mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity

Merge utils test cleanup

Browse Source 
Various test cleanups, see the individual commits for details.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1717
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Approved-by: Ryan Lee <rlee287@yahoo.com>
Merged-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
Christian Boltz
2025-06-16 19:31:40 +00:00
parent a606397417 f977530f39
commit c35d5eb6b2
3 changed files with 34 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
utils/test/test-capability.py
View File

@@ -1,6 +1,6 @@
#!/usr/bin/python3 #!/usr/bin/python3
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Copyright (C) 2014 Christian Boltz <apparmor@cboltz.de> # Copyright (C) 2014-2025 Christian Boltz <apparmor@cboltz.de>
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -240,21 +240,21 @@ class CapabilityTest(AATest):
}) })
class CapabilityTestParseInvalid(AATest):
tests = (
# rule exception, matches regex?
('capability', (AppArmorException, False)), # missing comma
('network,', (AppArmorException, False)), # not a capability rule
)
def _run_test(self, rawrule, expected):
exp_exception, matches_regex = expected
self.assertEqual(matches_regex, CapabilityRule.match(rawrule)) # does the invalid rules still match the main regex?
with self.assertRaises(exp_exception):
CapabilityRule.create_instance(rawrule)
class InvalidCapabilityTest(AATest): class InvalidCapabilityTest(AATest):
def _check_invalid_rawrule(self, rawrule):
obj = None
with self.assertRaises(AppArmorException):
obj = CapabilityRule.create_instance(rawrule)
self.assertFalse(CapabilityRule.match(rawrule))
self.assertIsNone(obj, 'CapbilityRule handed back an object unexpectedly')
def test_invalid_cap_missing_comma(self):
self._check_invalid_rawrule('capability') # missing comma
def test_invalid_cap_non_CapabilityRule(self):
self._check_invalid_rawrule('network,') # not a capability rule
def test_empty_cap_set(self): def test_empty_cap_set(self):
obj = CapabilityRule('chown') obj = CapabilityRule('chown')
obj.capability.clear() obj.capability.clear()

38
utils/test/test-change_profile.py
View File

@@ -1,6 +1,6 @@
#!/usr/bin/python3 #!/usr/bin/python3
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Copyright (C) 2015 Christian Boltz <apparmor@cboltz.de> # Copyright (C) 2015-2025 Christian Boltz <apparmor@cboltz.de>
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -84,15 +84,19 @@ class ChangeProfileTestParse(ChangeProfileTest):
class ChangeProfileTestParseInvalid(ChangeProfileTest): class ChangeProfileTestParseInvalid(ChangeProfileTest):
tests = ( tests = (
('change_profile -> ,', AppArmorException), # rule exception, matches regex?
('change_profile foo -> ,', AppArmorException), ('change_profile', (AppArmorException, False)), # missing comma
('change_profile notsafe,', AppArmorException), ('dbus,', (AppArmorException, False)), # not a change_profile rule
('change_profile safety -> /bar,', AppArmorException), ('change_profile -> ,', (AppArmorException, False)),
('change_profile foo -> ,', (AppArmorException, False)),
('change_profile notsafe,', (AppArmorException, False)),
('change_profile safety -> /bar,', (AppArmorException, False)),
) )
def _run_test(self, rawrule, expected): def _run_test(self, rawrule, expected):
self.assertFalse(ChangeProfileRule.match(rawrule)) exp_exception, matches_regex = expected
with self.assertRaises(expected): self.assertEqual(matches_regex, ChangeProfileRule.match(rawrule)) # does the invalid rules still match the main regex?
with self.assertRaises(exp_exception):
ChangeProfileRule.create_instance(rawrule) ChangeProfileRule.create_instance(rawrule)
@@ -182,24 +186,14 @@ class InvalidChangeProfileInit(AATest):
def test_missing_params_2(self): def test_missing_params_2(self):
with self.assertRaises(TypeError): with self.assertRaises(TypeError):
ChangeProfileRule('inet') ChangeProfileRule(None)
def test_missing_params_3(self):
with self.assertRaises(TypeError):
ChangeProfileRule(None, ChangeProfileRule.ALL)
class InvalidChangeProfileTest(AATest): class InvalidChangeProfileTest(AATest):
def _check_invalid_rawrule(self, rawrule):
obj = None
self.assertFalse(ChangeProfileRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = ChangeProfileRule.create_instance(rawrule)
self.assertIsNone(obj, 'ChangeProfileRule handed back an object unexpectedly')
def test_invalid_net_missing_comma(self):
self._check_invalid_rawrule('change_profile') # missing comma
def test_invalid_net_non_ChangeProfileRule(self):
self._check_invalid_rawrule('dbus,') # not a change_profile rule
def test_empty_net_data_1(self): def test_empty_net_data_1(self):
obj = ChangeProfileRule(None, '/foo', '/bar') obj = ChangeProfileRule(None, '/foo', '/bar')
obj.execcond = '' obj.execcond = ''

13
utils/test/test-mount.py
View File

@@ -1,6 +1,7 @@
#!/usr/bin/python3 #!/usr/bin/python3
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Copyright (C) 2024 Canonical, Ltd. # Copyright (C) 2024 Canonical, Ltd.
# Copyright (C) 2025 Christian Boltz <apparmor@cboltz.de>
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -123,6 +124,8 @@ class MountTestParseInvalid(AATest):
('mount options=(),', AppArmorException), ('mount options=(),', AppArmorException),
('mount option=(invalid),', AppArmorException), ('mount option=(invalid),', AppArmorException),
('mount option=(ext3ext4),', AppArmorException), ('mount option=(ext3ext4),', AppArmorException),
('mount fstype=({unclosed_regex),', AppArmorException), # invalid AARE
('mount fstype=({closed}twice}),', AppArmorException), # invalid AARE
) )
def _run_test(self, rawrule, expected): def _run_test(self, rawrule, expected):
@@ -144,16 +147,6 @@ class MountTestParseInvalid(AATest):
with self.assertRaises(AppArmorBug): with self.assertRaises(AppArmorBug):
MountRule('mount', ('ext3', 'ext4'), MountRule.ALL, MountRule.ALL, MountRule.ALL) # fstype[0] should be '=' or 'in' MountRule('mount', ('ext3', 'ext4'), MountRule.ALL, MountRule.ALL, MountRule.ALL) # fstype[0] should be '=' or 'in'
def test_diff_invalid_fstype_aare(self):
tests = [
'mount fstype=({unclosed_regex),',
'mount fstype=({closed}twice}),',
]
for t in tests:
with self.assertRaises(AppArmorException):
MountRule.create_instance(t)
def test_diff_invalid_fstype_aare_2(self): def test_diff_invalid_fstype_aare_2(self):
fslists = [ fslists = [
['invalid_{_regex'], ['invalid_{_regex'],