Esempio n. 1
0
    def test_slice_name_validation(self):
        xproto = """
    policy test_policy < not obj.id -> {{ obj.name.startswith(obj.site.login_base) }} >
"""
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = self.target

        output = XOSProcessor.process(args)

        obj = FakeObject()
        obj.isolation = "container"
        obj.kind = "not a container"

        exec(output)  # This loads the generated function, which should look like this:

        """
        def policy_output_validator(obj, ctx):
            i3 = obj.id
            i4 = obj.name.startswith(obj.site.login_base)
            i2 = ((not i3) or i4)
            i1 = (not i2)
            if (not i1):
                raise ValidationError('Necessary Failure')
        """

        with self.assertRaises(Exception):
            policy_output_validator(obj, {})
Esempio n. 2
0
    def test_equal(self):
        xproto = """
    policy output < not (ctx.user = obj.user) >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)

        output = XOSProcessor.process(args)

        exec(output)  # This loads the generated function, which should look like this:

        """
        def policy_output_validator(obj, ctx):
            i2 = (ctx.user == obj.user)
            i1 = (not i2)
            if (not i1):
                raise Exception('Necessary Failure')
        """

        obj = FakeObject()
        obj.user = 1
        ctx = FakeObject()
        ctx.user = 1

        with self.assertRaises(Exception):
            policy_output_validator(obj, ctx)
Esempio n. 3
0
    def test_call_policy(self):
        xproto = """
    policy sub_policy < ctx.user = obj.user >
    policy output < *sub_policy(child) >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)

        output = XOSProcessor.process(args)

        exec(
            output, globals()
        )  # This loads the generated function, which should look like this:

        """
        def policy_sub_policy_validator(obj, ctx):
            i1 = (ctx.user == obj.user)
            if (not i1):
                raise ValidationError('Necessary Failure')

        def policy_output_validator(obj, ctx):
            i1 = policy_sub_policy_validator(obj.child, ctx)
            if (not i1):
                raise ValidationError('Necessary Failure')
        """

        obj = FakeObject()
        obj.child = FakeObject()
        obj.child.user = 1

        ctx = FakeObject()
        ctx.user = 1

        with self.assertRaises(Exception):
            verdict = policy_output_enforcer(obj, ctx)
Esempio n. 4
0
    def test_call_policy(self):
        xproto = """
    policy sub_policy < ctx.user = obj.user >
    policy output < *sub_policy(child) >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)
        output = XOSProcessor.process(args)
        exec(output, globals())  # This loads the generated function, which should look like this:

        """
        def sub_policy_security_check(obj, ctx):
            i1 = (ctx.user == obj.user)
            return i1

        def output_security_check(obj, ctx):
            if obj.child:
                i1 = sub_policy_security_check(obj.child, ctx)
            else:
                i1 = True
            return i1
        """

        obj = FakeObject()
        obj.child = FakeObject()
        obj.child.user = 1

        ctx = FakeObject()
        ctx.user = 1

        verdict = output_security_check(obj, ctx)
        self.assertTrue(verdict)
Esempio n. 5
0
    def test_slice_name_validation(self):
        xproto = """
    policy test_policy < not obj.id -> {{ obj.name.startswith(obj.site.login_base) }} >
"""
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = self.target

        output = XOSProcessor.process(args)

        obj = FakeObject()
        obj.isolation = "container"
        obj.kind = "not a container"

        exec(output)  # This loads the generated function, which should look like this:

        """
        def policy_output_validator(obj, ctx):
            i3 = obj.id
            i4 = obj.name.startswith(obj.site.login_base)
            i2 = ((not i3) or i4)
            i1 = (not i2)
            if (not i1):
                raise ValidationError('Necessary Failure')
        """

        with self.assertRaises(Exception):
            policy_output_validator(obj, {})
Esempio n. 6
0
    def test_bin(self):
        xproto = """
    policy output < ctx.is_admin = True | obj.empty = True>
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)
        output = XOSProcessor.process(args)
        exec(output, globals())  # This loads the generated function, which should look like this:

