apparmor.d/pkg/aa/apparmor_test.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package aa

import (
	"reflect"
	"strings"
	"testing"

	"github.com/roddhjav/apparmor.d/pkg/paths"
)

var (
	testData = paths.New("../../tests/testdata/")
	intData  = paths.New("../../apparmor.d")
)

// mustReadProfileFile read a file and return its content as a slice of string.
// It panics if an error occurs. It removes the last comment line.
func mustReadProfileFile(path *paths.Path) string {
	res := strings.Split(path.MustReadFileAsString(), "\n")
	return strings.Join(res[:len(res)-2], "\n")
}

func TestAppArmorProfileFile_String(t *testing.T) {
	tests := []struct {
		name string
		f    *AppArmorProfileFile
		want string
	}{
		{
			name: "empty",
			f:    &AppArmorProfileFile{},
			want: ``,
		},
		{
			name: "foo",
			f: &AppArmorProfileFile{
				Preamble: Rules{
					&Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
					nil,
					&Abi{IsMagic: true, Path: "abi/4.0"},
					&Alias{Path: "/mnt/usr", RewrittenPath: "/usr"},
					&Include{IsMagic: true, Path: "tunables/global"},
					&Variable{
						Name: "exec_path", Define: true,
						Values: []string{"@{bin}/foo", "@{lib}/foo"},
					},
				},
				Profiles: []*Profile{{
					Header: Header{
						Name:        "foo",
						Attachments: []string{"@{exec_path}"},
						Attributes:  map[string]string{"security.tagged": "allowed"},
						Flags:       []string{"complain", "attach_disconnected"},
					},
					Rules: Rules{
						&Include{IsMagic: true, Path: "abstractions/base"},
						&Include{IsMagic: true, Path: "abstractions/nameservice-strict"},
						rlimit1,
						&Capability{Names: []string{"dac_read_search"}},
						&Capability{Names: []string{"dac_override"}},
						&Network{Domain: "inet", Type: "stream"},
						&Network{Domain: "inet6", Type: "stream"},
						&Mount{
							Base: Base{Comment: " failed perms check"},
							MountConditions: MountConditions{
								FsType:  "fuse.portal",
								Options: []string{"rw", "rbind"},
							},
							Source:     "@{run}/user/@{uid}/",
							MountPoint: "/",
						},
						&Umount{
							MountConditions: MountConditions{},
							MountPoint:      "@{run}/user/@{uid}/",
						},
						&Signal{
							Access: []string{"receive"},
							Set:    []string{"term"},
							Peer:   "at-spi-bus-launcher",
						},
						&Ptrace{Access: []string{"read"}, Peer: "nautilus"},
						&Unix{
							Access:    []string{"send", "receive"},
							Type:      "stream",
							Address:   "@/tmp/.ICE-unix/1995",
							PeerLabel: "gnome-shell",
							PeerAddr:  "none",
						},
						&Dbus{Access: []string{"bind"}, Bus: "session", Name: "org.gnome.*"},
						&Dbus{
							Access:    []string{"receive"},
							Bus:       "system",
							Path:      "/org/freedesktop/DBus",
							Interface: "org.freedesktop.DBus",
							Member:    "AddMatch",
							PeerName:  ":1.3",
							PeerLabel: "power-profiles-daemon",
						},
						&File{Path: "/opt/intel/oneapi/compiler/*/linux/lib/*.so./*", Access: []string{"r", "m"}},
						&File{Path: "@{PROC}/@{pid}/task/@{tid}/comm", Access: []string{"r", "w"}},
						&File{Path: "@{sys}/devices/@{pci}/class", Access: []string{"r"}},
						includeLocal1,
					},
				}},
			},
			want: testData.Join("string.aa").MustReadFileAsString(),
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			if got := tt.f.String(); got != tt.want {
				t.Errorf("AppArmorProfile.String() = |%v|, want |%v|", got, tt.want)
			}
		})
	}
}

