def test_KillFilter(self): if not os.path.exists("/proc/%d" % os.getpid()): self.skipTest("Test requires /proc filesystem (procfs)") p = subprocess.Popen(["cat"], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) try: f = filters.KillFilter("root", "/bin/cat", "-9", "-HUP") f2 = filters.KillFilter("root", "/usr/bin/cat", "-9", "-HUP") usercmd = ['kill', '-ALRM', p.pid] # Incorrect signal should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) # Providing matching signal should be allowed usercmd = ['kill', '-9', p.pid] self.assertTrue(f.match(usercmd) or f2.match(usercmd)) f = filters.KillFilter("root", "/bin/cat") f2 = filters.KillFilter("root", "/usr/bin/cat") usercmd = ['kill', os.getpid()] # Our own PID does not match /bin/sleep, so it should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', 999999] # Nonexistent PID should fail self.assertFalse(f.match(usercmd) or f2.match(usercmd)) usercmd = ['kill', p.pid] # Providing no signal should work self.assertTrue(f.match(usercmd) or f2.match(usercmd)) # verify that relative paths are matched against $PATH f = filters.KillFilter("root", "cat") # Our own PID does not match so it should fail usercmd = ['kill', os.getpid()] self.assertFalse(f.match(usercmd)) # Filter should find cat in /bin or /usr/bin usercmd = ['kill', p.pid] self.assertTrue(f.match(usercmd)) # Filter shouldn't be able to find binary in $PATH, so fail with fixtures.EnvironmentVariable("PATH", "/foo:/bar"): self.assertFalse(f.match(usercmd)) # ensure that unset $PATH is not causing an exception with fixtures.EnvironmentVariable("PATH"): self.assertFalse(f.match(usercmd)) finally: # Terminate the "cat" process and wait for it to finish p.terminate() p.wait()
def test_KillFilter_upgraded_exe(self): """Makes sure upgraded exe's are killed correctly.""" f = filters.KillFilter("root", "/bin/commandddddd") usercmd = ['kill', 1234] with mock.patch('os.readlink') as readlink: readlink.return_value = '/bin/commandddddd\0\05190bfb2 (deleted)' self.assertTrue(f.match(usercmd))
def test_KillFilter_deleted_exe(self): """Makes sure deleted exe's are killed correctly.""" f = filters.KillFilter("root", "/bin/commandddddd") usercmd = ['kill', 1234] # Providing no signal should work with mock.patch('os.readlink') as readlink: readlink.return_value = '/bin/commandddddd (deleted)' self.assertTrue(f.match(usercmd))
def test_KillFilter_upgraded_exe(self, mock_isfile, mock_readlink): """Makes sure upgraded exe's are killed correctly.""" f = filters.KillFilter("root", "/bin/commandddddd") command = "/bin/commandddddd" usercmd = ['kill', 1234] def fake_exists(path): return path == command mock_readlink.return_value = command + '\0\05190bfb2 (deleted)' mock_isfile.side_effect = fake_exists self.assertTrue(f.match(usercmd))
def test_KillFilter_no_raise(self): """Makes sure ValueError from bug 926412 is gone.""" f = filters.KillFilter("root", "") # Providing anything other than kill should be False usercmd = ['notkill', 999999] self.assertFalse(f.match(usercmd)) # Providing something that is not a pid should be False usercmd = ['kill', 'notapid'] self.assertFalse(f.match(usercmd)) # no arguments should also be fine self.assertFalse(f.match([])) self.assertFalse(f.match(None))
def test_KillFilter_upgraded_exe(self): """Makes sure upgraded exe's are killed correctly.""" f = filters.KillFilter("root", "/bin/commandddddd") command = "/bin/commandddddd" usercmd = ['kill', 1234] with mock.patch('os.readlink') as readlink: readlink.return_value = command + '\0\05190bfb2 (deleted)' with mock.patch('os.path.isfile') as exists: def fake_exists(path): return path == command exists.side_effect = fake_exists self.assertTrue(f.match(usercmd))
def test_KillFilter_deleted_exe(self): """Makes sure deleted exe's are killed correctly.""" command = "/bin/commandddddd" f = filters.KillFilter("root", command) usercmd = ['kill', 1234] # Providing no signal should work with mock.patch('os.readlink') as readlink: readlink.return_value = command + ' (deleted)' with mock.patch('os.path.isfile') as exists: def fake_exists(path): return path == command exists.side_effect = fake_exists self.assertTrue(f.match(usercmd))
def test_KillFilter_renamed_exe(self): """Makes sure renamed exe's are killed correctly.""" command = "/bin/commandddddd" f = filters.KillFilter("root", command) usercmd = ['kill', 1234] with mock.patch('os.readlink') as readlink: readlink.return_value = command + ';90bfb2 (deleted)' m = mock.mock_open(read_data=command) with mock.patch("six.moves.builtins.open", m, create=True): with mock.patch('os.path.isfile') as exists: def fake_exists(path): return path == command exists.side_effect = fake_exists self.assertTrue(f.match(usercmd))
def test_KillFilter_renamed_exe(self, mock_access, mock_exists, mock_isfile, mock_readlink): """Makes sure renamed exe's are killed correctly.""" command = "/bin/commandddddd" f = filters.KillFilter("root", command) usercmd = ['kill', 1234] def fake_os_func(path, *args): return path == command mock_readlink.return_value = command + ';90bfb2 (deleted)' m = mock.mock_open(read_data=command) with mock.patch("six.moves.builtins.open", m, create=True): mock_isfile.side_effect = fake_os_func mock_exists.side_effect = fake_os_func mock_access.side_effect = fake_os_func self.assertTrue(f.match(usercmd))