        """
        def output_security_check(obj, ctx):
            i2 = (ctx.is_admin == True)
            i3 = (obj.empty == True)
            i1 = (i2 or i3)
            return i1
        """

        obj = FakeObject()
        obj.empty = True

        ctx = FakeObject()
        ctx.is_admin = True

        verdict = output_security_check(obj, ctx)

        self.assertTrue(verdict)
Esempio n. 7
0
    def test_instance_container(self):
        xproto = """
    policy test_policy < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") >
"""
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = self.target

        output = XOSProcessor.process(args)

        obj = FakeObject()
        obj.isolation = "container"
        obj.kind = "not a container"

        exec(output)  # This loads the generated function, which should look like this:

        """
        def policy_output_validator(obj, ctx):
            i4 = (obj.isolation == 'container')
            i5 = (self.isolation == 'container_vm')
            i2 = (i4 or i5)
            i3 = (obj.image.kind == 'container')
            i1 = (i2 or i3)
            return i1
        """

        with self.assertRaises(Exception):
            policy_output_validator(obj, {})
Esempio n. 8
0
    def test_bin(self):
        xproto = """
    policy output < (ctx.is_admin = True | obj.empty = True) | False>
"""

        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = self.target

        output = XOSProcessor.process(args)
        exec(output)  # This loads the generated function, which should look like this:

        """
        def policy_output_validator(obj, ctx):
            i2 = (ctx.is_admin == True)
            i3 = (obj.empty == True)
            i1 = (i2 or i3)
            if (not i1):
                raise Exception('Necessary Failure')
        """

        obj = FakeObject()
        obj.empty = False

        ctx = FakeObject()
        ctx.is_admin = False

        with self.assertRaises(Exception):
            verdict = policy_output_validator(obj, ctx)
Esempio n. 9
0
    def test_instance_container(self):
        xproto = """
    policy test_policy < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") >
"""
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = self.target

        output = XOSProcessor.process(args)

        obj = FakeObject()
        obj.isolation = "container"
        obj.kind = "not a container"

        exec(output)  # This loads the generated function, which should look like this:

        """
        def policy_output_validator(obj, ctx):
            i4 = (obj.isolation == 'container')
            i5 = (self.isolation == 'container_vm')
            i2 = (i4 or i5)
            i3 = (obj.image.kind == 'container')
            i1 = (i2 or i3)
            return i1
        """

        with self.assertRaises(Exception):
            policy_output_validator(obj, {})
Esempio n. 10
0
    def test_call_policy(self):
        xproto = """
    policy sub_policy < ctx.user = obj.user >
    policy output < *sub_policy(child) >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)
        output = XOSProcessor.process(args)
        exec(output, globals(
        ))  # This loads the generated function, which should look like this:
        """
        def sub_policy_security_check(obj, ctx):
            i1 = (ctx.user == obj.user)
            return i1

        def output_security_check(obj, ctx):
            if obj.child:
                i1 = sub_policy_security_check(obj.child, ctx)
            else:
                i1 = True
            return i1
        """

        obj = FakeObject()
        obj.child = FakeObject()
        obj.child.user = 1

        ctx = FakeObject()
        ctx.user = 1

        verdict = output_security_check(obj, ctx)
        self.assertTrue(verdict)
Esempio n. 11
0
    def test_call_policy(self):
        xproto = """
    policy sub_policy < ctx.user = obj.user >
    policy output < *sub_policy(child) >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)

        output = XOSProcessor.process(args)

        exec(output, globals(
        ))  # This loads the generated function, which should look like this:
        """
        def policy_sub_policy_validator(obj, ctx):
            i1 = (ctx.user == obj.user)
            if (not i1):
                raise ValidationError('Necessary Failure')

        def policy_output_validator(obj, ctx):
            i1 = policy_sub_policy_validator(obj.child, ctx)
            if (not i1):
                raise ValidationError('Necessary Failure')
        """

