<div dir="ltr">Hello,<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jun 15, 2015 at 12:44 AM, Christian Boltz <span dir="ltr"><<a href="mailto:apparmor@cboltz.de" target="_blank">apparmor@cboltz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
this patch moves re_match_include() to regex.py. The function is<br>
basically a wrapper around a regex, so regex.py is a much better home.<br>
<br>
While on it, rename the regex to RE_INCLUDE and compile it outside the<br>
function, which should result in a (small) performance improvement.<br>
<br>
Also adjust code calling it to the new location.<br>
<br>
Finally, add some tests for re_match_include()<br>
<br>
<br>
<br>
[ 49-move-re_match_include.diff ]<br>
<br>
=== modified file utils/aa-mergeprof<br>
--- utils/aa-mergeprof 2015-06-14 20:33:26.203498911 +0200<br>
+++ utils/aa-mergeprof 2015-06-14 20:13:24.204740154 +0200<br>
@@ -17,9 +17,10 @@<br>
import os<br>
<br>
import apparmor.aa<br>
-from apparmor.aa import available_buttons, combine_name, delete_duplicates, is_known_rule, match_includes, re_match_include<br>
+from apparmor.aa import available_buttons, combine_name, delete_duplicates, is_known_rule, match_includes<br>
import apparmor.aamode<br>
from apparmor.common import AppArmorException<br>
+from apparmor.regex import re_match_include<br>
import apparmor.severity<br>
import apparmor.cleanprofile as cleanprofile<br>
import apparmor.ui as aaui<br>
@@ -267,7 +268,7 @@<br>
done = True<br>
elif ans == 'CMD_ALLOW':<br>
selection = options[selected]<br>
- inc = apparmor.aa.re_match_include(selection)<br>
+ inc = re_match_include(selection)<br>
self.user.filelist[self.user.filename]['include'][inc] = True<br>
options.pop(selected)<br>
aaui.UI_Info(_('Adding %s to the file.') % selection)<br>
@@ -302,7 +303,7 @@<br>
done = True<br>
elif ans == 'CMD_ALLOW':<br>
selection = options[selected]<br>
- inc = apparmor.aa.re_match_include(selection)<br>
+ inc = re_match_include(selection)<br>
deleted = apparmor.aa.delete_duplicates(aa[profile][hat], inc)<br>
aa[profile][hat]['include'][inc] = True<br>
options.pop(selected)<br>
@@ -524,7 +525,7 @@<br>
elif ans == 'CMD_ALLOW':<br>
path = options[selected]<br>
done = True<br>
- match = apparmor.aa.re_match_include(path)<br>
+ match = re_match_include(path)<br>
if match:<br>
inc = match<br>
deleted = apparmor.aa.delete_duplicates(aa[profile][hat], inc)<br>
@@ -589,7 +590,7 @@<br>
<br>
elif ans == 'CMD_NEW':<br>
arg = options[selected]<br>
- if not apparmor.aa.re_match_include(arg):<br>
+ if not re_match_include(arg):<br>
ans = aaui.UI_GetString(_('Enter new path: '), arg)<br>
# if ans:<br>
# if not matchliteral(ans, path):<br>
@@ -603,7 +604,7 @@<br>
<br>
elif ans == 'CMD_GLOB':<br>
newpath = options[selected].strip()<br>
- if not apparmor.aa.re_match_include(newpath):<br>
+ if not re_match_include(newpath):<br>
newpath = apparmor.aa.glob_path(newpath)<br>
<br>
if newpath not in options:<br>
@@ -614,7 +615,7 @@<br>
<br>
elif ans == 'CMD_GLOBEXT':<br>
newpath = options[selected].strip()<br>
- if not apparmor.aa.re_match_include(newpath):<br>
+ if not re_match_include(newpath):<br>
newpath = apparmor.aa.glob_path_withext(newpath)<br>
<br>
if newpath not in options:<br>
=== modified file utils/apparmor/aa.py<br>
--- utils/apparmor/aa.py 2015-06-14 20:33:26.205498791 +0200<br>
+++ utils/apparmor/aa.py 2015-06-14 20:32:10.987010769 +0200<br>
@@ -49,7 +49,7 @@<br>
RE_PROFILE_HAT_DEF, RE_PROFILE_DBUS, RE_PROFILE_MOUNT,<br>
RE_PROFILE_SIGNAL, RE_PROFILE_PTRACE, RE_PROFILE_PIVOT_ROOT,<br>
RE_PROFILE_UNIX, RE_RULE_HAS_COMMA, RE_HAS_COMMENT_SPLIT,<br>
- strip_quotes, parse_profile_start_line )<br>
+ strip_quotes, parse_profile_start_line, re_match_include )<br>
<br>
import apparmor.rules as aarules<br>
<br>
@@ -2110,15 +2110,6 @@<br>
<br>
return newincludes<br>
<br>
-def re_match_include(path):<br>
- """Matches the path for include and returns the include path"""<br>
- regex_include = re.compile('^\s*#?include\s*<(.*)>\s*(#.*)?$')<br>
- match = regex_include.search(path)<br>
- if match:<br>
- return match.groups()[0]<br>
- else:<br>
- return None<br>
-<br>
def valid_include(profile, incname):<br>
if profile and profile['include'].get(incname, False):<br>
return False<br>
=== modified file utils/apparmor/cleanprofile.py<br>
--- utils/apparmor/cleanprofile.py 2015-06-08 22:23:14.887806000 +0200<br>
+++ utils/apparmor/cleanprofile.py 2015-06-14 20:29:20.957207783 +0200<br>
@@ -12,6 +12,7 @@<br>
#<br>
# ----------------------------------------------------------------------<br>
import apparmor.aa as apparmor<br>
+from apparmor.regex import re_match_include<br>
<br>
class Prof(object):<br>
