mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

tests(check): also checks indentation.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-10-16 23:38:04 +01:00
parent 37bafddc80
commit d793858d26
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
1 changed files with 75 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
tests/check.sh
View File

@ -9,50 +9,104 @@
set -eu -o pipefail set -eu -o pipefail
readonly APPARMORD="apparmor.d" readonly APPARMORD="apparmor.d"
readonly HEADERS=(
_ensure_header() {
local file="$1"
headers=(
"# apparmor.d - Full set of apparmor profiles" "# apparmor.d - Full set of apparmor profiles"
"# Copyright (C) " "# Copyright (C) "
"# SPDX-License-Identifier: GPL-2.0-only" "# SPDX-License-Identifier: GPL-2.0-only"
) )
for header in "${headers[@]}"; do
if ! grep -q "^$header" "$file"; then _die() {
echo "$file does not contain '$header'" echo "$*"
exit 1 exit 1
}
_ensure_header() {
local file="$1"
for header in "${HEADERS[@]}"; do
if ! grep -q "^$header" "$file"; then
_die "$file does not contain '$header'"
fi fi
done done
} }
_ensure_indentation() {
local file="$1"
local in_profile=false
local first_line_after_profile=true
local line_number=0
while IFS= read -r line; do
line_number=$((line_number + 1))
if [[ "$line" =~ $'\t' ]]; then
_die "$file:$line_number: tabs are not allowed."
fi
if [[ "$line" =~ ^profile ]]; then
in_profile=true
first_line_after_profile=true
elif $in_profile; then
if $first_line_after_profile; then
local leading_spaces="${line%%[! ]*}"
local num_spaces=${#leading_spaces}
if ((num_spaces != 2)); then
_die "$file: profile must have a two-space indentation."
fi
first_line_after_profile=false
else
local leading_spaces="${line%%[! ]*}"
local num_spaces=${#leading_spaces}
if ((num_spaces % 2 != 0)); then
ok=false
for offset in 5 11; do
num_spaces=$((num_spaces - offset))
if ((num_spaces < 0)); then
break
fi
if ((num_spaces % 2 == 0)); then
ok=true
break
fi
done
if ! $ok; then
_die "$file:$line_number: invalid indentation."
fi
fi
fi
fi
done <"$file"
}
_ensure_include() { _ensure_include() {
local file="$1" local file="$1"
local include="$2" local include="$2"
if ! grep -q "^ *${include}$" "$file"; then if ! grep -q "^ *${include}$" "$file"; then
echo "$file does not contain '$include'" _die "$file does not contain '$include'"
exit 1
fi fi
} }
_ensure_abi() { _ensure_abi() {
local file="$1" local file="$1"
if ! grep -q "^ *abi <abi/4.0>," "$file"; then if ! grep -q "^ *abi <abi/4.0>," "$file"; then
echo "$file does not contain 'abi <abi/4.0>,'" _die "$file does not contain 'abi <abi/4.0>,'"
exit 1
fi fi
} }
_ensure_vim() { _ensure_vim() {
local file="$1" local file="$1"
if ! grep -q "^# vim:syntax=apparmor" "$file"; then if ! grep -q "^# vim:syntax=apparmor" "$file"; then
echo "$file does not contain '# vim:syntax=apparmor'" _die "$file does not contain '# vim:syntax=apparmor'"
exit 1
fi fi
} }
check_profiles() { check_profiles() {
echo " ⋅ Checking if all profiles contain:" echo " ⋅ Checking if all profiles contain:"
echo " - apparmor.d header & license" echo " - apparmor.d header & license"
echo " - Check indentation: 2 spaces"
echo " - 'abi <abi/4.0>,'" echo " - 'abi <abi/4.0>,'"
echo " - 'profile <profile_name>'" echo " - 'profile <profile_name>'"
echo " - 'include if exists <local/*>'" echo " - 'include if exists <local/*>'"
@ -67,19 +121,18 @@ check_profiles() {
name="${name/.apparmor.d/}" name="${name/.apparmor.d/}"
include="include if exists <local/$name>" include="include if exists <local/$name>"
_ensure_header "$file" _ensure_header "$file"
_ensure_indentation "$file"
_ensure_include "$file" "$include" _ensure_include "$file" "$include"
_ensure_abi "$file" _ensure_abi "$file"
_ensure_vim "$file" _ensure_vim "$file"
if ! grep -q "^profile $name" "$file"; then if ! grep -q "^profile $name" "$file"; then
echo "$name does not contain 'profile $name'" _die "$name does not contain 'profile $name'"
exit 1
fi fi
mapfile -t subrofiles < <(grep "^ *profile*" "$file" | awk '{print $2}') mapfile -t subrofiles < <(grep "^ *profile*" "$file" | awk '{print $2}')
for subprofile in "${subrofiles[@]}"; do for subprofile in "${subrofiles[@]}"; do
include="include if exists <local/${name}_${subprofile}>" include="include if exists <local/${name}_${subprofile}>"
if ! grep -q "^ *${include}$" "$file"; then if ! grep -q "^ *${include}$" "$file"; then
echo "$name: $name//$subprofile does not contain '$include'" _die "$name: $name//$subprofile does not contain '$include'"
exit 1
fi fi
done done
done done
@ -89,6 +142,7 @@ check_profiles() {
check_abstractions() { check_abstractions() {
echo " ⋅ Checking if all abstractions contain:" echo " ⋅ Checking if all abstractions contain:"
echo " - apparmor.d header & license" echo " - apparmor.d header & license"
echo " - Check indentation: 2 spaces"
echo " - 'abi <abi/4.0>,'" echo " - 'abi <abi/4.0>,'"
echo " - 'include if exists <abstractions/*.d>'" echo " - 'include if exists <abstractions/*.d>'"
echo " - vim:syntax=apparmor" echo " - vim:syntax=apparmor"
@ -103,12 +157,12 @@ check_abstractions() {
root="${dir/${APPARMORD}\/abstractions\//}" root="${dir/${APPARMORD}\/abstractions\//}"
include="include if exists <abstractions/${root}${name}.d>" include="include if exists <abstractions/${root}${name}.d>"
_ensure_header "$file" _ensure_header "$file"
_ensure_indentation "$file"
_ensure_include "$file" "$include" _ensure_include "$file" "$include"
_ensure_abi "$file" _ensure_abi "$file"
_ensure_vim "$file" _ensure_vim "$file"
done done
done done
} }
check_profiles check_profiles