        obj = FakeObject()
        obj.child = FakeObject()
        obj.child.user = 1

        ctx = FakeObject()
        ctx.user = 1

        with self.assertRaises(Exception):
            verdict = policy_output_enforcer(obj, ctx)
Esempio n. 12
0
    def test_num_constant(self):
        xproto = """
    policy slice_user < slice.user.age = 57 >
"""

        target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.slice_user }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.user = FakeObject()
        slice.user.is_admin = True

        expr = eval(output)
        self.assertTrue(expr)
Esempio n. 13
0
    def test_function_term(self):
        xproto = """
    policy slice_user < slice.user.compute_is_admin() >
"""

        target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.slice_user }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.user = FakeObject()
        slice.user.compute_is_admin = lambda: True

        expr = eval(output)
        self.assertTrue(expr)
Esempio n. 14
0
    def test_num_constant(self):
        xproto = """
    policy slice_user < slice.user.age = 57 >
"""

        target = XProtoTestHelpers.write_tmp_target(
            "{{ proto.policies.slice_user }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.user = FakeObject()
        slice.user.is_admin = True

        expr = eval(output)
        self.assertTrue(expr)
Esempio n. 15
0
    def test_function_term(self):
        xproto = """
    policy slice_user < slice.user.compute_is_admin() >
"""

        target = XProtoTestHelpers.write_tmp_target(
            "{{ proto.policies.slice_user }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.user = FakeObject()
        slice.user.compute_is_admin = lambda: True

        expr = eval(output)
        self.assertTrue(expr)
Esempio n. 16
0
    def test_bin(self):
        xproto = """
    policy slice_admin < slice.is_admin | obj.empty >
"""
        target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.slice_admin }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.is_admin = False
        obj = FakeObject()
        obj.empty = []

        (op, operands), = eval(output).items()
        expr = op.join(operands).replace("|", " or ")

        self.assertFalse(eval(expr))
Esempio n. 17
0
    def test_implies(self):
        xproto = """
    policy implies < obj.name -> obj.creator >
"""
        target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.implies }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.is_admin = False
        obj = FakeObject()
        obj.name = "Thing 1"
        obj.creator = None

        (op, operands), = eval(output).items()
        expr = "not " + op.join(operands).replace("->", " or ")

        self.assertFalse(eval(expr))
Esempio n. 18
0
    def test_equal(self):
        xproto = """
    policy slice_user < slice.user = obj.user >
"""

        target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.slice_user }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.user = "******"
        obj = FakeObject()
        obj.user = "******"

        (op, operands), = eval(output).items()
        expr = op.join(operands).replace("=", "==")

        self.assertTrue(eval(expr))
Esempio n. 19
0
    def test_equal(self):
        xproto = """
    policy output < ctx.user = obj.user >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)
        output = XOSProcessor.process(args)
        exec(output, globals())  # This loads the generated function, which should look like this:

        """
        def output_security_check(obj, ctx):
            i1 = (ctx.user == obj.user)
            return i1
        """

        obj = FakeObject()
        obj.user = 1
        ctx = FakeObject()
        ctx.user = 1

        verdict = output_security_check(obj, ctx)
Esempio n. 20
0
    def test_bin(self):
        xproto = """
    policy output < ctx.is_admin = True | obj.empty = True>
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)
        output = XOSProcessor.process(args)
        exec(output, globals(
        ))  # This loads the generated function, which should look like this:
        """
        def output_security_check(obj, ctx):
            i2 = (ctx.is_admin == True)
            i3 = (obj.empty == True)
            i1 = (i2 or i3)
            return i1
        """

        obj = FakeObject()
        obj.empty = True

        ctx = FakeObject()
        ctx.is_admin = True

        verdict = output_security_check(obj, ctx)

        self.assertTrue(verdict)
Esempio n. 21
0
    def test_bin(self):
        xproto = """
    policy output < (ctx.is_admin = True | obj.empty = True) | False>
"""