def __init__(self, filename):<br>
@@ -90,7 +91,7 @@<br>
if not same_profile:<br>
deleted.append(entry)<br>
continue<br>
- if apparmor.re_match_include(rule) or apparmor.re_match_include(entry):<br>
+ if re_match_include(rule) or re_match_include(entry):<br>
continue<br>
# Check if the rule implies entry<br>
if apparmor.matchliteral(rule, entry):<br>
=== modified file utils/apparmor/regex.py<br>
--- utils/apparmor/regex.py 2015-06-14 20:33:26.205498791 +0200<br>
+++ utils/apparmor/regex.py 2015-06-14 20:14:39.423202789 +0200<br>
@@ -112,6 +112,19 @@<br>
return result<br>
<br>
<br>
+<br>
+RE_INCLUDE = re.compile('^\s*#?include\s*<(.*)>\s*(#.*)?$')<br></blockquote><div>How about replacing the end part using RE_EOL?<br><br></div><div>Also the .* for include name means we can have #include<>? I would believe the check happens somewhere for valid paths this but why not deal with the easy case in regex itself?<br><br></div><div>Also, about should the regex be placed directly above the function using it or along with all the other regexes?<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+<br>
+def re_match_include(path):<br>
+ """Matches the path for include and returns the include path"""<br>
+ match = RE_INCLUDE.search(path)<br>
+ if match:<br>
+ return match.groups()[0]<br></blockquote><div>hmm... for the matters of this function the second comment group in regex is wasted.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ else:<br>
+ return None<br>
+<br>
+<br>
+<br></blockquote><div>Bikeshedding: 3 newlines or 2 newlines for separation? <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
def strip_quotes(data):<br>
if data[0] + data[-1] == '""':<br>
return data[1:-1]<br>
=== modified file utils/test/test-regex_matches.py<br>
--- utils/test/test-regex_matches.py 2015-06-14 20:33:26.206498731 +0200<br>
+++ utils/test/test-regex_matches.py 2015-06-14 20:14:57.120135248 +0200<br>
@@ -14,7 +14,7 @@<br>
from common_test import AATest, setup_all_loops<br>
from apparmor.common import AppArmorBug<br>
<br>
-from apparmor.regex import strip_quotes, parse_profile_start_line, RE_PROFILE_START, RE_PROFILE_CAP<br>
+from apparmor.regex import strip_quotes, parse_profile_start_line, re_match_include, RE_PROFILE_START, RE_PROFILE_CAP<br>
<br>
<br>
class AARegexTest(AATest):<br>
@@ -465,6 +465,23 @@<br>
with self.assertRaises(AppArmorBug):<br>
parse_profile_start_line(line, 'somefile')<br>
<br>
+class Test_re_match_include(AATest):<br>
+ tests = [<br>
+ ('#include <abstractions/base>', 'abstractions/base' ),<br>
+ ('#include <abstractions/base> # comment', 'abstractions/base' ),<br>
+ (' #include <abstractions/base> ', 'abstractions/base' ),<br></blockquote><div>could probably also use #include<abstractions/base> the no space version? <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ ('include <abstractions/base>', 'abstractions/base' ), # not supported by parser<br>
+ # ('include foo', 'foo' ), # XXX not supported in tools yet<br>
+ # ('include /foo/bar', '/foo/bar' ), # XXX not supported in tools yet<br>
+ # ('include "foo"', 'foo' ), # XXX not supported in tools yet<br>
+ # ('include "/foo/bar"', '/foo/bar' ), # XXX not supported in tools yet<br>
+ (' some #include <abstractions/base>', None, ),<br>
+ (' /etc/fstab r,', None, ),<br>
+ ]<br>
+<br>
+ def _run_test(self, params, expected):<br>
+ self.assertEqual(re_match_include(params), expected)<br>
+<br></blockquote><div>You could probably add just copy-paste (with little tweaking) the above tests with the regex instead of the function and cover the comment part.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
class TestStripQuotes(AATest):<br>
def test_strip_quotes_01(self):<br>
<br>
<br></blockquote><div><div>With suggestions for regex and tests addressed.<br></div><div><br>Acked-by: Kshitij Gupta <<a href="mailto:kgupta8592@gmail.com" target="_blank">kgupta8592@gmail.com</a>>. <br><br></div><div>Thanks.<br><br></div>Regards, <br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
<br>
Regards,<br>
<br>
Christian Boltz<br>
<span class=""><font color="#888888">--<br>
> > [OOo splash] kroete should turn their eyes during load ;-)<br>
> It should roll with his eyes if user is doing something completely<br>
> stupid.<br>
...like touching the mouse, or do you know even better heuristics?<br>
[> Robert Schiele and Hans-Peter Jansen]<br>
<br>
<br>
--<br>
AppArmor mailing list<br>
<a href="mailto:AppArmor@lists.ubuntu.com">AppArmor@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/apparmor" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/apparmor</a><br>
</font></span></blockquote></div><br></div></div>