func TestAppArmorProfileFile_Sort(t *testing.T) {
	tests := []struct {
		name   string
		origin *AppArmorProfileFile
		want   *AppArmorProfileFile
	}{
		{
			name: "all",
			origin: &AppArmorProfileFile{
				Profiles: []*Profile{{
					Rules: []Rule{
						file2, network1, userns1, include1, dbus2, signal1,
						ptrace1, includeLocal1, rlimit3, capability1, network2,
						mqueue2, iouring2, dbus1, link2, capability2, file1,
						unix2, signal2, mount2, all1, umount2, mount1, remount2,
						pivotroot1, changeprofile2,
					},
				}},
			},
			want: &AppArmorProfileFile{
				Profiles: []*Profile{{
					Rules: []Rule{
						include1, all1, rlimit3, userns1, capability1, capability2,
						network2, network1, mount2, mount1, remount2, umount2,
						pivotroot1, changeprofile2, mqueue2, iouring2, signal1,
						signal2, ptrace1, unix2, dbus2, dbus1, file1, file2,
						link2, includeLocal1,
					},
				}},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := tt.origin
			got.Sort()
			if !reflect.DeepEqual(got, tt.want) {
				t.Errorf("AppArmorProfile.Sort() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAppArmorProfileFile_MergeRules(t *testing.T) {
	tests := []struct {
		name   string
		origin *AppArmorProfileFile
		want   *AppArmorProfileFile
	}{
		{
			name: "all",
			origin: &AppArmorProfileFile{
				Profiles: []*Profile{{
					Rules: []Rule{capability1, capability1, network1, network1, file1, file1},
				}},
			},
			want: &AppArmorProfileFile{
				Profiles: []*Profile{{
					Rules: []Rule{capability1, network1, file1},
				}},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := tt.origin
			got.MergeRules()
			if !reflect.DeepEqual(got, tt.want) {
				t.Errorf("AppArmorProfile.MergeRules() = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestAppArmorProfileFile_Integration(t *testing.T) {
	tests := []struct {
		name string
		f    *AppArmorProfileFile
		want string
	}{
		{
			name: "aa-status",
			f: &AppArmorProfileFile{
				Preamble: Rules{
					&Comment{Base: Base{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}},
					&Comment{Base: Base{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}},
					&Comment{Base: Base{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}},
					nil,
					&Abi{IsMagic: true, Path: "abi/4.0"},
					&Include{IsMagic: true, Path: "tunables/global"},
					&Variable{
						Name: "exec_path", Define: true,
						Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"},
					},
				},
				Profiles: []*Profile{{
					Header: Header{
						Name:        "aa-status",
						Attachments: []string{"@{exec_path}"},
					},
					Rules: Rules{
						&Include{IfExists: true, IsMagic: true, Path: "local/aa-status"},
						&Capability{Names: []string{"dac_read_search"}},
						&File{Path: "@{exec_path}", Access: []string{"m", "r"}},
						&File{Path: "@{PROC}/@{pids}/attr/apparmor/current", Access: []string{"r"}},
						&File{Path: "@{PROC}/", Access: []string{"r"}},
						&File{Path: "@{sys}/module/apparmor/parameters/enabled", Access: []string{"r"}},
						&File{Path: "@{sys}/kernel/security/apparmor/profiles", Access: []string{"r"}},
						&File{Path: "@{PROC}/@{pids}/attr/current", Access: []string{"r"}},
						&Include{IsMagic: true, Path: "abstractions/consoles"},
						&File{Owner: true, Path: "@{PROC}/@{pid}/mounts", Access: []string{"r"}},
						&Include{IsMagic: true, Path: "abstractions/base"},
						&File{Path: "/dev/tty@{int}", Access: []string{"r", "w"}},
						&Capability{Names: []string{"sys_ptrace"}},
						&Ptrace{Access: []string{"read"}},
					},
				}},
			},
			want: mustReadProfileFile(intData.Join("profiles-a-f/aa-status")),
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			tt.f.Sort()
			tt.f.MergeRules()
			tt.f.Format()
			err := tt.f.Validate()
			if err != nil {
				t.Errorf("AppArmorProfile.Validate() = %v", err)
			}
			if got := tt.f.String(); got != tt.want {
				t.Errorf("AppArmorProfile = |%v|, want |%v|", got, tt.want)
			}
		})
	}
}
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`// apparmor.d - Full set of apparmor profiles`
chore: add missing and update copyright year. 2024-02-07 00:16:21 +01:00			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`// SPDX-License-Identifier: GPL-2.0-only`

