[apparmor] [patch] move tests for convert_regexp() to (new) test-aare.py
Christian Boltz
apparmor at cboltz.de
Sat Sep 12 21:18:03 UTC 2015
Hello,
the tests for convert_regexp() were hidden in common_test.py, where they
were never executed.
This patch moves them to the new file test-aare.py and also converts the
regex_tests.ini to a tests[] array to have the test data inside the test
file. (All tests from regex_tests.ini are in test-aare.py, and two tests
with prepended and appended path segments were added.)
Also add some tests that check the raw behaviour of convert_regexp() -
the tests "by example" are probably more useful and for sure more
readable ;-) but I want to have some examples of the converted regexes
available.
One thing I noticed is that
/\{foo,bar}
gets converted to the regex
^/\(foo|bar)$
however I'd expect that \{ shouldn't be handled as alternation.
Do I expect something wrong, or is this a bug in convert_regexp()?
[ 86-move-test-convert-regexp.diff ]
=== modified file ./utils/test/common_test.py
--- utils/test/common_test.py 2015-09-12 23:11:45.924638052 +0200
+++ utils/test/common_test.py 2015-09-12 23:01:10.571758086 +0200
@@ -15,25 +15,10 @@
import unittest
import inspect
import os
-import re
import shutil
import sys
import tempfile
-import apparmor.common
-import apparmor.config
-
-class Test(unittest.TestCase):
-
-
- def test_RegexParser(self):
- tests = apparmor.config.Config('ini')
- tests.CONF_DIR = '.'
- regex_tests = tests.read_config('regex_tests.ini')
- for regex in regex_tests.sections():
- parsed_regex = re.compile(apparmor.common.convert_regexp(regex))
- for regex_testcase in regex_tests.options(regex):
- self.assertEqual(bool(parsed_regex.search(regex_testcase)), eval(regex_tests[regex][regex_testcase]), 'Incorrectly Parsed regex: %s' %regex)
#def test_readkey(self):
# print("Please press the Y button on the keyboard.")
=== modified file ./utils/test/regex_tests.ini
--- utils/test/regex_tests.ini 2015-09-12 23:11:45.925637994 +0200
+++ utils/test/regex_tests.ini 2015-09-12 22:44:28.355335505 +0200
@@ -1,81 +0,0 @@
-# ----------------------------------------------------------------------
-# Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# ----------------------------------------------------------------------
-[/foo/**/bar/]
- /foo/user/tools/bar/ = True
- /foo/apparmor/bar/ = True
- /foo/apparmor/bar = False
-
-[/foo/*/bar/]
- /foo/apparmor/bar/ = True
- /foo/apparmor/tools/bar/ = False
- /foo/apparmor/bar = False
-
-[/foo/{foo,bar,user,other}/bar/]
- /foo/user/bar/ = True
- /foo/bar/bar/ = True
- /foo/wrong/bar/ = False
-
-[/foo/{foo,bar,user,other}/test,ca}se/{aa,sd,nd}/bar/]
- /foo/user/test,ca}se/aa/bar/ = True
- /foo/bar/test,ca}se/sd/bar/ = True
- /foo/wrong/user/bar/ = False
- /foo/user/wrong/bar/ = False
- /foo/wrong/aa/bar/ = False
-
-[/foo/user/ba?/]
- /foo/user/bar/ = True
- /foo/user/bar/apparmor/ = False
- /foo/user/ba/ = False
- /foo/user/ba// = False
-
-[/foo/user/bar/**]
- /foo/user/bar/apparmor = True
- /foo/user/bar/apparmor/tools = True
- /foo/user/bar/ = False
-
-[/foo/user/bar/*]
- /foo/user/bar/apparmor = True
- /foo/user/bar/apparmor/tools = False
- /foo/user/bar/ = False
- /foo/user/bar/apparmor/ = False
-
-[/foo/**.jpg]
- /foo/bar/baz/foobar.jpg = True
- /foo/bar/foobar.jpg = True
- /foo/bar/*.jpg = True
- /foo/bar.jpg = True
- /foo/barjpg = False
- /foo/.* = False
- /foo/**.jpg = True
- /foo/*.jpg = True
- /bar.jpg = False
- /**.jpg = False
- /*.jpg = False
- /foo/*.bar = False
-
-[/foo/{**,}]
- /foo/ = True
- /foo/bar = True
- /foo/bar/ = True
- /foo/bar/baz = True
- /foo/bar/baz/ = True
- /bar/ = False
-
-[/foo/{,**}]
- /foo/ = True
- /foo/bar = True
- /foo/bar/ = True
- /foo/bar/baz = True
- /foo/bar/baz/ = True
- /bar/ = False
=== modified file ./utils/test/test-aare.py
--- utils/test/test-aare.py 2015-09-12 23:11:45.926637935 +0200
+++ utils/test/test-aare.py 2015-09-12 23:11:35.093270782 +0200
@@ -0,0 +1,110 @@
+#! /usr/bin/env python
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
+# Copyright (C) 2015 Christian Boltz <apparmor at cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+import unittest
+from common_test import AATest, setup_all_loops
+
+import re
+from apparmor.common import convert_regexp
+
+class TestConvert_regexp(AATest):
+ tests = [
+ ('/foo', '^/foo$'),
+ ('/{foo,bar}', '^/(foo|bar)$'),
+ # ('/\{foo,bar}', '^/\{foo,bar}$'), # XXX gets converted to ^/\(foo|bar)$
+ ('/fo[abc]', '^/fo[abc]$'),
+ ('/foo bar', '^/foo bar$'),
+ ('/x\y', '^/x\y$'),
+ ('/x\[y', '^/x\[y$'),
+ ('/x\\y', '^/x\\y$'),
+ ('/fo?', '^/fo[^/\000]$'),
+ ('/foo/*', '^/foo/(((?<=/)[^/\000]+)|((?<!/)[^/\000]*))$'),
+ ('/foo/**.bar', '^/foo/(((?<=/)[^\000]+)|((?<!/)[^\000]*))\.bar$'),
+ ]
+
+ def _run_test(self, params, expected):
+ self.assertEqual(convert_regexp(params), expected)
+
+class TestExamplesConvert_regexp(AATest):
+ tests = [
+ # aare path to check match expected?
