[apparmor] [utils][tests] tests for logpparser
Kshitij Gupta
kgupta8592 at gmail.com
Fri Oct 17 14:58:41 UTC 2014
Hello,
This patch:
- adds a directory to hold test-logs for logparser tests
- populates test directory with some test logs (stolen from cboltz)
- creates a simple test to check if logs in the test directory are
being parsed without throwing any exception or not
At present the test directory contains 4 test logs:
- audit.log-bärendienst--lp1379884[1] : Tests for invalid utf8 encoded
strings. [FAIL]
- audit.log-invalid-utf8--r2744 : Test that invalid utf8 characters
are ignored. [PASS]
- audit.log-variable : Plain test for @ variable [PASS]
- Western-ISO-8859-15-encoding-audit.log : Same log entries as
audit.log-invalid-utf8--r2744, stored using ISO-8859-15 encoding
instead of UTF-8 [PASS]
[1]: caused bzr to error out with the following trace when removing
the temp file (though bzr add worked fine)
$ bzr rm test/logparser-test-logs/audit.log-*~
bzr: ERROR: Invalid url supplied to transport:
"utils/test/logparser-test-logs/audit.log-bärendienst--lp1379884~.~1~":
URL was not a plain ASCII url: 'ascii' codec can't encode character
u'\xe4' in position 42: ordinal not in range(128)
=== added directory 'utils/test/logparser-test-logs'
=== added file 'utils/test/logparser-test-logs/Western-ISO-8859-15-encoding-audit.log'
--- utils/test/logparser-test-logs/Western-ISO-8859-15-encoding-audit.log
1970-01-01 00:00:00 +0000
+++ utils/test/logparser-test-logs/Western-ISO-8859-15-encoding-audit.log
2014-10-17 14:31:17 +0000
@@ -0,0 +1,6 @@
+Note: This file is stored using Western-ISO-8859-15 encoding
+This line should be ignored.
+Some invalid utf8 characters (which should be ignored): like
iso-8859-1-encoded äöüß, ö
+
+type=AVC msg=audit(1411473165.589:485): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd" name="/dev/log" pid=13468
comm="klogd" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
+
=== added file 'utils/test/logparser-test-logs/audit.log-bÀrendienst--lp1379884'
--- utils/test/logparser-test-logs/audit.log-bÀrendienst--lp1379884
1970-01-01 00:00:00 +0000
+++ utils/test/logparser-test-logs/audit.log-bÀrendienst--lp1379884
2014-10-17 14:28:02 +0000
@@ -0,0 +1,5 @@
+The last line should not cause any problems (contains an iso-8859-1
encoded filename, which is not valid utf8)
+
+type=AVC msg=audit(1411473165.589:485): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd" name="/dev/log" pid=13468
comm="klogd" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
+
+type=AVC msg=audit(1411473165.591:504): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd"
name=2F686F6D652F7379732D746D702F62E472656E6469656E7374 pid=13468
comm="klogd" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
=== added file 'utils/test/logparser-test-logs/audit.log-invalid-utf8--r2744'
--- utils/test/logparser-test-logs/audit.log-invalid-utf8--r2744
1970-01-01 00:00:00 +0000
+++ utils/test/logparser-test-logs/audit.log-invalid-utf8--r2744
2014-10-10 19:48:27 +0000
@@ -0,0 +1,5 @@
+This line should be ignored.
+Also, lines with invalid utf8 chars like iso-8859-1-encoded äöüß
shouldn't cause an error
+(if a filename contains special characters, it will be encoded, so
the log is ASCII only.)
+
+type=AVC msg=audit(1411473165.589:485): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd" name="/dev/log" pid=13468
comm="klogd" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
=== added file 'utils/test/logparser-test-logs/audit.log-variable'
--- utils/test/logparser-test-logs/audit.log-variable 1970-01-01
00:00:00 +0000
+++ utils/test/logparser-test-logs/audit.log-variable 2014-10-17
14:30:39 +0000
@@ -0,0 +1,6 @@
+just a normal filename, even if it contains a @
+
+type=AVC msg=audit(1407865079.883:215): apparmor="ALLOWED"
operation="exec" profile="/sbin/klogd" name="/does/not/exist at disk"
pid=11832 comm="foo" requested_mask="x" denied_mask="x" fsuid=1000
ouid=0 target="/sbin/klogd//null-1"
+
+filenames that look like a variable should be escaped
+type=AVC msg=audit(1407865079.883:215): apparmor="ALLOWED"
operation="exec" profile="/sbin/klogd"
name="/does/not/exist@{DOVECOT_MAILSTORE}" pid=11832 comm="foo"
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
target="/sbin/klogd//null-1"
=== added file 'utils/test/test-logparser.py'
--- utils/test/test-logparser.py 1970-01-01 00:00:00 +0000
+++ utils/test/test-logparser.py 2014-10-17 14:55:31 +0000
@@ -0,0 +1,54 @@
+#! /usr/bin/env python
+# ----------------------------------------------------------------------
+# Copyright (C) 2014 Kshitij Gupta <kgupta8592 at gmail.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+import os
+import sys
+import unittest
+
+import apparmor.logparser as logparser
+
+# Path to directory containing audit logs
+test_logs_dir = './logparser-test-logs'
+# The profile being used in log entries
+# If the log entry uses a different profile then the event will not
be added to the tree
+test_profile = '/sbin/klogd'
+
+
+class LogparserTest(unittest.TestCase):
+
+ pid = dict()
+ existing_profiles = { test_profile: True }
+ profile_dir = '/dev/null'
+ log = list()
+
+ def test_log_directory(self):
+ for log_file in filter(lambda x: os.path.isfile(x),
map(lambda x: os.path.join(test_logs_dir, x),
os.listdir(test_logs_dir))):
+ print("Test log file: %s\n" % (os.path.basename(log_file)))
+
+ log_reader = logparser.ReadLog(self.pid, log_file,
self.existing_profiles, self.profile_dir, self.log)
+
+ log_reader.read_log('')
+
+ #assert(log != [])
+
+
+if __name__ == "__main__":
+ #import sys;sys.argv = ['', 'Test.testName']
+
+ if not os.path.exists(test_logs_dir):
+ # Test directory not found
+ # Silently die
+ sys.exit(1)
+
+ unittest.main()
Regards,
Kshitij Gupta
More information about the AppArmor
mailing list