			`package aa`

			`import (`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`"reflect"`
fix: profile compilation. 2024-06-15 23:28:37 +02:00			`"strings"`
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`"testing"`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00
Merge branch 'feat/aa' Improve go apparmor lib. * aa: (62 commits) feat(aa): handle appending value to defined variables. chore(aa): cosmetic. fix: userspace prebuild test. chore: cleanup unit test. feat(aa): improve log conversion. feat(aa): move conversion function to its own file & add unit tests. fix: go linter issue & not defined variables. tests(aa): improve aa unit tests. tests(aa): improve rules unit tests. feat(aa): ensure the prebuild jobs are working. feat(aa): add more unit tests. chore(aa): cleanup. feat(aa): Move sort, merge and format methods to the rules interface. feat(aa): add the hat template. feat(aa): add the Kind struct to manage aa rules. feat(aa): cleanup rules methods. feat(aa): add function to resolve include preamble. feat(aa): updaqte mount flags order. feat(aa): update default tunable selection. feat(aa): parse apparmor preamble files. ... 2024-05-30 20:29:34 +02:00			`"github.com/roddhjav/apparmor.d/pkg/paths"`
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`)`

test(aa): improve some internal unit test. Thanks to the last changes... 2024-04-23 22:38:52 +02:00			`var (`
refractor(aa): move some test resource to the testdata dir. 2024-05-30 21:10:45 +02:00			`testData = paths.New("../../tests/testdata/")`
			`intData = paths.New("../../apparmor.d")`
test(aa): improve some internal unit test. Thanks to the last changes... 2024-04-23 22:38:52 +02:00			`)`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00
fix: profile compilation. 2024-06-15 23:28:37 +02:00			`// mustReadProfileFile read a file and return its content as a slice of string.`
			`// It panics if an error occurs. It removes the last comment line.`
			`func mustReadProfileFile(path *paths.Path) string {`
refractor: rename some path util function. 2024-10-12 16:31:24 +02:00			`res := strings.Split(path.MustReadFileAsString(), "\n")`
fix: profile compilation. 2024-06-15 23:28:37 +02:00			`return strings.Join(res[:len(res)-2], "\n")`
			`}`

refractor(aa): update test structure. 2024-04-23 22:35:23 +02:00			`func TestAppArmorProfileFile_String(t *testing.T) {`
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`tests := []struct {`
			`name string`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`f *AppArmorProfileFile`
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`want string`
			`}{`
			`{`
			`name: "empty",`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`f: &AppArmorProfileFile{},`
feat(aa-log): an empty profile now return empty string. 2024-02-24 18:01:03 +01:00			want: ``,
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`{`
			`name: "foo",`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`f: &AppArmorProfileFile{`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`Preamble: Rules{`
refractor(aa): rename base struct from RuleBase to Base 2024-06-25 20:50:27 +02:00			`&Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`nil,`
			`&Abi{IsMagic: true, Path: "abi/4.0"},`
			`&Alias{Path: "/mnt/usr", RewrittenPath: "/usr"},`
			`&Include{IsMagic: true, Path: "tunables/global"},`
			`&Variable{`
feat(aa): add define parameter for variables. 2024-04-23 22:18:44 +02:00			`Name: "exec_path", Define: true,`
chore(aa-log): cleanup test data. 2023-10-01 20:04:43 +02:00			`Values: []string{"@{bin}/foo", "@{lib}/foo"},`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`Profiles: []*Profile{{`
			`Header: Header{`
			`Name: "foo",`
			`Attachments: []string{"@{exec_path}"},`
			`Attributes: map[string]string{"security.tagged": "allowed"},`
			`Flags: []string{"complain", "attach_disconnected"},`
			`},`
test(aa): cleanup unit tests. 2024-05-05 00:45:36 +02:00			`Rules: Rules{`
chore(aa-log): cleanup test data. 2023-10-01 20:04:43 +02:00			`&Include{IsMagic: true, Path: "abstractions/base"},`
			`&Include{IsMagic: true, Path: "abstractions/nameservice-strict"},`
			`rlimit1,`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`&Capability{Names: []string{"dac_read_search"}},`
			`&Capability{Names: []string{"dac_override"}},`
chore(aa-log): cleanup test data. 2023-10-01 20:04:43 +02:00			`&Network{Domain: "inet", Type: "stream"},`
			`&Network{Domain: "inet6", Type: "stream"},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`&Mount{`
refractor(aa): rename base struct from RuleBase to Base 2024-06-25 20:50:27 +02:00			`Base: Base{Comment: " failed perms check"},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`MountConditions: MountConditions{`
			`FsType: "fuse.portal",`
			`Options: []string{"rw", "rbind"},`
			`},`
test(aa): improve some internal unit test. Thanks to the last changes... 2024-04-23 22:38:52 +02:00			`Source: "@{run}/user/@{uid}/",`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`MountPoint: "/",`
			`},`
			`&Umount{`
			`MountConditions: MountConditions{},`
			`MountPoint: "@{run}/user/@{uid}/",`
			`},`
			`&Signal{`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`Access: []string{"receive"},`
			`Set: []string{"term"},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`Peer: "at-spi-bus-launcher",`
			`},`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`&Ptrace{Access: []string{"read"}, Peer: "nautilus"},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`&Unix{`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`Access: []string{"send", "receive"},`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`Type: "stream",`
			`Address: "@/tmp/.ICE-unix/1995",`
			`PeerLabel: "gnome-shell",`
			`PeerAddr: "none",`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`},`
test(aa): cleanup unit tests. 2024-05-05 00:45:36 +02:00			`&Dbus{Access: []string{"bind"}, Bus: "session", Name: "org.gnome.*"},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`&Dbus{`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`Access: []string{"receive"},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`Bus: "system",`
			`Path: "/org/freedesktop/DBus",`
			`Interface: "org.freedesktop.DBus",`
			`Member: "AddMatch",`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`PeerName: ":1.3",`
			`PeerLabel: "power-profiles-daemon",`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`},`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`&File{Path: "/opt/intel/oneapi/compiler//linux/lib/.so./*", Access: []string{"r", "m"}},`
			`&File{Path: "@{PROC}/@{pid}/task/@{tid}/comm", Access: []string{"r", "w"}},`
			`&File{Path: "@{sys}/devices/@{pci}/class", Access: []string{"r"}},`
test: add more profile sorting test. 2023-09-30 14:55:56 +02:00			`includeLocal1,`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`}},`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`},`
refractor: rename some path util function. 2024-10-12 16:31:24 +02:00			`want: testData.Join("string.aa").MustReadFileAsString(),`
test(aa-log): add unit tests for profile printing. 2023-09-25 01:28:28 +02:00			`},`
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`if got := tt.f.String(); got != tt.want {`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`t.Errorf("AppArmorProfile.String() = \|%v\|, want \|%v\|", got, tt.want)`
			`}`
			`})`
			`}`
			`}`

