[apparmor] [patch 14/18] parser: add additional language tests to get wider test coverage

Steve Beattie steve at nxnw.org
Thu Jan 16 22:06:22 UTC 2014


This patch adds several assorted language tests, to exercise various
parts of the parser that were not being covered by the language tests
previously. Areas lacking were found using the coverage compilation
option; coverage from the language tests is still incomplete.

Signed-off-by: Steve Beattie <steve at nxnw.org>
---
 parser/tst/simple_tests/dbus/bad_bind_1.sd                |    8 ++++++++
 parser/tst/simple_tests/dbus/bad_bind_2.sd                |    8 ++++++++
 parser/tst/simple_tests/dbus/bad_eavesdrop_1.sd           |    7 +++++++
 parser/tst/simple_tests/dbus/bad_modifier_1.sd            |    7 +++++++
 parser/tst/simple_tests/dbus/ok_eavesdrop_1.sd            |    7 +++++++
 parser/tst/simple_tests/file/bad_append_2.sd              |    8 ++++++++
 parser/tst/simple_tests/file/bad_re_brace_2.sd            |    8 ++++++++
 parser/tst/simple_tests/file/bad_re_brace_3.sd            |    8 ++++++++
 parser/tst/simple_tests/file/ok_2.sd                      |    7 +++++++
 parser/tst/simple_tests/file/ok_4.sd                      |    7 +++++++
 parser/tst/simple_tests/file/ok_5.sd                      |    7 +++++++
 parser/tst/simple_tests/file/ok_link_1.sd                 |   10 ++++++++++
 parser/tst/simple_tests/file/ok_link_2.sd                 |   10 ++++++++++
 parser/tst/simple_tests/file/ok_link_3.sd                 |   10 ++++++++++
 parser/tst/simple_tests/file/ok_octal_1.sd                |    8 ++++++++
 parser/tst/simple_tests/file/ok_octal_2.sd                |    8 ++++++++
 parser/tst/simple_tests/file/ok_other_1.sd                |    7 +++++++
 parser/tst/simple_tests/file/ok_quoted_1.sd               |    9 +++++++++
 parser/tst/simple_tests/file/ok_quoted_2.sd               |    9 +++++++++
 parser/tst/simple_tests/file/ok_quoted_3.sd               |    9 +++++++++
 parser/tst/simple_tests/file/ok_quoted_4.sd               |    9 +++++++++
 parser/tst/simple_tests/file/ok_quoted_5.sd               |    9 +++++++++
 parser/tst/simple_tests/file/ok_slashquote_1.sd           |    8 ++++++++
 parser/tst/simple_tests/profile/flags/flags_bad14.sd      |   12 ++++++++++++
 parser/tst/simple_tests/profile/flags/flags_bad15.sd      |   12 ++++++++++++
 parser/tst/simple_tests/vars/vars_bad_6.sd                |    7 +++++++
 parser/tst/simple_tests/vars/vars_bad_7.sd                |    7 +++++++
 parser/tst/simple_tests/vars/vars_bad_8.sd                |    7 +++++++
 parser/tst/simple_tests/vars/vars_bad_add_assignment_1.sd |   10 ++++++++++
 29 files changed, 243 insertions(+)

