[apparmor] [patch] check for syntax error in aa.py get_profile_flags() and add tests
Christian Boltz
apparmor at cboltz.de
Mon Mar 2 18:26:19 UTC 2015
Hello,
Am Montag, 2. März 2015 schrieb Steve Beattie:
> On Sun, Mar 01, 2015 at 04:08:23PM +0100, Christian Boltz wrote:
> > this patch adds some tests for aa.py get_profile_flags().
> >
> > It also adds a check to get_profile_flags() to catch an invalid
> > syntax:
> > /foo ( ) {
> >
> > was accepted by get_profile_flags, while
> >
> > /foo () {
> >
> > failed.
> >
> > When testing with the parser, both result in a syntax error,
> > therefore the patch makes sure it also fails in
> > get_profile_flags().
>
> As an aside, I can accept that the current behavior of the parser is
> to give an error here, though it could be better:
>
> $ echo 'profile /t () { } ' | apparmor_parser -d -QK
> Warning from stdin (line 1): apparmor_parser: cannot use or update
> cache, disable, or force-complain via stdin AppArmor parser error, in
> stdin line 1: syntax error, unexpected TOK_CLOSEPAREN, expecting
> TOK_VALUE
>
> I don't see any language test cases that cover this to ensure we
> retain this behavior:
>
> $ grep -Er "\( *\)" parser/tst/simple_tests/
> parser/tst/simple_tests/unix/ok_regex_16.sd: unix
> peer=(label=splat\(), parser/tst/simple_tests/dbus/ok_regex_06.sd:
> dbus send bus=session peer=(label=splat\(),
>
> So we should probably address that as well.
OK, that's an easy one ;-)
(if we ever decide that empty flags should be valid syntax, we can
rename the tests and update the description)
Add parser tests for empty flags (which result in "syntax error")
[ parser-test-add-empty-flags.diff ]
=== added file 'parser/tst/simple_tests/profile/flags/flags_bad16.sd'
--- parser/tst/simple_tests/profile/flags/flags_bad16.sd 1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/profile/flags/flags_bad16.sd 2015-03-02 18:11:25 +0000
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure empty flags fail
+#=EXRESULT FAIL
+# vim:syntax=apparmor
+#
+/does/not/exist flags=() {
+
+ /does/not/exist r,
+}
=== added file 'parser/tst/simple_tests/profile/flags/flags_bad17.sd'
--- parser/tst/simple_tests/profile/flags/flags_bad17.sd 1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/profile/flags/flags_bad17.sd 2015-03-02 18:15:26 +0000
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure empty (whitespace-only) flags fail
+#=EXRESULT FAIL
+# vim:syntax=apparmor
+#
+/does/not/exist ( ) {
+
+ /does/not/exist r,
+}
Regards,
Christian Boltz
--
Hier wird wohl im Moment alles gesiggt, was bei drei
nicht auf dem Baum ist. [Thilo Machotta in dag°]
More information about the AppArmor
mailing list