AppArmorException),
|
||||
('priority=1042 userns,', AppArmorException),
|
||||
)
|
||||
|
||||
def _run_test(self, rawrule, expected):
|
||||
@ -58,6 +59,10 @@ class UserNamespaceTestParseInvalid(AATest):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UserNamespaceRule.create_instance('foo,')
|
||||
|
||||
def test_invalid_priority(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UserNamespaceRule.create_instance('priority=a userns,')
|
||||
|
||||
def test_diff_non_usernsrule(self):
|
||||
exp = namedtuple('exp', ('audit', 'deny', 'priority'))
|
||||
obj = UserNamespaceRule(('create'))
|
||||
@ -88,6 +93,14 @@ class InvalidUserNamespaceInit(AATest):
|
||||
with self.assertRaises(TypeError):
|
||||
UserNamespaceRule()
|
||||
|
||||
def test_invalid_priority_1(self):
|
||||
with self.assertRaises(TypeError):
|
||||
UserNamespaceRule(UserNamespaceRule.ALL, priority=UserNamespaceRule.ALL)
|
||||
|
||||
def test_invalid_priority_2(self):
|
||||
with self.assertRaises(AppArmorException):
|
||||
UserNamespaceRule(UserNamespaceRule.ALL, priority='invalid')
|
||||
|
||||
|
||||
class WriteUserNamespaceTestAATest(AATest):
|
||||
tests = (
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user