[apparmor] [patch] [16/38] move glob_path() and glob_path_ext() to AARE
Christian Boltz
apparmor at cboltz.de
Fri Aug 12 20:56:14 UTC 2016
Hello,
[patch] [16/38] move glob_path() and glob_path_ext() to AARE
glob_path() and glob_path_ext() modify a (path) regex, so move them to
AARE. Also change them to use self.regex instead of the newpath
parameter, and to return a new AARE object.
While on it, also add several tests to test-aare.py.
Note: There are still glob_path() and glob_path_ext() calls in aa.py,
but those calls are in a (since the middle of this patch series) dead
code section.
[ 16-move_glob_path_and_glob_path_ext_to_AARE.diff ]
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2016-03-19 00:28:49.716453217 +0100
+++ utils/apparmor/aa.py 2016-03-28 14:45:03.218129205 +0200
@@ -1947,55 +1950,6 @@
default_option = options.index(newpath) + 1
return (options, default_option)
-def glob_path(newpath):
- """Glob the given file path"""
- if newpath[-1] == '/':
- if newpath[-4:] == '/**/' or newpath[-3:] == '/*/':
- # /foo/**/ and /foo/*/ => /**/
- newpath = re.sub('/[^/]+/\*{1,2}/$', '/**/', newpath) # re.sub('/[^/]+/\*{1,2}$/', '/\*\*/', newpath)
- elif re.search('/[^/]+\*\*[^/]*/$', newpath):
- # /foo**/ and /foo**bar/ => /**/
- newpath = re.sub('/[^/]+\*\*[^/]*/$', '/**/', newpath)
- elif re.search('/\*\*[^/]+/$', newpath):
- # /**bar/ => /**/
- newpath = re.sub('/\*\*[^/]+/$', '/**/', newpath)
- else:
- newpath = re.sub('/[^/]+/$', '/*/', newpath)
- else:
- if newpath[-3:] == '/**' or newpath[-2:] == '/*':
- # /foo/** and /foo/* => /**
- newpath = re.sub('/[^/]+/\*{1,2}$', '/**', newpath)
- elif re.search('/[^/]*\*\*[^/]+$', newpath):
- # /**foo and /foor**bar => /**
- newpath = re.sub('/[^/]*\*\*[^/]+$', '/**', newpath)
- elif re.search('/[^/]+\*\*$', newpath):
- # /foo** => /**
- newpath = re.sub('/[^/]+\*\*$', '/**', newpath)
- else:
- newpath = re.sub('/[^/]+$', '/*', newpath)
- return newpath
-
-def glob_path_withext(newpath):
- """Glob given file path with extension"""
- # match /**.ext and /*.ext
- match = re.search('/\*{1,2}(\.[^/]+)$', newpath)
- if match:
- # /foo/**.ext and /foo/*.ext => /**.ext
- newpath = re.sub('/[^/]+/\*{1,2}\.[^/]+$', '/**' + match.groups()[0], newpath)
- elif re.search('/[^/]+\*\*[^/]*\.[^/]+$', newpath):
- # /foo**.ext and /foo**bar.ext => /**.ext
- match = re.search('/[^/]+\*\*[^/]*(\.[^/]+)$', newpath)
- newpath = re.sub('/[^/]+\*\*[^/]*\.[^/]+$', '/**' + match.groups()[0], newpath)
- elif re.search('/\*\*[^/]+\.[^/]+$', newpath):
- # /**foo.ext => /**.ext
- match = re.search('/\*\*[^/]+(\.[^/]+)$', newpath)
- newpath = re.sub('/\*\*[^/]+\.[^/]+$', '/**' + match.groups()[0], newpath)
- else:
- match = re.search('(\.[^/]+)$', newpath)
- if match:
- newpath = re.sub('/[^/]+(\.[^/]+)$', '/*' + match.groups()[0], newpath)
- return newpath
-
def delete_duplicates(profile, incname):
deleted = 0
# Allow rules covered by denied rules shouldn't be deleted
=== modified file ./utils/apparmor/aare.py
--- utils/apparmor/aare.py 2016-01-20 20:23:46.644526742 +0100
+++ utils/apparmor/aare.py 2016-03-28 15:51:44.693939437 +0200
@@ -79,6 +79,57 @@
else:
raise AppArmorBug('AARE.is_equal() called with unknown object: %s' % str(expression))
