[apparmor] [utils][tests] tests for logpparser

Kshitij Gupta kgupta8592 at gmail.com
Fri Oct 17 14:58:41 UTC 2014 

Hello,

This patch:
- adds a directory to hold test-logs for logparser tests
- populates test directory with some test logs (stolen from cboltz)
- creates a simple test to check if logs in the test directory are
being parsed without throwing any exception or not

At present the test directory contains 4 test logs:
- audit.log-bärendienst--lp1379884[1] : Tests for invalid utf8 encoded
strings. [FAIL]
- audit.log-invalid-utf8--r2744 : Test that invalid utf8 characters
are ignored. [PASS]
- audit.log-variable : Plain test for @ variable [PASS]
- Western-ISO-8859-15-encoding-audit.log :  Same log entries as
audit.log-invalid-utf8--r2744, stored using ISO-8859-15 encoding
instead of UTF-8 [PASS]

[1]: caused bzr to error out with the following trace when removing
the temp file (though bzr add worked fine)
$ bzr rm test/logparser-test-logs/audit.log-*~
bzr: ERROR: Invalid url supplied to transport:
"utils/test/logparser-test-logs/audit.log-bärendienst--lp1379884~.~1~":
URL was not a plain ASCII url: 'ascii' codec can't encode character
u'\xe4' in position 42: ordinal not in range(128)

=== added directory 'utils/test/logparser-test-logs'
=== added file 'utils/test/logparser-test-logs/Western-ISO-8859-15-encoding-audit.log'
--- utils/test/logparser-test-logs/Western-ISO-8859-15-encoding-audit.log
   1970-01-01 00:00:00 +0000
+++ utils/test/logparser-test-logs/Western-ISO-8859-15-encoding-audit.log
   2014-10-17 14:31:17 +0000
@@ -0,0 +1,6 @@
+Note: This file is stored using Western-ISO-8859-15 encoding
+This line should be ignored.
+Some invalid utf8 characters (which should be ignored):  like
iso-8859-1-encoded äöüß, ö
+
+type=AVC msg=audit(1411473165.589:485): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd" name="/dev/log" pid=13468
comm="klogd" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
+

=== added file 'utils/test/logparser-test-logs/audit.log-bÀrendienst--lp1379884'
--- utils/test/logparser-test-logs/audit.log-bÀrendienst--lp1379884
 1970-01-01 00:00:00 +0000
+++ utils/test/logparser-test-logs/audit.log-bÀrendienst--lp1379884
 2014-10-17 14:28:02 +0000
@@ -0,0 +1,5 @@
+The last line should not cause any problems (contains an iso-8859-1
encoded filename, which is not valid utf8)
+
+type=AVC msg=audit(1411473165.589:485): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd" name="/dev/log" pid=13468
comm="klogd" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
+
+type=AVC msg=audit(1411473165.591:504): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd"
name=2F686F6D652F7379732D746D702F62E472656E6469656E7374 pid=13468
comm="klogd" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000

=== added file 'utils/test/logparser-test-logs/audit.log-invalid-utf8--r2744'
--- utils/test/logparser-test-logs/audit.log-invalid-utf8--r2744
1970-01-01 00:00:00 +0000
+++ utils/test/logparser-test-logs/audit.log-invalid-utf8--r2744
2014-10-10 19:48:27 +0000
@@ -0,0 +1,5 @@
+This line should be ignored.
+Also, lines with invalid utf8 chars like iso-8859-1-encoded äöüß
shouldn't cause an error
+(if a filename contains special characters, it will be encoded, so
the log is ASCII only.)
+
+type=AVC msg=audit(1411473165.589:485): apparmor="ALLOWED"
operation="open" profile="/sbin/klogd" name="/dev/log" pid=13468
comm="klogd" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0

=== added file 'utils/test/logparser-test-logs/audit.log-variable'
--- utils/test/logparser-test-logs/audit.log-variable    1970-01-01
00:00:00 +0000
+++ utils/test/logparser-test-logs/audit.log-variable    2014-10-17
14:30:39 +0000
@@ -0,0 +1,6 @@
+just a normal filename, even if it contains a  @
+
+type=AVC msg=audit(1407865079.883:215): apparmor="ALLOWED"
operation="exec" profile="/sbin/klogd" name="/does/not/exist at disk"
pid=11832 comm="foo" requested_mask="x" denied_mask="x" fsuid=1000
ouid=0 target="/sbin/klogd//null-1"
+
+filenames that look like a variable should be escaped
+type=AVC msg=audit(1407865079.883:215): apparmor="ALLOWED"
operation="exec" profile="/sbin/klogd"
name="/does/not/exist@{DOVECOT_MAILSTORE}" pid=11832 comm="foo"
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
target="/sbin/klogd//null-1"

=== added file 'utils/test/test-logparser.py'
--- utils/test/test-logparser.py    1970-01-01 00:00:00 +0000
+++ utils/test/test-logparser.py    2014-10-17 14:55:31 +0000
@@ -0,0 +1,54 @@
+#! /usr/bin/env python
+# ----------------------------------------------------------------------
+#    Copyright (C) 2014 Kshitij Gupta <kgupta8592 at gmail.com>
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License as published by the Free Software Foundation.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+import os
+import sys
+import unittest
+
+import apparmor.logparser as logparser
+
+# Path to directory containing audit logs
+test_logs_dir = './logparser-test-logs'
+# The profile being used in log entries
+# If the log entry uses a different profile then the event will not
be added to the tree
+test_profile = '/sbin/klogd'
+
+
+class LogparserTest(unittest.TestCase):
+
+    pid = dict()
+    existing_profiles = { test_profile: True }
+    profile_dir = '/dev/null'
+    log = list()
+
+    def test_log_directory(self):
+        for log_file in filter(lambda x: os.path.isfile(x),
map(lambda x: os.path.join(test_logs_dir, x),
os.listdir(test_logs_dir))):
+            print("Test log file: %s\n" % (os.path.basename(log_file)))
+
+            log_reader = logparser.ReadLog(self.pid, log_file,
self.existing_profiles, self.profile_dir, self.log)
+
+            log_reader.read_log('')
+
+            #assert(log != [])
+
+
+if __name__ == "__main__":
+    #import sys;sys.argv = ['', 'Test.testName']
+
+    if not os.path.exists(test_logs_dir):
+        # Test directory not found
+        # Silently die
+        sys.exit(1)
+
+    unittest.main()

Regards,

Kshitij Gupta

More information about the AppArmor mailing list