+ (['/foo/**/bar/', '/foo/user/tools/bar/' ], True),
+ (['/foo/**/bar/', '/foo/apparmor/bar/' ], True),
+ (['/foo/**/bar/', '/foo/apparmor/bar' ], False),
+ (['/foo/**/bar/', '/a/foo/apparmor/bar/' ], False),
+ (['/foo/**/bar/', '/foo/apparmor/bar/baz' ], False),
+
+ (['/foo/*/bar/', '/foo/apparmor/bar/' ], True),
+ (['/foo/*/bar/', '/foo/apparmor/tools/bar/' ], False),
+ (['/foo/*/bar/', '/foo/apparmor/bar' ], False),
+
+ (['/foo/user/ba?/', '/foo/user/bar/' ], True),
+ (['/foo/user/ba?/', '/foo/user/bar/apparmor/' ], False),
+ (['/foo/user/ba?/', '/foo/user/ba/' ], False),
+ (['/foo/user/ba?/', '/foo/user/ba//' ], False),
+
+ (['/foo/user/bar/**', '/foo/user/bar/apparmor' ], True),
+ (['/foo/user/bar/**', '/foo/user/bar/apparmor/tools' ], True),
+ (['/foo/user/bar/**', '/foo/user/bar/' ], False),
+
+ (['/foo/user/bar/*', '/foo/user/bar/apparmor' ], True),
+ (['/foo/user/bar/*', '/foo/user/bar/apparmor/tools' ], False),
+ (['/foo/user/bar/*', '/foo/user/bar/' ], False),
+ (['/foo/user/bar/*', '/foo/user/bar/apparmor/' ], False),
+
+ (['/foo/**.jpg', '/foo/bar/baz/foobar.jpg' ], True),
+ (['/foo/**.jpg', '/foo/bar/foobar.jpg' ], True),
+ (['/foo/**.jpg', '/foo/bar/*.jpg' ], True),
+ (['/foo/**.jpg', '/foo/bar.jpg' ], True),
+ (['/foo/**.jpg', '/foo/**.jpg' ], True),
+ (['/foo/**.jpg', '/foo/*.jpg' ], True),
+ (['/foo/**.jpg', '/foo/barjpg' ], False),
+ (['/foo/**.jpg', '/foo/.*' ], False),
+ (['/foo/**.jpg', '/bar.jpg' ], False),
+ (['/foo/**.jpg', '/**.jpg' ], False),
+ (['/foo/**.jpg', '/*.jpg' ], False),
+ (['/foo/**.jpg', '/foo/*.bar' ], False),
+
+ (['/foo/{**,}', '/foo/' ], True),
+ (['/foo/{**,}', '/foo/bar' ], True),
+ (['/foo/{**,}', '/foo/bar/' ], True),
+ (['/foo/{**,}', '/foo/bar/baz' ], True),
+ (['/foo/{**,}', '/foo/bar/baz/' ], True),
+ (['/foo/{**,}', '/bar/' ], False),
+
+ (['/foo/{,**}', '/foo/' ], True),
+ (['/foo/{,**}', '/foo/bar' ], True),
+ (['/foo/{,**}', '/foo/bar/' ], True),
+ (['/foo/{,**}', '/foo/bar/baz' ], True),
+ (['/foo/{,**}', '/foo/bar/baz/' ], True),
+ (['/foo/{,**}', '/bar/' ], False),
+
+ (['/foo/{foo,bar,user,other}/bar/', '/foo/user/bar/' ], True),
+ (['/foo/{foo,bar,user,other}/bar/', '/foo/bar/bar/' ], True),
+ (['/foo/{foo,bar,user,other}/bar/', '/foo/wrong/bar/' ], False),
+
+ (['/foo/{foo,bar,user,other}/test,ca}se/{aa,sd,nd}/bar/', '/foo/user/test,ca}se/aa/bar/' ], True),
+ (['/foo/{foo,bar,user,other}/test,ca}se/{aa,sd,nd}/bar/', '/foo/bar/test,ca}se/sd/bar/' ], True),
+ (['/foo/{foo,bar,user,other}/test,ca}se/{aa,sd,nd}/bar/', '/foo/wrong/user/bar/' ], False),
+ (['/foo/{foo,bar,user,other}/test,ca}se/{aa,sd,nd}/bar/', '/foo/user/wrong/bar/' ], False),
+ (['/foo/{foo,bar,user,other}/test,ca}se/{aa,sd,nd}/bar/', '/foo/wrong/aa/bar/' ], False),
+ ]
+
+ def _run_test(self, params, expected):
+ regex, path = params
+ parsed_regex = re.compile(convert_regexp(regex))
+ self.assertEqual(bool(parsed_regex.search(path)), expected, 'Incorrectly Parsed regex: %s' %regex)
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=2)
Regards,
Christian Boltz
--
> Years ago, the installation of some packages sent emails to root [...]
> This is not done any more. Why? :-?
Because you didn't reply to them, the installation process then decided
that it was a waste of time sending you e-mails and so......stopped
sending them to you.
[> Carlos E. R. and Basil Chupin in opensuse-factory]
More information about the AppArmor
mailing list