+ def glob_path(self):
+ '''Glob the given file or directory path'''
+ if self.regex[-1] == '/':
+ if self.regex[-4:] == '/**/' or self.regex[-3:] == '/*/':
+ # /foo/**/ and /foo/*/ => /**/
+ newpath = re.sub('/[^/]+/\*{1,2}/$', '/**/', self.regex) # re.sub('/[^/]+/\*{1,2}$/', '/\*\*/', self.regex)
+ elif re.search('/[^/]+\*\*[^/]*/$', self.regex):
+ # /foo**/ and /foo**bar/ => /**/
+ newpath = re.sub('/[^/]+\*\*[^/]*/$', '/**/', self.regex)
+ elif re.search('/\*\*[^/]+/$', self.regex):
+ # /**bar/ => /**/
+ newpath = re.sub('/\*\*[^/]+/$', '/**/', self.regex)
+ else:
+ newpath = re.sub('/[^/]+/$', '/*/', self.regex)
+ else:
+ if self.regex[-3:] == '/**' or self.regex[-2:] == '/*':
+ # /foo/** and /foo/* => /**
+ newpath = re.sub('/[^/]+/\*{1,2}$', '/**', self.regex)
+ elif re.search('/[^/]*\*\*[^/]+$', self.regex):
+ # /**foo and /foor**bar => /**
+ newpath = re.sub('/[^/]*\*\*[^/]+$', '/**', self.regex)
+ elif re.search('/[^/]+\*\*$', self.regex):
+ # /foo** => /**
+ newpath = re.sub('/[^/]+\*\*$', '/**', self.regex)
+ else:
+ newpath = re.sub('/[^/]+$', '/*', self.regex)
+ return AARE(newpath, False)
+
+ def glob_path_withext(self):
+ '''Glob given file path with extension
+ Files without extensions and directories won't be changed'''
+ # match /**.ext and /*.ext
+ match = re.search('/\*{1,2}(\.[^/]+)$', self.regex)
+ if match:
+ # /foo/**.ext and /foo/*.ext => /**.ext
+ newpath = re.sub('/[^/]+/\*{1,2}\.[^/]+$', '/**' + match.groups()[0], self.regex)
+ elif re.search('/[^/]+\*\*[^/]*\.[^/]+$', self.regex):
+ # /foo**.ext and /foo**bar.ext => /**.ext
+ match = re.search('/[^/]+\*\*[^/]*(\.[^/]+)$', self.regex)
+ newpath = re.sub('/[^/]+\*\*[^/]*\.[^/]+$', '/**' + match.groups()[0], self.regex)
+ elif re.search('/\*\*[^/]+\.[^/]+$', self.regex):
+ # /**foo.ext => /**.ext
+ match = re.search('/\*\*[^/]+(\.[^/]+)$', self.regex)
+ newpath = re.sub('/\*\*[^/]+\.[^/]+$', '/**' + match.groups()[0], self.regex)
+ else:
+ newpath = self.regex
+ match = re.search('(\.[^/]+)$', self.regex)
+ if match:
+ newpath = re.sub('/[^/]+(\.[^/]+)$', '/*' + match.groups()[0], self.regex)
+ return AARE(newpath, False)
+
def convert_expression_to_aare(expression):
'''convert an expression (taken from audit.log) to an AARE string'''
=== modified file ./utils/test/test-aare.py
--- utils/test/test-aare.py 2015-12-27 16:06:12.635071663 +0100
+++ utils/test/test-aare.py 2016-03-28 15:50:50.266212176 +0200
@@ -243,6 +243,117 @@
self.assertEqual(params.orig_regex, dup.orig_regex)
self.assertEqual(params.orig_regex, dup.orig_regex)
+class TestAAREglobPath(AATest):
+ tests = [
+ # _run_test() will also run each test with '/' appended
+ # regex expected AARE.regex
+ ('/foo/bar/baz**', '/foo/bar/**'),
+ ('/foo/bar/**baz', '/foo/bar/**'),
+ ('/foo/bar/fo**baz', '/foo/bar/**'),
+ ('/foo/bar/**foo**', '/foo/bar/**'),
+ ('/foo/bar/**f?o**', '/foo/bar/**'),
+ ('/foo/bar/**fo[a-z]**', '/foo/bar/**'),
+
+ ('/foo/bar/baz', '/foo/bar/*'),
+ ('/foo/bar/baz*', '/foo/bar/*'),
+ ('/foo/bar/*baz', '/foo/bar/*'),
+ ('/foo/bar/fo*baz', '/foo/bar/*'),
+ ('/foo/bar/*foo*', '/foo/bar/*'),
+
+ ('/foo/bar/b[a-z]z', '/foo/bar/*'),
