[apparmor] [patch] Add severity() to BaseRule class

Steve Beattie steve at nxnw.org
Fri May 29 21:31:22 UTC 2015 

On Sun, May 24, 2015 at 05:59:58PM +0200, Christian Boltz wrote:
> Hello,
> 
> this patch adds severity() to the BaseRule class
> 
> severity() will, surprise!, return the severity of a rule, or
> '--' if a *Rule class doesn't implement the severity() function

This seems like an error state/bug if it's not implemented. Wouldn't it
be better to raise AppArmorBug() here? We already do this for other
unimplemented abstract methods (which is also a hint that the method
should get the FIXME comment like the other abstract methods have).

> Also add a test that checks the return value in BaseRule.
> 
> [ 19-baserule-add-severity.diff ]


> 
> === modified file utils/apparmor/rule/__init__.py
> --- utils/apparmor/rule/__init__.py     2015-05-24 15:09:45.053491065 +0200
> +++ utils/apparmor/rule/__init__.py     2015-05-24 17:06:10.870529896 +0200
> @@ -135,6 +135,12 @@
>          '''compare if rule-specific variables are equal'''
>          raise AppArmorBug("'%s' needs to implement is_equal_localvars(), but didn't" % (str(self)))
>  
> +    def severity(self, sev_db):
> +        '''return severity of this rule (a number between 0 and 10, where 0 means harmless and 10 means critical),
> +           or '--' if no severity check is implemented for this rule type.
> +           sev_db must be an apparmor.severity.Severity object.'''
> +        return '--'
> +
>      def modifiers_str(self):
>          '''return the allow/deny and audit keyword as string, including whitespace'''
>  
> === modified file utils/test/test-baserule.py
> --- utils/test/test-baserule.py 2015-04-24 22:05:14.737651024 +0200
> +++ utils/test/test-baserule.py 2015-05-24 17:04:12.643586340 +0200
> @@ -51,6 +51,10 @@
>          with self.assertRaises(AppArmorBug):
>              parse_modifiers(matches)
>  
> +    def test_default_severity(self):
> +        obj = BaseRule()
> +        rank = obj.severity(None)
> +        self.assertEqual(rank, '--')
>  
>  
>  setup_all_loops(__name__)
> 

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150529/1ff19620/attachment.pgp>

More information about the AppArmor mailing list