refractor(aa): update test structure. 2024-04-23 22:35:23 +02:00			`func TestAppArmorProfileFile_Sort(t *testing.T) {`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`tests := []struct {`
			`name string`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`origin *AppArmorProfileFile`
			`want *AppArmorProfileFile`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`}{`
			`{`
			`name: "all",`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`origin: &AppArmorProfileFile{`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`Profiles: []*Profile{{`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`Rules: []Rule{`
tests(aa): improve aa unit tests. 2024-05-29 22:18:30 +02:00			`file2, network1, userns1, include1, dbus2, signal1,`
			`ptrace1, includeLocal1, rlimit3, capability1, network2,`
			`mqueue2, iouring2, dbus1, link2, capability2, file1,`
			`unix2, signal2, mount2, all1, umount2, mount1, remount2,`
			`pivotroot1, changeprofile2,`
test: add more profile sorting test. 2023-09-30 14:55:56 +02:00			`},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`}},`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`},`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`want: &AppArmorProfileFile{`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`Profiles: []*Profile{{`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`Rules: []Rule{`
tests(aa): improve aa unit tests. 2024-05-29 22:18:30 +02:00			`include1, all1, rlimit3, userns1, capability1, capability2,`
			`network2, network1, mount2, mount1, remount2, umount2,`
feat(aa): rewrite rules formatting. 2024-06-20 00:30:36 +02:00			`pivotroot1, changeprofile2, mqueue2, iouring2, signal1,`
			`signal2, ptrace1, unix2, dbus2, dbus1, file1, file2,`
tests(aa): improve aa unit tests. 2024-05-29 22:18:30 +02:00			`link2, includeLocal1,`
test: add more profile sorting test. 2023-09-30 14:55:56 +02:00			`},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`}},`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := tt.origin`
			`got.Sort()`
			`if !reflect.DeepEqual(got, tt.want) {`
			`t.Errorf("AppArmorProfile.Sort() = %v, want %v", got, tt.want)`
			`}`
			`})`
			`}`
			`}`