        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = self.target

        output = XOSProcessor.process(args)
        exec(
            output
        )  # This loads the generated function, which should look like this:
        """
        def policy_output_validator(obj, ctx):
            i2 = (ctx.is_admin == True)
            i3 = (obj.empty == True)
            i1 = (i2 or i3)
            if (not i1):
                raise Exception('Necessary Failure')
        """

        obj = FakeObject()
        obj.empty = False

        ctx = FakeObject()
        ctx.is_admin = False

        with self.assertRaises(Exception):
            verdict = policy_output_validator(obj, ctx)
Esempio n. 22
0
    def test_equal(self):
        xproto = """
    policy output < not (ctx.user = obj.user) >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)

        output = XOSProcessor.process(args)

        exec(
            output
        )  # This loads the generated function, which should look like this:
        """
        def policy_output_validator(obj, ctx):
            i2 = (ctx.user == obj.user)
            i1 = (not i2)
            if (not i1):
                raise Exception('Necessary Failure')
        """

        obj = FakeObject()
        obj.user = 1
        ctx = FakeObject()
        ctx.user = 1

        with self.assertRaises(Exception):
            policy_output_validator(obj, ctx)
Esempio n. 23
0
    def test_exists(self):
        xproto = """
    policy privilege < exists Privilege: Privilege.object_id = obj.id >
"""

        target = XProtoTestHelpers.write_tmp_target("{{ proto.policies.privilege }} ")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        Privilege = FakeObject()
        Privilege.object_id = 1
        obj = FakeObject()
        obj.id = 1

        (op, operands), = eval(output).items()
        (op2, operands2), = operands[1].items()
        expr = op2.join(operands2).replace("=", "==")

        self.assertTrue(eval(expr))
Esempio n. 24
0
    def test_implies(self):
        xproto = """
    policy implies < obj.name -> obj.creator >
"""
        target = XProtoTestHelpers.write_tmp_target(
            "{{ proto.policies.implies }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.is_admin = False
        obj = FakeObject()
        obj.name = "Thing 1"
        obj.creator = None

        (op, operands), = eval(output).items()
        expr = "not " + op.join(operands).replace("->", " or ")

        self.assertFalse(eval(expr))
Esempio n. 25
0
    def test_bin(self):
        xproto = """
    policy slice_admin < slice.is_admin | obj.empty >
"""
        target = XProtoTestHelpers.write_tmp_target(
            "{{ proto.policies.slice_admin }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.is_admin = False
        obj = FakeObject()
        obj.empty = []

        (op, operands), = eval(output).items()
        expr = op.join(operands).replace("|", " or ")

        self.assertFalse(eval(expr))
Esempio n. 26
0
    def test_equal(self):
        xproto = """
    policy output < ctx.user = obj.user >
"""

        args = XOSProcessorArgs(inputs=xproto, target=self.target)
        output = XOSProcessor.process(args)
        exec(output, globals(
        ))  # This loads the generated function, which should look like this:
        """
        def output_security_check(obj, ctx):
            i1 = (ctx.user == obj.user)
            return i1
        """

        obj = FakeObject()
        obj.user = 1
        ctx = FakeObject()
        ctx.user = 1

        verdict = output_security_check(obj, ctx)
Esempio n. 27
0
    def test_equal(self):
        xproto = """
    policy slice_user < slice.user = obj.user >
"""

        target = XProtoTestHelpers.write_tmp_target(
            "{{ proto.policies.slice_user }}")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        slice = FakeObject()
        slice.user = "******"
        obj = FakeObject()
        obj.user = "******"

        (op, operands), = eval(output).items()
        expr = op.join(operands).replace("=", "==")

        self.assertTrue(eval(expr))
Esempio n. 28
0
    def test_exists(self):
        xproto = """
    policy privilege < exists Privilege: Privilege.object_id = obj.id >
"""

        target = XProtoTestHelpers.write_tmp_target(
            "{{ proto.policies.privilege }} ")
        args = XOSProcessorArgs()
        args.inputs = xproto
        args.target = target

        output = XOSProcessor.process(args)

        Privilege = FakeObject()
        Privilege.object_id = 1
        obj = FakeObject()
        obj.id = 1

        (op, operands), = eval(output).items()
        (op2, operands2), = operands[1].items()
        expr = op2.join(operands2).replace("=", "==")

        self.assertTrue(eval(expr))