def test_bin(self):
xproto = \
"""
policy output < ctx.is_admin = True | obj.empty = True>
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(
output
) # This loads the generated function, which should look like this:
"""
def output_security_check(obj, ctx):
i2 = (ctx.is_admin == True)
i3 = (obj.empty == True)
i1 = (i2 or i3)
return i1
"""
obj = FakeArgs()
obj.empty = True
ctx = FakeArgs()
ctx.is_admin = True
verdict = output_security_check(obj, ctx)
self.assertTrue(verdict)
def test_bin(self):
xproto = \
"""
policy output < (ctx.is_admin = True | obj.empty = True) | False>
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output) # This loads the generated function, which should look like this:
"""
def policy_output_validator(obj, ctx):
i2 = (ctx.is_admin == True)
i3 = (obj.empty == True)
i1 = (i2 or i3)
if (not i1):
raise Exception('Necessary Failure')
"""
obj = FakeArgs()
obj.empty = False
ctx = FakeArgs()
ctx.is_admin = False
with self.assertRaises(Exception):
verdict = policy_output_validator(obj, ctx)
def test_bin(self):
xproto = \
"""
policy output < ctx.is_admin = True | obj.empty = True>
"""
args = FakeArgs()
args.inputs = xproto
args.target = self.target
output = XOSGenerator.generate(args)
exec(output) # This loads the generated function, which should look like this:
"""
def policy_output_enforcer(obj, ctx):
i2 = (ctx.is_admin == True)
i3 = (obj.empty == True)
i1 = (i2 or i3)
return i1
"""
obj = FakeArgs()
obj.empty = True
ctx = FakeArgs()
ctx.is_admin = True
verdict = policy_output_enforcer(obj, ctx)
self.assertTrue(verdict)
def test_bin(self):
xproto = \
"""
policy slice_admin < slice.is_admin | obj.empty >
"""
target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.slice_admin }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.is_admin = False
obj = FakeArgs()
obj.empty = []
(op, operands), = eval(output).items()
expr = op.join(operands).replace('|',' or ')
self.assertFalse(eval(expr))
def test_implies(self):
xproto = \
"""
policy implies < obj.name -> obj.creator >
"""
target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.implies }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.is_admin = False
obj = FakeArgs()
obj.name = 'Thing 1'
obj.creator = None
(op, operands), = eval(output).items()
expr = 'not ' + op.join(operands).replace('->',' or ')
self.assertFalse(eval(expr))
def test_bin(self):
xproto = \
"""
policy slice_admin < slice.is_admin | obj.empty >
"""
target = XProtoTestHelpers.write_tmp_target(
"{{ proto.policies.slice_admin }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.is_admin = False
obj = FakeArgs()
obj.empty = []
(op, operands), = eval(output).items()
expr = op.join(operands).replace('|', ' or ')
self.assertFalse(eval(expr))
def test_implies(self):
xproto = \
"""
policy implies < obj.name -> obj.creator >
"""
target = XProtoTestHelpers.write_tmp_target(
"{{ proto.policies.implies }}")
args = FakeArgs()
args.inputs = xproto
args.target = target
output = XOSGenerator.generate(args)
slice = FakeArgs()
slice.is_admin = False
obj = FakeArgs()
obj.name = 'Thing 1'
obj.creator = None
(op, operands), = eval(output).items()
expr = 'not ' + op.join(operands).replace('->', ' or ')
self.assertFalse(eval(expr))
