[apparmor] [Patch] [Parser] Fix bare include keyword
John Johansen
john.johansen at canonical.com
Sat Jun 27 04:42:24 UTC 2015
On 06/24/2015 01:31 PM, Steve Beattie wrote:
> On Wed, Jun 17, 2015 at 02:41:30AM -0700, John Johansen wrote:
>> Fix the regression that caused using 'include' instead of '#include' for
>> includes to stop working.
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>>
>> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
>> index 5af788a..974548d 100644
>> --- a/parser/parser_lex.l
>> +++ b/parser/parser_lex.l
>> @@ -517,7 +517,7 @@ LT_EQUAL <=
>> }
>> }
>>
>> -#include/.*\r?\n {
>> +#?include/.*\r?\n {
>> /* Don't use PUSH() macro here as we don't want #include echoed out.
>> * It needs to be handled specially
>> */
>
> While I'm not rescinding my ack, this does introduce a new flex warning:
>
> parser_lex.l:519: warning, dangerous trailing context
>
thanks for catching that, I missed it completely and it is not good and worth
a nak
below is a fixed patch
---
commit 6aafc30b194f49db75b6abd9ee0c7780219a58b1
Author: John Johansen <john.johansen at canonical.com>
Date: Sun Jun 14 00:58:51 2015 -0700
Fix bare include keyword
Fix the regression that caused using 'include' instead of '#include' for
includes to stop working.
Signed-off-by: John Johansen <john.johansen at canonical.com>
diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index 2832a1c..8b0c436 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -519,7 +519,14 @@ LT_EQUAL <=
#include/.*\r?\n {
/* Don't use PUSH() macro here as we don't want #include echoed out.
* It needs to be handled specially
- */
+ */
+ yy_push_state(INCLUDE);
+}
+
+include/{WS} {
+ /* Don't use PUSH() macro here as we don't want #include echoed out.
+ * It needs to be handled specially
+ */
yy_push_state(INCLUDE);
}
diff --git a/parser/tst/simple_tests/bare_include_tests/bad_1.sd b/parser/tst/simple_tests/bare_include_tests/bad_1.sd
new file mode 100644
index 0000000..71cb038
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/bad_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION includes testing - non-existent include should fail
+#=EXRESULT FAIL
+#
+/does/not/exist {
+ include <does-not-exist/does-not-exist>
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/bad_2.sd b/parser/tst/simple_tests/bare_include_tests/bad_2.sd
new file mode 100644
index 0000000..5f62646
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/bad_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION includes testing - mis-parsing include should fail
+#=EXRESULT FAIL
+#
+/does/not/exist {
+ include does-not-exist/does-not-exist
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/bad_3.sd b/parser/tst/simple_tests/bare_include_tests/bad_3.sd
new file mode 100644
index 0000000..254bf02
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/bad_3.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION includes testing - non-existent include should fail
+#=EXRESULT FAIL
+#
+/does/not/exist {
+ include <does-not-exist/does-not-exist>
+ include <includes/base>
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/bad_4.sd b/parser/tst/simple_tests/bare_include_tests/bad_4.sd
new file mode 100644
index 0000000..e592764
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/bad_4.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION includes testing - non-existent include should fail
+#=EXRESULT FAIL
+#
+/does/not/exist {
+ include <includes/base>
+ include <does-not-exist/does-not-exist>
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-bak b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-bak
new file mode 100644
index 0000000..26f9e4c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-bak
@@ -0,0 +1 @@
+THIS WILL NOT PARSE!
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-dist b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-dist
new file mode 100644
index 0000000..26f9e4c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-dist
@@ -0,0 +1 @@
+THIS WILL NOT PARSE!
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-new b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-new
new file mode 100644
index 0000000..26f9e4c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-new
@@ -0,0 +1 @@
+THIS WILL NOT PARSE!
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-old b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-old
new file mode 100644
index 0000000..26f9e4c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.dpkg-old
@@ -0,0 +1 @@
+THIS WILL NOT PARSE!
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.rpmnew b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.rpmnew
new file mode 100644
index 0000000..26f9e4c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.rpmnew
@@ -0,0 +1 @@
+THIS WILL NOT PARSE!
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.rpmsave b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.rpmsave
new file mode 100644
index 0000000..26f9e4c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include.rpmsave
@@ -0,0 +1 @@
+THIS WILL NOT PARSE!
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include~ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include~
new file mode 100644
index 0000000..26f9e4c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/bad-include~
@@ -0,0 +1 @@
+THIS WILL NOT PARSE!
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix/good-include b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/good-include
new file mode 100644
index 0000000..08d3a9d
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix/good-include
@@ -0,0 +1,2 @@
+# Valid include
+@{FOO} = /foo /bar
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix_1.sd b/parser/tst/simple_tests/bare_include_tests/ignored_suffix_1.sd
new file mode 100644
index 0000000..c279c2c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix_1.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION includes testing - verify that ignored suffixes are ignored
+#=EXRESULT PASS
+#
+
+include <include_tests/ignored_suffix>
+
+/does/not/exist {
+ @{FOO} r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix_2.sd b/parser/tst/simple_tests/bare_include_tests/ignored_suffix_2.sd
new file mode 100644
index 0000000..7d7db10
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix_2.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION includes testing - verify that only suffixes are ignored
+#=EXRESULT PASS
+#
+
+include <include_tests/ignored_suffix_2>
+
+/does/not/exist {
+ @{FOO} r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/ignored_suffix_2/good.dpkg-new.include b/parser/tst/simple_tests/bare_include_tests/ignored_suffix_2/good.dpkg-new.include
new file mode 100644
index 0000000..08d3a9d
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ignored_suffix_2/good.dpkg-new.include
@@ -0,0 +1,2 @@
+# Valid include
+@{FOO} = /foo /bar
diff --git a/parser/tst/simple_tests/bare_include_tests/includes_okay_helper.include b/parser/tst/simple_tests/bare_include_tests/includes_okay_helper.include
new file mode 100644
index 0000000..df102ce
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/includes_okay_helper.include
@@ -0,0 +1,6 @@
+#
+#=DESCRIPTION A helper for includes_okay.sd
+#
+ include <includes/fonts>
+
+ /tmp/** r,
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_1.sd b/parser/tst/simple_tests/bare_include_tests/ok_1.sd
new file mode 100644
index 0000000..766038b
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ok_1.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION includes testing - basic include of global and local include
+#=EXRESULT PASS
+#
+/does/not/exist {
+ #include <includes/base>
+ #include <include_tests/includes_okay_helper.include>
+ #include <includes/base>
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_2.sd b/parser/tst/simple_tests/bare_include_tests/ok_2.sd
new file mode 100644
index 0000000..d382fa0
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ok_2.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION includes testing - test some "odd" locations of includes
+#=EXRESULT PASS
+#
+/does/not/exist {
+ /does/not/exist mr, #include <includes/base> /bin/true Px,
+ include <include_tests/includes_okay_helper.include> #include <includes/base>
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_3.sd b/parser/tst/simple_tests/bare_include_tests/ok_3.sd
new file mode 100644
index 0000000..854cfd4
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/ok_3.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION includes testing - basic include of a directory
+#=EXRESULT PASS
+#
+/does/not/exist {
+ include <includes/base>
+ include <includes/>
+ include <includes/base>
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/recursive.sd b/parser/tst/simple_tests/bare_include_tests/recursive.sd
new file mode 100644
index 0000000..83f033c
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/recursive.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION includes testing - recursive include should fail
+#=EXRESULT FAIL
+#
+/does/not/exist {
+ include <include_tests/recursive.sd>
+}
More information about the AppArmor
mailing list