def test_invalid_is_equal_2(self):
obj = PtraceRule.parse('ptrace read,')
testobj = PtraceRule.parse('ptrace read,')
testobj.all_peers = False # make testobj invalid (should trigger exception in _is_equal_aare())
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
def test_ruleset_2(self):
ruleset = PtraceRuleset()
rules = [
'ptrace read peer=/foo,',
'allow ptrace read,',
'deny ptrace peer=/bar, # example comment',
]
expected_raw = [
' ptrace read peer=/foo,',
' allow ptrace read,',
' deny ptrace peer=/bar, # example comment',
'',
]
expected_clean = [
' deny ptrace peer=/bar, # example comment',
'',
' allow ptrace read,',
' ptrace read peer=/foo,',
'',
]
for rule in rules:
ruleset.add(PtraceRule.parse(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
def test_invalid_is_equal(self):
obj = PtraceRule.parse('ptrace read,')
testobj = BaseRule() # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
def _check_invalid_rawrule(self, rawrule):
obj = None
self.assertFalse(PtraceRule.match(rawrule))
with self.assertRaises(AppArmorException):
obj = PtraceRule(PtraceRule.parse(rawrule))
self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
def test_ruleset_1(self):
ruleset = PtraceRuleset()
rules = [
'ptrace peer=/foo,',
'ptrace read,',
]
expected_raw = [
'ptrace peer=/foo,',
'ptrace read,',
'',
]
expected_clean = [
'ptrace peer=/foo,',
'ptrace read,',
'',
]
for rule in rules:
ruleset.add(PtraceRule.parse(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
# test __repr__() for non-empty ruleset
as_string = '%s' % ruleset
self.assertEqual(
as_string,
'<PtraceRuleset>\n ptrace peer=/foo,\n ptrace read,\n</PtraceRuleset>'
)
def test_borked_obj_is_covered_2(self):
obj = PtraceRule.parse('ptrace read peer=/foo,')
testobj = PtraceRule('read', '/foo')
testobj.peer = ''
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def _run_test(self, param, expected):
obj = PtraceRule.parse(self.rule)
check_obj = PtraceRule.parse(param)
self.assertTrue(PtraceRule.match(param))
self.assertEqual(obj.is_equal(check_obj), expected[0],
'Mismatch in is_equal, expected %s' % expected[0])
self.assertEqual(
obj.is_equal(check_obj, True), expected[1],
'Mismatch in is_equal/strict, expected %s' % expected[1])
self.assertEqual(obj.is_covered(check_obj), expected[2],
'Mismatch in is_covered, expected %s' % expected[2])
self.assertEqual(
obj.is_covered(check_obj, True, True), expected[3],
'Mismatch in is_covered/exact, expected %s' % expected[3])
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule))
obj = PtraceRule.parse(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
def test_ruleset_1(self):
ruleset = PtraceRuleset()
rules = [
'ptrace peer=/foo,',
'ptrace read,',
]
expected_raw = [
'ptrace peer=/foo,',
'ptrace read,',
'',
]
expected_clean = [
'ptrace peer=/foo,',
'ptrace read,',
'',
]
for rule in rules:
ruleset.add(PtraceRule.parse(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(
rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
PtraceRule.parse(rawrule)
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule))
obj = PtraceRule.parse(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)