[apparmor] [patch] add tests for aamode.py
Steve Beattie
steve at nxnw.org
Sat Nov 29 08:12:00 UTC 2014
On Fri, Nov 28, 2014 at 07:47:29PM +0100, Christian Boltz wrote:
> Am Donnerstag, 27. November 2014 schrieb Steve Beattie:
> > If we're going to raise an exception that nobody's going to check for,
> > wuld it be better to raise AppArmorBug, as that seems more
> > appropriate, that either there's a bug in our code or we got a dodgy
> > log message with a weird permission mode. Plus we can attach
> > information about why things went wrong. Patch follows:
>
> So we replace an exception that nobody is going to check for with
> another exception (with some additional details) that nobody is going to
> check for? ;-)
Err? I thought we were going to at some point do some fancy
logging/handling of AppArmorBug exceptions, no? So while in the
short term, it doesn't make much difference except in the detailed
reporting, I thought getting things set up for where you wanted to
go in the future made sense.
> > Signed-off-by: Steve Beattie <steve at nxnw.org>
> > ---
> > utils/apparmor/aamode.py | 9 ++++++++-
> > utils/test/test-aamode.py | 7 +++++++
> > 2 files changed, 15 insertions(+), 1 deletion(-)
> >
> > Index: b/utils/apparmor/aamode.py
> > ===================================================================
> > --- a/utils/apparmor/aamode.py
> > +++ b/utils/apparmor/aamode.py
> > @@ -12,6 +12,7 @@
> > #
> > #
> > ---------------------------------------------------------------------
> > - import re
> > +from apparmor.common import AppArmorBug
> >
> > def AA_OTHER(mode):
> > other = set()
> > @@ -103,11 +104,17 @@ def split_log_mode(mode):
> > other = ''
> >
> > if "::" in mode:
> > - user, other = mode.split("::")
> > + try:
> > + user, other = mode.split("::")
> > + except ValueError as e:
> > + raise AppArmorBug("Got ValueError '%s' when splitting %s"
> > % (str(e), mode))
>
> That gives us a better error message than implicitely raising a
> ValueError, and isn't measurable in the execution time. So even if I
> joked about it above, it's an improvement.
>
> > else:
> > user = mode
> > other = mode
> > #print ('split_logmode:', user, mode)
>
> Unrelated: please delete the "#print" line before commiting.
I didn't add it, but sure.
> > + if ":" in user or ":" in other:
> > + raise AppArmorBug("After splitting %s, user (%s) or other
> > (%s) contained ':' " % (mode, user, other))
>
> This check makes aa-logprof slightly slower (~2% - 1:10 instead of 1:09
> runtime for 20 aa-logprof runs on a 4 MB audit.log).
>
> Valid data might be worth that - OTOH, the function doesn't check if
> user or other contain unknown letters, numbers or even special chars
> (splitting "yes!!11!!::no§42" will work successfully, at least until you
> try to use the result ;-)
>
> So I'm undecided if adding this check really makes sense - given that we
> only check for ":" and allow any other strange character, it feels like
> a drop in the ocean ;-)
Well, do we check for sanity on permissions anywhere else that would
detect if we got a wonky log entry? Somewhere we should ensure that we
don't write out garbage to a profile, right?
> > def mode_contains(mode, subset):
> > Index: b/utils/test/test-aamode.py
> > ===================================================================
> > --- a/utils/test/test-aamode.py
> > +++ b/utils/test/test-aamode.py
> > @@ -12,6 +12,7 @@
> > import unittest
> >
> > from apparmor.aamode import split_log_mode, sub_str_to_mode
> > +from apparmor.common import AppArmorBug
> >
> > class AamodeTest_split_log_mode(unittest.TestCase):
> > def test_split_log_mode_1(self):
> > @@ -26,6 +27,12 @@ class AamodeTest_split_log_mode(unittest
> > self.assertEqual(split_log_mode('r::w'), ('r', 'w'))
> > def test_split_log_mode_6(self):
> > self.assertEqual(split_log_mode('rw::rw'), ('rw', 'rw'))
> > + def test_split_log_mode_invalid_1(self):
> > + with self.assertRaises(AppArmorBug):
> > + split_log_mode('r::w::r')
> > + def test_split_log_mode_invalid_2(self):
> > + with self.assertRaises(AppArmorBug):
> > + split_log_mode('r:::r')
>
> With or without the check for ":":
> Acked-by: Christian Boltz <apparmor at cboltz.de>
>
> (If you don't include the check for ":", you'll also have to remove
> test_split_log_mode_invalid_2() test)
I'll drop it for now.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141129/841a8d0a/attachment.pgp>
More information about the AppArmor
mailing list