def test_write_manually_2(self):
obj = VariableRule('@{foo}', '=', {'/bar', ''})
expected = ' @{foo} = "" /bar'
self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
def _run_test(self, rawrule, expected):
self.assertTrue(VariableRule.match(rawrule))
obj = VariableRule.parse(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
def _check_invalid_rawrule(self, rawrule, matches_regex=False):
obj = None
self.assertEqual(VariableRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
obj = VariableRule.parse(rawrule)
self.assertIsNone(obj,
'VariableRule handed back an object unexpectedly')
def test_borked_obj_is_covered_2(self):
obj = VariableRule.parse('@{foo} = /bar')
testobj = VariableRule('@{foo}', '=', {'/bar'})
testobj.values = ''
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def testAdd_variable_2(self):
self.pl.add_variable('/etc/apparmor.d/bin.foo',
VariableRule('@{foo}', '=', {'/foo'}))
self.pl.add_variable('/etc/apparmor.d/bin.foo',
VariableRule('@{bar}', '=', {'/bar'}))
self.assertEqual(list(self.pl.files.keys()),
['/etc/apparmor.d/bin.foo'])
self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'),
['@{foo} = /foo', '@{bar} = /bar', ''])
self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'),
['@{foo} = /foo', '@{bar} = /bar', ''])
def test_ruleset_overwrite(self):
ruleset = VariableRuleset()
ruleset.add(VariableRule.parse('@{foo} = /bar'))
with self.assertRaises(AppArmorException):
ruleset.add(VariableRule.parse(
'@{foo} = /asdf')) # attempt to redefine @{foo}
self.assertEqual({
'=': {
'@{foo}': {'/bar'}
},
'+=': {}
}, ruleset.get_merged_variables())
def test_dedup_variable_1(self):
self.pl.add_variable('/etc/apparmor.d/bin.foo',
VariableRule.parse('@{foo} = /foo'))
self.pl.add_variable('/etc/apparmor.d/bin.foo',
VariableRule.parse('@{foo} += /bar # comment'))
self.pl.add_variable('/etc/apparmor.d/bin.foo',
VariableRule.parse('@{foo} += /bar /baz'))
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
self.assertEqual(deleted, 1)
self.assertEqual(list(self.pl.files.keys()),
['/etc/apparmor.d/bin.foo'])
self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'),
['@{foo} = /foo', '@{foo} += /bar /baz', ''])
self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'),
['@{foo} = /foo', '@{foo} += /bar /baz', ''])
def test_invalid_is_equal(self):
obj = VariableRule.parse('@{foo} = /bar')
testobj = BaseRule() # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
def _run_test(self, param, expected):
obj = VariableRule.parse(self.rule)
check_obj = VariableRule.parse(param)
self.assertTrue(VariableRule.match(param))
self.assertEqual(obj.is_equal(check_obj), expected[0],
'Mismatch in is_equal, expected %s' % expected[0])
self.assertEqual(
obj.is_equal(check_obj, True), expected[1],
'Mismatch in is_equal/strict, expected %s' % expected[1])
self.assertEqual(obj.is_covered(check_obj), expected[2],
'Mismatch in is_covered, expected %s' % expected[2])
self.assertEqual(
obj.is_covered(check_obj, True, True), expected[3],
'Mismatch in is_covered/exact, expected %s' % expected[3])
def test_ruleset_1(self):
ruleset = VariableRuleset()
rules = [
'@{foo} = /bar',
'@{baz}= /asdf',
'@{foo} += /whatever',
'@{foo} += /morestuff',
]
expected_raw = [
'@{foo} = /bar',
'@{baz}= /asdf',
'@{foo} += /whatever',
'@{foo} += /morestuff',
'',
]
expected_clean = [
'@{baz} = /asdf',
'@{foo} += /morestuff',
'@{foo} += /whatever',
'@{foo} = /bar',
'',
]
expected_clean_unsorted = [
'@{foo} = /bar',
'@{baz} = /asdf',
'@{foo} += /whatever',
'@{foo} += /morestuff',
'',
]
expected_merged = {
'=': {
'@{foo}': {'/bar'},
'@{baz}': {'/asdf'},
},
'+=': {
'@{foo}': {'/whatever', '/morestuff'},
}
}
for rule in rules:
ruleset.add(VariableRule.parse(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
self.assertEqual(expected_clean_unsorted, ruleset.get_clean_unsorted())
self.assertEqual(expected_merged, ruleset.get_merged_variables())
class VariableFromInit(VariableTest):
tests = [
# VariableRule object comment varname mode values
(VariableRule('@{foo}', '=', {'/bar'}), exp('', '@{foo}', '=',
{'/bar'})),
(VariableRule('@{foo}', '+=',
{'/bar'}), exp('', '@{foo}', '+=', {'/bar'})),
(VariableRule('@{foo}', '=', {'/bar', '/baz'}),
exp('', '@{foo}', '=', {'/bar', '/baz'})),
(VariableRule('@{foo}', '+=', {'/bar', '/baz'}),
exp('', '@{foo}', '+=', {'/bar', '/baz'})),
(VariableRule('@{foo}', '=', {'/bar'},
comment='# cmt'), exp('# cmt', '@{foo}', '=', {'/bar'})),
(VariableRule('@{foo}', '+=', {'/bar'},
comment='# cmt'), exp('# cmt', '@{foo}', '+=',
{'/bar'})),
]
def _run_test(self, obj, expected):
self._compare_obj(obj, expected)
def _run_test(self, rawrule, expected):
self.assertEqual(VariableRule.match(rawrule), expected[0])
with self.assertRaises(expected[1]):
VariableRule.parse(rawrule)
def _run_test(self, params, expected):
with self.assertRaises(expected):
VariableRule(params[0], params[1], params[2])
def _run_test(self, rawrule, expected):
self.assertTrue(VariableRule.match(rawrule))
obj = VariableRule.parse(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
def test_missing_params_1(self):
with self.assertRaises(TypeError):
VariableRule()
def _run_test(self, params, expected):
obj = VariableRule._parse(params)
self.assertEqual(obj.logprof_header(), expected)
def test_missing_params_3(self):
with self.assertRaises(TypeError):
VariableRule('@{foo}', '=')
def test_invalid_deny(self):
with self.assertRaises(AppArmorBug):
VariableRule('@{foo}', '=', '/bar', deny=True)
