[apparmor] [patch] Add severity() to BaseRule class

[Christian Boltz]

Hello,

Am Mittwoch, 3. Juni 2015 schrieb Christian Boltz:
> So here's the updated patch that adds a NOT_IMPLEMENTED constant to 
> severity.py and changes the code to use it.
> 
> See [1] for an interdiff.

Argh, I should also update the comment in rule/__init__.py ;-)



Add severity() to BaseRule class

severity() will, surprise!, return the severity of a rule, or
sev_db.NOT_IMPLEMENTED if a *Rule class doesn't implement the severity()
function.

Also add the NOT_IMPLEMENTED constant to severity.py, and a test to
test-baserule.py that checks the return value in BaseRule.


[ 19-baserule-add-severity.diff ]

=== modified file utils/apparmor/rule/__init__.py
--- utils/apparmor/rule/__init__.py     2015-06-03 23:24:34.798948576 +0200
+++ utils/apparmor/rule/__init__.py     2015-06-03 23:25:46.638698441 +0200
@@ -135,6 +135,12 @@
         '''compare if rule-specific variables are equal'''
         raise AppArmorBug("'%s' needs to implement is_equal_localvars(), but didn't" % (str(self)))
 
+    def severity(self, sev_db):
+        '''return severity of this rule (a number between 0 and 10, where 0 means harmless and 10 means critical),
+           or sev_db.NOT_IMPLEMENTED if no severity check is implemented for this rule type.
+           sev_db must be an apparmor.severity.Severity object.'''
+        return sev_db.NOT_IMPLEMENTED
+
     def modifiers_str(self):
         '''return the allow/deny and audit keyword as string, including whitespace'''
 
=== modified file utils/apparmor/severity.py
--- utils/apparmor/severity.py  2015-06-03 23:24:34.789949109 +0200
+++ utils/apparmor/severity.py  2015-06-03 23:27:30.412600284 +0200
@@ -20,6 +20,7 @@
     def __init__(self, dbname=None, default_rank=10):
         """Initialises the class object"""
         self.PROF_DIR = '/etc/apparmor.d'  # The profile directory
+        self.NOT_IMPLEMENTED = '_-*not*implemented*-_'  # used for rule types that don't have severity ratings
         self.severity = dict()
         self.severity['DATABASENAME'] = dbname
         self.severity['CAPABILITIES'] = {}
=== modified file utils/test/test-baserule.py
--- utils/test/test-baserule.py 2015-06-03 23:24:34.798948576 +0200
+++ utils/test/test-baserule.py 2015-06-03 23:29:26.556777257 +0200
@@ -14,6 +14,7 @@
 
 from apparmor.common import AppArmorBug
 from apparmor.rule import BaseRule, parse_modifiers
+import apparmor.severity as severity
 
 import re
 
@@ -51,6 +52,11 @@
         with self.assertRaises(AppArmorBug):
             parse_modifiers(matches)
 
+    def test_default_severity(self):
+        sev_db = severity.Severity('severity.db', 'unknown')
+        obj = BaseRule()
+        rank = obj.severity(sev_db)
+        self.assertEqual(rank, sev_db.NOT_IMPLEMENTED)
 
 
 setup_all_loops(__name__)




Regards,

Christian Boltz

[1] interdiff 19-baserule-add-severity.{OLD,diff} 
diff -u utils/apparmor/rule/__init__.py utils/apparmor/rule/__init__.py
--- utils/apparmor/rule/__init__.py     2015-05-24 17:06:10.870529896 +0200
+++ utils/apparmor/rule/__init__.py     2015-06-03 23:25:46.638698441 +0200
@@ -137,9 +137,9 @@
 
     def severity(self, sev_db):
         '''return severity of this rule (a number between 0 and 10, where 0 means harmless and 10 means critical),
-           or '--' if no severity check is implemented for this rule type.
+           or sev_db.NOT_IMPLEMENTED if no severity check is implemented for this rule type.
            sev_db must be an apparmor.severity.Severity object.'''
-        return '--'
+        return sev_db.NOT_IMPLEMENTED
 
     def modifiers_str(self):
         '''return the allow/deny and audit keyword as string, including whitespace'''
diff -u utils/test/test-baserule.py utils/test/test-baserule.py
--- utils/test/test-baserule.py 2015-05-24 17:04:12.643586340 +0200
+++ utils/test/test-baserule.py 2015-06-03 23:29:26.556777257 +0200
@@ -14,6 +14,7 @@
 
 from apparmor.common import AppArmorBug
 from apparmor.rule import BaseRule, parse_modifiers
+import apparmor.severity as severity
 
 import re
 
@@ -52,9 +53,10 @@
             parse_modifiers(matches)
 
     def test_default_severity(self):
+        sev_db = severity.Severity('severity.db', 'unknown')
         obj = BaseRule()
-        rank = obj.severity(None)
-        self.assertEqual(rank, '--')
+        rank = obj.severity(sev_db)
+        self.assertEqual(rank, sev_db.NOT_IMPLEMENTED)
 
 
 setup_all_loops(__name__)
only in patch2:
unchanged:
--- utils/apparmor/severity.py  2015-06-03 23:24:34.789949109 +0200
+++ utils/apparmor/severity.py  2015-06-03 23:27:30.412600284 +0200
@@ -20,6 +20,7 @@
     def __init__(self, dbname=None, default_rank=10):
         """Initialises the class object"""
         self.PROF_DIR = '/etc/apparmor.d'  # The profile directory
+        self.NOT_IMPLEMENTED = '_-*not*implemented*-_'  # used for rule types that don't have severity ratings
         self.severity = dict()
         self.severity['DATABASENAME'] = dbname
         self.severity['CAPABILITIES'] = {}

-- 
[Subject: Re: hpdarm bei Systemstart]
Äh, sorry, es geht natürlich um hdparm, nicht um die Gedärme eines hp:-)
[Heinrich Eisterer in suse-linux]