def _parse(cls, raw_rule): '''parse raw_rule and return ChangeProfileRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException( _("Invalid change_profile rule '%s'") % raw_rule) audit, deny, allow_keyword, comment = parse_modifiers(matches) execmode = matches.group('execmode') if matches.group('execcond'): execcond = strip_quotes(matches.group('execcond')) else: execcond = ChangeProfileRule.ALL if matches.group('targetprofile'): targetprofile = strip_quotes(matches.group('targetprofile')) else: targetprofile = ChangeProfileRule.ALL return ChangeProfileRule(execmode, execcond, targetprofile, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def _parse(cls, raw_rule): '''parse raw_rule and return AliasRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException(_("Invalid alias rule '%s'") % raw_rule) comment = parse_comment(matches) orig_path = strip_quotes(matches.group('orig_path').strip()) target = strip_quotes(matches.group('target').strip()) return AliasRule(orig_path, target, audit=False, deny=False, allow_keyword=False, comment=comment)
def _parse(cls, raw_rule): '''parse raw_rule and return FileRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException(_("Invalid file rule '%s'") % raw_rule) audit, deny, allow_keyword, comment = parse_modifiers(matches) owner = bool(matches.group('owner')) leading_perms = False if matches.group('path'): path = strip_quotes(matches.group('path')) elif matches.group('path2'): path = strip_quotes(matches.group('path2')) leading_perms = True else: path = FileRule.ALL if matches.group('perms'): perms = matches.group('perms') perms, exec_perms = split_perms(perms, deny) elif matches.group('perms2'): perms = matches.group('perms2') perms, exec_perms = split_perms(perms, deny) leading_perms = True else: perms = FileRule.ALL exec_perms = None if matches.group('target'): target = strip_quotes(matches.group('target')) else: target = FileRule.ALL file_keyword = bool(matches.group('file_keyword')) return FileRule(path, perms, exec_perms, target, owner, file_keyword, leading_perms, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def _parse(cls, raw_rule): '''parse raw_rule and return ChangeProfileRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException(_("Invalid change_profile rule '%s'") % raw_rule) audit, deny, allow_keyword, comment = parse_modifiers(matches) if matches.group('execcond'): execcond = strip_quotes(matches.group('execcond')) else: execcond = ChangeProfileRule.ALL if matches.group('targetprofile'): targetprofile = strip_quotes(matches.group('targetprofile')) else: targetprofile = ChangeProfileRule.ALL return ChangeProfileRule(execcond, targetprofile, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def _parse(cls, raw_rule): '''parse raw_rule and return RlimitRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException(_("Invalid rlimit rule '%s'") % raw_rule) comment = parse_comment(matches) if matches.group('rlimit'): rlimit = strip_quotes(matches.group('rlimit')) else: raise AppArmorException(_("Invalid rlimit rule '%s' - keyword missing") % raw_rule) if matches.group('value'): if matches.group('value') == 'infinity': value = RlimitRule.ALL else: value = strip_quotes(matches.group('value')) else: raise AppArmorException(_("Invalid rlimit rule '%s' - value missing") % raw_rule) return RlimitRule(rlimit, value, comment=comment)
def _parse(cls, raw_rule): '''parse raw_rule and return RlimitRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException(_("Invalid rlimit rule '%s'") % raw_rule) comment = parse_comment(matches) if matches.group('rlimit'): rlimit = strip_quotes(matches.group('rlimit')) else: raise AppArmorException(_("Invalid rlimit rule '%s' - keyword missing") % raw_rule) # pragma: no cover - would need breaking the regex if matches.group('value'): if matches.group('value') == 'infinity': value = RlimitRule.ALL else: value = strip_quotes(matches.group('value')) else: raise AppArmorException(_("Invalid rlimit rule '%s' - value missing") % raw_rule) # pragma: no cover - would need breaking the regex return RlimitRule(rlimit, value, comment=comment)