Index: b/parser/tst/simple_tests/dbus/bad_modifier_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/dbus/bad_modifier_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION dbus entry with a bad modifier
+#=EXRESULT FAIL
+
+profile foo {
+  dbus send bus=session modifier=foo,
+}
Index: b/parser/tst/simple_tests/dbus/bad_bind_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/dbus/bad_bind_1.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION dbus bind with non-bind member modifier
+#=EXRESULT FAIL
+#
+
+profile foo {
+  dbus bind bus=session member=blort,
+}
Index: b/parser/tst/simple_tests/dbus/bad_bind_2.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/dbus/bad_bind_2.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION dbus bind with non-bind interface modifier
+#=EXRESULT FAIL
+#
+
+profile foo {
+  dbus bind bus=session interface=blort,
+}
Index: b/parser/tst/simple_tests/file/bad_re_brace_2.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/bad_re_brace_2.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION empty alternation braces '{}' should be an error
+#=EXRESULT FAIL
+#
+
+profile failure {
+  /usr/bin/{}snort rw,
+}
Index: b/parser/tst/simple_tests/file/bad_re_brace_3.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/bad_re_brace_3.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION alternation braces '{}' with only one entry should be an error
+#=EXRESULT FAIL
+#
+
+profile failure {
+  /usr/bin/one{en}try rw,
+}
Index: b/parser/tst/simple_tests/file/ok_slashquote_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_slashquote_1.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION unnecessary slash quotes are okay
+#=EXRESULT PASS
+#
+
+profile blart {
+  /bingo/bang\o/bongo rw,
+}
Index: b/parser/tst/simple_tests/dbus/bad_eavesdrop_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/dbus/bad_eavesdrop_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION dbus eavesdrop cannot contain non bus modifiers
+#=EXRESULT FAIL
+
+profile dbus_fail {
+  dbus eavesdrop interface=wat,
+}
Index: b/parser/tst/simple_tests/dbus/ok_eavesdrop_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/dbus/ok_eavesdrop_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple dbus eavesdrop acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+  dbus eavesdrop bus=session,
+}
Index: b/parser/tst/simple_tests/file/ok_octal_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_octal_1.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple octal test
+#=EXRESULT PASS
+#
+
+profile ascii {
+  /bin/\141bcde rix,
+}
Index: b/parser/tst/simple_tests/file/ok_octal_2.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_octal_2.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple quoted octal expansion
+#=EXRESULT PASS
+#
+
+profile octal {
+  "/bin/a b \143 d e" rix,
+}
Index: b/parser/tst/simple_tests/file/ok_quoted_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_quoted_1.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted tab expansion
+#=EXRESULT PASS
+#
+
+profile test {
+  "/bin/alpha\tbeta" rix,
+}
+
Index: b/parser/tst/simple_tests/file/ok_quoted_2.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_quoted_2.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted newline expansion
+#=EXRESULT PASS
+#
+
+profile test {
+  "/bin/alpha\nbeta" rix,
+}
+
Index: b/parser/tst/simple_tests/file/ok_quoted_3.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_quoted_3.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted carriage return expansion
+#=EXRESULT PASS
+#
+
+profile test {
+  "/bin/alpha\rbeta" rix,
+}
+
Index: b/parser/tst/simple_tests/file/ok_quoted_4.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_quoted_4.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted quote expansion
+#=EXRESULT PASS
+#
+
+profile test {
+  "/bin/alpha\"beta" rix,
+}
+
Index: b/parser/tst/simple_tests/file/ok_quoted_5.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_quoted_5.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted backslash expansion
+#=EXRESULT PASS
+#
+
+profile test {
+  "/bin/alpha\\beta" rix,
+}
+
Index: b/parser/tst/simple_tests/vars/vars_bad_6.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_bad_6.sd
@@ -0,0 +1,7 @@
+#=DESCRIPTION list variables need leading @ symbol
+#=EXRESULT FAIL
+{FOO} = /foo /bar /baz /biff
+
+/usr/bin/foo {
+  /@{FOO}/.foo/* r,
+}
Index: b/parser/tst/simple_tests/vars/vars_bad_7.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_bad_7.sd
@@ -0,0 +1,7 @@
+#=DESCRIPTION variables need closing }
+#=EXRESULT FAIL
+@{FOO = /foo /bar /baz /biff
+
+/usr/bin/foo {
+  /@{FOO}/.foo/* r,
+}
Index: b/parser/tst/simple_tests/vars/vars_bad_8.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_bad_8.sd
@@ -0,0 +1,7 @@
+#=DESCRIPTION variables need matching {}
+#=EXRESULT FAIL
+ at FOO} = /foo /bar /baz /biff
+
+/usr/bin/foo {
+  /@{FOO}/.foo/* r,
+}
Index: b/parser/tst/simple_tests/file/ok_2.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic uppercase permission file rule (should emit warning)
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  /usr/bin/foo RWM,
+}
Index: b/parser/tst/simple_tests/file/bad_append_2.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/bad_append_2.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION a and w conflict (reverse order from bad_append_1.sd)
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  /a aw,
+}
+
Index: b/parser/tst/simple_tests/file/ok_4.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_4.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic inherit uppercase exec permission (should emit warning)
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  /usr/bin/foo iX,
+}
Index: b/parser/tst/simple_tests/file/ok_5.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_5.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic unconfined uppercase exec permission (should emit warning)
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  /usr/bin/foo UX,
+}
Index: b/parser/tst/simple_tests/profile/flags/flags_bad14.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad14.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION fail if flags is not speeled correctly
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flogs=(audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist r,
+}
Index: b/parser/tst/simple_tests/vars/vars_bad_add_assignment_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_bad_add_assignment_1.sd
@@ -0,0 +1,10 @@
+#=DESCRIPTION can't additional assign to variables without initial assign
+#=EXRESULT FAIL
+
+@{FOO} += @{BAZ}
+@{BAZ} = @{BAR}
+@{BAR} = 2006
+
+/bin/foo {
+  /@{FOO} r,
+}
Index: b/parser/tst/simple_tests/profile/flags/flags_bad15.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad15.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION Ensure namespace_relative and chroot_relative conflict
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(namespace_relative, chroot_relative) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist r,
+}
Index: b/parser/tst/simple_tests/file/ok_link_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_link_1.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+  /alpha/beta rl,
+  /gamma/* rwl,
+}
+
Index: b/parser/tst/simple_tests/file/ok_link_2.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_link_2.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+  link /alpha/beta -> /tmp/**,
+  /tmp/** r,
+}
+
Index: b/parser/tst/simple_tests/file/ok_link_3.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_link_3.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+  link subset /alpha/beta -> /tmp/**,
+  /tmp/** r,
+}
+
Index: b/parser/tst/simple_tests/file/ok_other_1.sd
===================================================================
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_other_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple other flag test
+#=EXRESULT PASS
+
+profile test {
+  other /tmp/** rw,
+}




More information about the AppArmor mailing list