aa-log: add tests.

This commit is contained in:
Alexandre Pujol 2021-12-04 23:53:32 +00:00
parent a3f452452a
commit 53c4d119d6
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
2 changed files with 157 additions and 0 deletions

129
cmd/aa-log/main_test.go Normal file
View File

@ -0,0 +1,129 @@
// aa-log - Review AppArmor generated messages
// Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only
package main
import (
"os"
"reflect"
"testing"
)
var refDnsmasq = AppArmorLogs{
{
"apparmor": "DENIED",
"profile": "dnsmasq",
"operation": "open",
"name": "/proc/sys/kernel/osrelease",
"comm": "dnsmasq",
"requested_mask": "r",
"denied_mask": "r",
},
{
"apparmor": "DENIED",
"profile": "dnsmasq",
"operation": "open",
"name": "/proc/1/environ",
"comm": "dnsmasq",
"requested_mask": "r",
"denied_mask": "r",
},
{
"apparmor": "DENIED",
"profile": "dnsmasq",
"operation": "open",
"name": "/proc/cmdline",
"comm": "dnsmasq",
"requested_mask": "r",
"denied_mask": "r",
},
}
var refKmod = AppArmorLogs{
{
"apparmor": "ALLOWED",
"profile": "kmod",
"operation": "file_inherit",
"comm": "modprobe",
"family": "unix",
"sock_type": "stream",
"protocol": "0",
"requested_mask": "send receive",
},
}
var refMan = AppArmorLogs{
{
"apparmor": "ALLOWED",
"profile": "man",
"operation": "exec",
"name": "/usr/bin/preconv",
"info": "no new privs",
"comm": "man",
"requested_mask": "x",
"denied_mask": "x",
"error": "-1",
},
}
var refStringKmod = "\033[1;32mALLOWED\033[0m \033[34mkmod\033[0m \033[33mfile_inherit\033[0m comm=modprobe family=unix sock_type=stream protocol=0 requested_mask=\033[1;31m\"send receive\"\033[0m\n"
var refStringMan = "\033[1;32mALLOWED\033[0m \033[34mman\033[0m \033[33mexec\033[0m \033[35m/usr/bin/preconv\033[0m info=\"no new privs\" comm=man requested_mask=\033[1;31mx\033[0m denied_mask=\033[1;31mx\033[0m error=-1\n"
func TestNewApparmorLogs(t *testing.T) {
tests := []struct {
name string
path string
want AppArmorLogs
}{
{
name: "dnsmasq",
path: "../../tests/audit.log",
want: refDnsmasq,
},
{
name: "kmod",
path: "../../tests/audit.log",
want: refKmod,
},
{
name: "man",
path: "../../tests/audit.log",
want: refMan,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
file, _ := os.Open(tt.path)
if got := NewApparmorLogs(file, tt.name); !reflect.DeepEqual(got, tt.want) {
t.Errorf("NewApparmorLogs() = %v, want %v", got, tt.want)
}
})
}
}
func TestAppArmorLogs_String(t *testing.T) {
tests := []struct {
name string
aaLogs AppArmorLogs
want string
}{
{
name: "kmod",
aaLogs: refKmod,
want: refStringKmod,
},
{
name: "man",
aaLogs: refMan,
want: refStringMan,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.aaLogs.String(); got != tt.want {
t.Errorf("AppArmorLogs.String() = %v, want %v len: %d - %d", got, tt.want, len(got), len(tt.want))
}
})
}
}

28
tests/audit.log Normal file
View File

@ -0,0 +1,28 @@
type=BPF msg=audit(1111111111.111:1111): prog-id=60 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="kmod" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="mkinitcpio" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman-hook-mkinitcpio-install" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509201 comm="apparmor_parser"
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509200 comm="apparmor_parser"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="aa-log" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=509286 comm="remove-system.m" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="sysctl" name="/proc/sys/kernel/panic_on_oops" pid=509859 comm="sysctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
type=BPF msg=audit(1111111111.111:1111): prog-id=75 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="signal" profile="dbus-daemon" pid=2466 comm="at-spi-bus-laun" requested_mask="receive" denied_mask="receive" signal=term peer="at-spi-bus-launcher"
type=BPF msg=audit(1111111111.111:1111): prog-id=16 op=LOAD
type=BPF msg=audit(1111111111.111:1111): prog-id=17 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/sys/kernel/osrelease" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/1/environ" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/cmdline" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_load" profile="apparmor_parser" name="docker-default" pid=1775 comm="apparmor_parser"
type=BPF msg=audit(1111111111.111:1111): prog-id=18 op=LOAD
type=BPF msg=audit(1111111111.111:1111): prog-id=22 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/home/user/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/etc/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
type=BPF msg=audit(1111111111.111:1111): prog-id=23 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root-aaabbbc0.log" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="fusermount" name="/run/user/1000/doc/" pid=8703 comm="fusermount" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000FSUID="root" OUID="user"
type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="chrome-gnome-shell" name="/home/user/.netrc" pid=9119 comm="chrome-gnome-sh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
type=BPF msg=audit(1111111111.111:1111): prog-id=26 op=LOAD
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="man" name="/usr/bin/preconv" pid=60755 comm="man" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="man_groff"FSUID="user" OUID="root"