refractor(aa): update test structure. 2024-04-23 22:35:23 +02:00			`func TestAppArmorProfileFile_MergeRules(t *testing.T) {`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`tests := []struct {`
			`name string`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`origin *AppArmorProfileFile`
			`want *AppArmorProfileFile`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`}{`
			`{`
			`name: "all",`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`origin: &AppArmorProfileFile{`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`Profiles: []*Profile{{`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`Rules: []Rule{capability1, capability1, network1, network1, file1, file1},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`}},`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`},`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`want: &AppArmorProfileFile{`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`Profiles: []*Profile{{`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`Rules: []Rule{capability1, network1, file1},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`}},`
test(aa-log): add unit tests for profile rules. 2023-09-25 01:22:41 +02:00			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := tt.origin`
			`got.MergeRules()`
			`if !reflect.DeepEqual(got, tt.want) {`
			`t.Errorf("AppArmorProfile.MergeRules() = %v, want %v", got, tt.want)`
fix: remove unused go import. 2023-08-18 00:36:46 +02:00			`}`
			`})`
			`}`
			`}`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00
refractor(aa): update test structure. 2024-04-23 22:35:23 +02:00			`func TestAppArmorProfileFile_Integration(t *testing.T) {`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`tests := []struct {`
			`name string`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`f *AppArmorProfileFile`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`want string`
			`}{`
			`{`
			`name: "aa-status",`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`f: &AppArmorProfileFile{`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`Preamble: Rules{`
refractor(aa): rename base struct from RuleBase to Base 2024-06-25 20:50:27 +02:00			`&Comment{Base: Base{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}},`
			`&Comment{Base: Base{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}},`
			`&Comment{Base: Base{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}},`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`nil,`
fix(test): update unit test result to abi 4. 2024-10-02 17:50:54 +02:00			`&Abi{IsMagic: true, Path: "abi/4.0"},`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`&Include{IsMagic: true, Path: "tunables/global"},`
			`&Variable{`
test(aa): improve some internal unit test. Thanks to the last changes... 2024-04-23 22:38:52 +02:00			`Name: "exec_path", Define: true,`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"},`
test(aa): improve some internal unit test. Thanks to the last changes... 2024-04-23 22:38:52 +02:00			`},`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`Profiles: []*Profile{{`
			`Header: Header{`
			`Name: "aa-status",`
			`Attachments: []string{"@{exec_path}"},`
			`},`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`Rules: Rules{`
			`&Include{IfExists: true, IsMagic: true, Path: "local/aa-status"},`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`&Capability{Names: []string{"dac_read_search"}},`
			`&File{Path: "@{exec_path}", Access: []string{"m", "r"}},`
			`&File{Path: "@{PROC}/@{pids}/attr/apparmor/current", Access: []string{"r"}},`
			`&File{Path: "@{PROC}/", Access: []string{"r"}},`
			`&File{Path: "@{sys}/module/apparmor/parameters/enabled", Access: []string{"r"}},`
			`&File{Path: "@{sys}/kernel/security/apparmor/profiles", Access: []string{"r"}},`
			`&File{Path: "@{PROC}/@{pids}/attr/current", Access: []string{"r"}},`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`&Include{IsMagic: true, Path: "abstractions/consoles"},`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`&File{Owner: true, Path: "@{PROC}/@{pid}/mounts", Access: []string{"r"}},`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`&Include{IsMagic: true, Path: "abstractions/base"},`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`&File{Path: "/dev/tty@{int}", Access: []string{"r", "w"}},`
			`&Capability{Names: []string{"sys_ptrace"}},`
			`&Ptrace{Access: []string{"read"}},`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`},`
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 15:09:04 +02:00			`}},`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`},`
fix: profile compilation. 2024-06-15 23:28:37 +02:00			`want: mustReadProfileFile(intData.Join("profiles-a-f/aa-status")),`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
feat(aa): rename the main profile struct. 2024-04-16 22:51:56 +02:00			`tt.f.Sort()`
			`tt.f.MergeRules()`
			`tt.f.Format()`
tests(aa): improve aa unit tests. 2024-05-29 22:18:30 +02:00			`err := tt.f.Validate()`
			`if err != nil {`
			`t.Errorf("AppArmorProfile.Validate() = %v", err)`
			`}`
test(aa): improve some internal unit test. Thanks to the last changes... 2024-04-23 22:38:52 +02:00			`if got := tt.f.String(); got != tt.want {`
			`t.Errorf("AppArmorProfile = \|%v\|, want \|%v\|", got, tt.want)`
test(aa-log): test aa-log against real profile. 2023-10-01 20:03:12 +02:00			`}`
			`})`
			`}`
			`}`