[apparmor] [patch] check for syntax error in aa.py get_profile_flags() and add tests
Steve Beattie
steve at nxnw.org
Mon Mar 2 17:53:14 UTC 2015
On Sun, Mar 01, 2015 at 04:08:23PM +0100, Christian Boltz wrote:
> this patch adds some tests for aa.py get_profile_flags().
>
> It also adds a check to get_profile_flags() to catch an invalid syntax:
> /foo ( ) {
> was accepted by get_profile_flags, while
> /foo () {
> failed.
>
> When testing with the parser, both result in a syntax error, therefore
> the patch makes sure it also fails in get_profile_flags().
As an aside, I can accept that the current behavior of the parser is to
give an error here, though it could be better:
$ echo 'profile /t () { } ' | apparmor_parser -d -QK
Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_CLOSEPAREN, expecting TOK_VALUE
I don't see any language test cases that cover this to ensure we retain
this behavior:
$ grep -Er "\( *\)" parser/tst/simple_tests/
parser/tst/simple_tests/unix/ok_regex_16.sd: unix peer=(label=splat\(),
parser/tst/simple_tests/dbus/ok_regex_06.sd: dbus send bus=session peer=(label=splat\(),
So we should probably address that as well.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150302/f8aebd06/attachment.pgp>
More information about the AppArmor
mailing list