Ejemplo n.º 1
0
 def test_parse_filter(self):
     """Accept valid filters."""
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('arg0 == 0')), [
             parser.Filter([[parser.Atom(0, '==', 0)]], bpf.Allow()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('kill-process')), [
             parser.Filter(None, bpf.KillProcess()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('kill-thread')), [
             parser.Filter(None, bpf.KillThread()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('trap')), [
             parser.Filter(None, bpf.Trap()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('return ENOSYS')), [
             parser.Filter(None,
                           bpf.ReturnErrno(self.arch.constants['ENOSYS'])),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('trace')), [
             parser.Filter(None, bpf.Trace()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('user-notify')), [
             parser.Filter(None, bpf.UserNotify()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('log')), [
             parser.Filter(None, bpf.Log()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('allow')), [
             parser.Filter(None, bpf.Allow()),
         ])
     self.assertEqual(
         self.parser.parse_filter(self._tokenize('1')), [
             parser.Filter(None, bpf.Allow()),
         ])
     self.assertEqual(
         self.parser.parse_filter(
             self._tokenize(
                 '{ arg0 == 0, arg0 == 1; return ENOSYS, trap }')),
         [
             parser.Filter([[parser.Atom(0, '==', 0)]], bpf.Allow()),
             parser.Filter([[parser.Atom(0, '==', 1)]],
                           bpf.ReturnErrno(self.arch.constants['ENOSYS'])),
             parser.Filter(None, bpf.Trap()),
         ])
Ejemplo n.º 2
0
 def parse_action(self, tokens):
     if not tokens:
         self._parser_state.error('missing action')
     action_token = tokens.pop(0)
     if action_token.type == 'ACTION':
         if action_token.value == 'allow':
             return bpf.Allow()
         if action_token.value == 'kill':
             return self._kill_action
         if action_token.value == 'kill-process':
             return bpf.KillProcess()
         if action_token.value == 'kill-thread':
             return bpf.KillThread()
         if action_token.value == 'trap':
             return bpf.Trap()
         if action_token.value == 'trace':
             return bpf.Trace()
         if action_token.value == 'log':
             return bpf.Log()
     elif action_token.type == 'NUMERIC_CONSTANT':
         constant = self._parse_single_constant(action_token)
         if constant == 1:
             return bpf.Allow()
     elif action_token.type == 'RETURN':
         if not tokens:
             self._parser_state.error('missing return value')
         return bpf.ReturnErrno(self._parse_single_constant(tokens.pop(0)))
     return self._parser_state.error('invalid action', token=action_token)
Ejemplo n.º 3
0
 def _parse_default_action(self, tokens):
     if not tokens:
         self._parser_state.error('missing default action')
     action_token = tokens.pop(0)
     if action_token.type != 'ACTION':
         return self._parser_state.error(
             'invalid default action', token=action_token)
     if action_token.value == 'kill-process':
         return bpf.KillProcess()
     if action_token.value == 'kill-thread':
         return bpf.KillThread()
     if action_token.value == 'kill':
         return self._kill_action
     if action_token.value == 'trap':
         return bpf.Trap()
     return self._parser_state.error(
         'invalid permissive default action', token=action_token)
Ejemplo n.º 4
0
    def parse_action(self, tokens):
        if not tokens:
            self._parser_state.error('missing action')
        action_token = tokens.pop(0)
        # denylist policies must specify a return for every line.
        if self._denylist:
            if action_token.type != 'RETURN':
                self._parser_state.error('invalid denylist policy')

        if action_token.type == 'ACTION':
            if action_token.value == 'allow':
                return bpf.Allow()
            if action_token.value == 'kill':
                return self._kill_action
            if action_token.value == 'kill-process':
                return bpf.KillProcess()
            if action_token.value == 'kill-thread':
                return bpf.KillThread()
            if action_token.value == 'trap':
                return bpf.Trap()
            if action_token.value == 'trace':
                return bpf.Trace()
            if action_token.value == 'user-notify':
                return bpf.UserNotify()
            if action_token.value == 'log':
                return bpf.Log()
        elif action_token.type == 'NUMERIC_CONSTANT':
            constant = self._parse_single_constant(action_token)
            if constant == 1:
                return bpf.Allow()
        elif action_token.type == 'RETURN':
            if not tokens:
                self._parser_state.error('missing return value')
            if self._ret_log:
                tokens.pop(0)
                return bpf.Log()
            else:
                return bpf.ReturnErrno(
                    self._parse_single_constant(tokens.pop(0)))
        return self._parser_state.error('invalid action', token=action_token)