+ ('/foo/bar/{bar,baz}', '/foo/bar/*'),
+ ('/foo/bar/{bar,ba/z}', '/foo/bar/{bar,ba/*'), # XXX
+ ('/foo/*/baz', '/foo/*/*'),
+
+ ('/foo/bar/**', '/foo/**'),
+ ('/foo/bar/*', '/foo/**'),
+
+ ('/foo/**/*', '/foo/**'),
+ ('/foo/*/**', '/foo/**'),
+ ('/foo/*/*', '/foo/**'),
+
+ ]
+
+ def _run_test(self, params, expected):
+ # test for files
+ oldpath = AARE(params, True)
+ newpath = oldpath.glob_path()
+ self.assertEqual(expected, newpath.regex)
+
+ # test for directories
+ oldpath = AARE(params + '/', True)
+ newpath = oldpath.glob_path()
+ self.assertEqual(expected + '/', newpath.regex)
+
+class TestAAREglobPathWithExt(AATest):
+ tests = [
+ # _run_test() will also run each test with '/' appended
+ # regex expected AARE.regex
+
+ # no extension - shouldn't change
+ ('/foo/bar/baz**', '/foo/bar/baz**'),
+ ('/foo/bar/**baz', '/foo/bar/**baz'),
+ ('/foo/bar/fo**baz', '/foo/bar/fo**baz'),
+ ('/foo/bar/**foo**', '/foo/bar/**foo**'),
+ ('/foo/bar/**f?o**', '/foo/bar/**f?o**'),
+ ('/foo/bar/**fo[a-z]**', '/foo/bar/**fo[a-z]**'),
+
+ ('/foo/bar/baz', '/foo/bar/baz'),
+ ('/foo/bar/baz*', '/foo/bar/baz*'),
+ ('/foo/bar/*baz', '/foo/bar/*baz'),
+ ('/foo/bar/fo*baz', '/foo/bar/fo*baz'),
+ ('/foo/bar/*foo*', '/foo/bar/*foo*'),
+
+ ('/foo/bar/b[a-z]z', '/foo/bar/b[a-z]z'),
+ ('/foo/bar/{bar,baz}', '/foo/bar/{bar,baz}'),
+ ('/foo/bar/{bar,ba/z}', '/foo/bar/{bar,ba/z}'),
+ ('/foo/*/baz', '/foo/*/baz'),
+
+ ('/foo/bar/**', '/foo/bar/**'),
+ ('/foo/bar/*', '/foo/bar/*'),
+
+ ('/foo/**/*', '/foo/**/*'),
+ ('/foo/*/**', '/foo/*/**'),
+ ('/foo/*/*', '/foo/*/*'),
+
+ # with extension added
+ ('/foo/bar/baz**.xy', '/foo/bar/**.xy'),
+ ('/foo/bar/**baz.xy', '/foo/bar/**.xy'),
+ ('/foo/bar/fo**baz.xy', '/foo/bar/**.xy'),
+ ('/foo/bar/**foo**.xy', '/foo/bar/**.xy'),
+ ('/foo/bar/**f?o**.xy', '/foo/bar/**.xy'),
+ ('/foo/bar/**fo[a-z]**.xy', '/foo/bar/**.xy'),
+
+ ('/foo/bar/baz.xy', '/foo/bar/*.xy'),
+ ('/foo/bar/baz*.xy', '/foo/bar/*.xy'),
+ ('/foo/bar/*baz.xy', '/foo/bar/*.xy'),
+ ('/foo/bar/fo*baz.xy', '/foo/bar/*.xy'),
+ ('/foo/bar/*foo*.xy', '/foo/bar/*.xy'),
+
+ ('/foo/bar/b[a-z]z.xy', '/foo/bar/*.xy'),
+ ('/foo/bar/{bar,baz}.xy', '/foo/bar/*.xy'),
+ ('/foo/bar/{bar,ba/z}.xy', '/foo/bar/{bar,ba/*.xy'), # XXX
+ ('/foo/*/baz.xy', '/foo/*/*.xy'),
+
+ ('/foo/bar/**.xy', '/foo/**.xy'),
+ ('/foo/bar/*.xy', '/foo/**.xy'),
+
+ ('/foo/**/*.xy', '/foo/**.xy'),
+ ('/foo/*/**.xy', '/foo/**.xy'),
+ ('/foo/*/*.xy', '/foo/**.xy'),
+ ]
+
+ def _run_test(self, params, expected):
+ # test for files
+ oldpath = AARE(params, True)
+ newpath = oldpath.glob_path_withext()
+ self.assertEqual(expected, newpath.regex)
+
+ # test for directories - should be kept unchanged
+ oldpath = AARE(params + '/', True)
+ newpath = oldpath.glob_path_withext()
+ self.assertEqual(params + '/', newpath.regex) # note that we compare to params, not expected here
+
setup_all_loops(__name__)
if __name__ == '__main__':
Regards,
Christian Boltz
--
Patches come and go like socks. Nobody really wants a bugzilla entry
for each and every one. [Jan Engelhardt in opensuse-packaging]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/a626c3c2/attachment-0001.pgp>
More information about the AppArmor
mailing list