def _parse(cls, raw_rule): '''parse raw_rule and return PtraceRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException(_("Invalid ptrace rule '%s'") % raw_rule) audit, deny, allow_keyword, comment = parse_modifiers(matches) rule_details = '' if matches.group('details'): rule_details = matches.group('details') if rule_details: details = RE_PTRACE_DETAILS.search(rule_details) if not details: raise AppArmorException( _("Invalid or unknown keywords in 'ptrace %s" % rule_details)) if details.group('access'): # XXX move to function _split_access()? access = details.group('access') if access.startswith('(') and access.endswith(')'): access = access[1:-1] access = access.replace( ',', ' ').split() # split by ',' or whitespace else: access = PtraceRule.ALL if details.group('peer'): peer = strip_quotes(details.group('peer')) else: peer = PtraceRule.ALL else: access = PtraceRule.ALL peer = PtraceRule.ALL return PtraceRule(access, peer, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def separate_vars(vs): """Returns a list of all the values for a variable""" data = set() vs = vs.strip() RE_VARS = re.compile('^(("[^"]*")|([^"\s]+))\s*(.*)$') while RE_VARS.search(vs): matches = RE_VARS.search(vs).groups() if matches[0].endswith(','): raise AppArmorException( _('Variable declarations do not accept trailing commas')) data.add(strip_quotes(matches[0])) vs = matches[3].strip() if vs: raise AppArmorException( 'Variable assignments contains invalid parts (unbalanced quotes?): %s' % vs) return data
def test_strip_quotes_03(self): self.assertEqual('"foo', strip_quotes('"foo'))
def test_strip_quotes_03(self): self.assertEqual('"foo', strip_quotes('"foo'))
def _parse(cls, raw_rule): '''parse raw_rule and return DbusRule''' matches = cls._match(raw_rule) if not matches: raise AppArmorException(_("Invalid dbus rule '%s'") % raw_rule) audit, deny, allow_keyword, comment = parse_modifiers(matches) rule_details = '' if matches.group('details'): rule_details = matches.group('details') if rule_details: details = RE_DBUS_DETAILS.search(rule_details) if not details: raise AppArmorException( _("Invalid or unknown keywords in 'dbus %s" % rule_details)) if details.group('access'): # XXX move to function _split_access()? access = strip_parenthesis(details.group('access')) access = access.replace( ',', ' ').split() # split by ',' or whitespace if access == []: # XXX that happens for "dbus ( )," rules - correct behaviour? (also: same for signal rules?) access = DbusRule.ALL else: access = DbusRule.ALL if details.group('bus'): bus = strip_parenthesis(strip_quotes(details.group('bus'))) else: bus = DbusRule.ALL if details.group('path'): path = strip_parenthesis(strip_quotes(details.group('path'))) else: path = DbusRule.ALL if details.group('name'): name = strip_parenthesis(strip_quotes(details.group('name'))) else: name = DbusRule.ALL if details.group('interface'): interface = strip_parenthesis( strip_quotes(details.group('interface'))) else: interface = DbusRule.ALL if details.group('member'): member = strip_parenthesis( strip_quotes(details.group('member'))) else: member = DbusRule.ALL if details.group('peername1'): peername = strip_parenthesis( strip_quotes(details.group('peername1'))) elif details.group('peername2'): peername = strip_parenthesis( strip_quotes(details.group('peername2'))) elif details.group('peername3'): peername = strip_parenthesis( strip_quotes(details.group('peername3'))) else: peername = DbusRule.ALL if details.group('peerlabel1'): peerlabel = strip_parenthesis( strip_quotes(details.group('peerlabel1'))) elif details.group('peerlabel2'): peerlabel = strip_parenthesis( strip_quotes(details.group('peerlabel2'))) elif details.group('peerlabel3'): peerlabel = strip_parenthesis( strip_quotes(details.group('peerlabel3'))) else: peerlabel = DbusRule.ALL else: access = DbusRule.ALL bus = DbusRule.ALL path = DbusRule.ALL name = DbusRule.ALL interface = DbusRule.ALL member = DbusRule.ALL peername = DbusRule.ALL peerlabel = DbusRule.ALL return DbusRule(access, bus, path, name, interface, member, peername, peerlabel, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def test_strip_quotes_08(self): self.assertEqual('"""foo"bar"""', strip_quotes('""""foo"bar""""'))
def test_strip_quotes_07(self): self.assertEqual('foo"bar', strip_quotes('"foo"bar"'))
def test_strip_quotes_05(self): self.assertEqual('', strip_quotes('""'))
def test_strip_quotes_08(self): self.assertEqual('"""foo"bar"""', strip_quotes('""""foo"bar""""'))
def test_strip_quotes_07(self): self.assertEqual('foo"bar', strip_quotes('"foo"bar"'))
def test_strip_quotes_05(self): self.assertEqual('', strip_quotes('""'))
def test_strip_quotes_04(self): self.assertEqual('foo"', strip_quotes('foo"'))
def test_strip_quotes_04(self): self.assertEqual('foo"', strip_quotes('foo"'))
def _run_test(self, params, expected): self.assertEqual(strip_quotes(params), expected)