test(aa): improve some internal unit test.

Thanks to the last changes...
This commit is contained in:
Alexandre Pujol 2024-04-23 21:38:52 +01:00
parent a0b5362589
commit de73c9b706
Failed to generate hash of commit
3 changed files with 25 additions and 28 deletions

View file

@ -6,27 +6,16 @@ package aa
import ( import (
"reflect" "reflect"
"strings"
"testing" "testing"
"github.com/arduino/go-paths-helper" "github.com/arduino/go-paths-helper"
"github.com/roddhjav/apparmor.d/pkg/util"
) )
func readprofile(path string) string { var (
file := paths.New("../../").Join(path) testData = paths.New("../../").Join("tests")
lines, err := file.ReadFileAsLines() intData = paths.New("../../").Join("apparmor.d")
if err != nil { )
panic(err)
}
res := ""
for _, line := range lines {
if strings.HasPrefix(line, "#") {
continue
}
res += line + "\n"
}
return res[:len(res)-1]
}
func TestAppArmorProfileFile_String(t *testing.T) { func TestAppArmorProfileFile_String(t *testing.T) {
tests := []struct { tests := []struct {
@ -50,6 +39,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
Name: "exec_path", Define: true, Name: "exec_path", Define: true,
Values: []string{"@{bin}/foo", "@{lib}/foo"}, Values: []string{"@{bin}/foo", "@{lib}/foo"},
}}, }},
Comments: []*RuleBase{{Comment: "Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
}, },
Profiles: []*Profile{{ Profiles: []*Profile{{
Header: Header{ Header: Header{
@ -67,11 +57,12 @@ func TestAppArmorProfileFile_String(t *testing.T) {
&Network{Domain: "inet", Type: "stream"}, &Network{Domain: "inet", Type: "stream"},
&Network{Domain: "inet6", Type: "stream"}, &Network{Domain: "inet6", Type: "stream"},
&Mount{ &Mount{
RuleBase: RuleBase{Comment: "failed perms check"},
MountConditions: MountConditions{ MountConditions: MountConditions{
FsType: "fuse.portal", FsType: "fuse.portal",
Options: []string{"rw", "rbind"}, Options: []string{"rw", "rbind"},
}, },
Source: "@{run}/user/@{uid}/ ", Source: "@{run}/user/@{uid}/",
MountPoint: "/", MountPoint: "/",
}, },
&Umount{ &Umount{
@ -112,7 +103,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
}, },
}}, }},
}, },
want: readprofile("tests/string.aa"), want: util.MustReadFile(testData.Join("string.aa")),
}, },
} }
for _, tt := range tests { for _, tt := range tests {
@ -205,9 +196,14 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
Abi: []*Abi{{IsMagic: true, Path: "abi/3.0"}}, Abi: []*Abi{{IsMagic: true, Path: "abi/3.0"}},
Includes: []*Include{{IsMagic: true, Path: "tunables/global"}}, Includes: []*Include{{IsMagic: true, Path: "tunables/global"}},
Variables: []*Variable{{ Variables: []*Variable{{
Name: "exec_path", Name: "exec_path", Define: true,
Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"}, Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"},
}}, }},
Comments: []*RuleBase{
{Comment: "apparmor.d - Full set of apparmor profiles", IsLineRule: true},
{Comment: "Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true},
{Comment: "SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true},
},
}, },
Profiles: []*Profile{{ Profiles: []*Profile{{
Header: Header{ Header: Header{
@ -232,7 +228,7 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
}, },
}}, }},
}, },
want: readprofile("apparmor.d/profiles-a-f/aa-status"), want: util.MustReadFile(intData.Join("profiles-a-f/aa-status")),
}, },
} }
for _, tt := range tests { for _, tt := range tests {
@ -240,8 +236,8 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
tt.f.Sort() tt.f.Sort()
tt.f.MergeRules() tt.f.MergeRules()
tt.f.Format() tt.f.Format()
if got := tt.f.String(); "\n"+got != tt.want { if got := tt.f.String(); got != tt.want {
t.Errorf("AppArmorProfile = |%v|, want |%v|", "\n"+got, tt.want) t.Errorf("AppArmorProfile = |%v|, want |%v|", got, tt.want)
} }
}) })
} }

View file

@ -193,13 +193,13 @@ func TestRule_Less(t *testing.T) {
name: "signal", name: "signal",
rule: signal1, rule: signal1,
other: signal2, other: signal2,
want: true, want: false,
}, },
{ {
name: "ptrace/less", name: "ptrace/less",
rule: ptrace1, rule: ptrace1,
other: ptrace2, other: ptrace2,
want: true, want: false,
}, },
{ {
name: "ptrace/more", name: "ptrace/more",

View file

@ -1,4 +1,5 @@
# Simple test profile for the AppArmorProfile.String() method # Simple test profile for the AppArmorProfileFile.String() method
abi <abi/4.0>, abi <abi/4.0>,
alias /mnt/usr -> /usr, alias /mnt/usr -> /usr,
@ -18,13 +19,13 @@ profile foo @{exec_path} xattrs=(security.tagged=allowed) flags=(complain attach
network inet stream, network inet stream,
network inet6 stream, network inet6 stream,
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /, mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /, # failed perms check
umount @{run}/user/@{uid}/, umount @{run}/user/@{uid}/,
signal (receive) set=(term) peer=at-spi-bus-launcher, signal receive set=term peer=at-spi-bus-launcher,
ptrace (read) peer=nautilus, ptrace read peer=nautilus,
unix (send receive) type=stream addr=@/tmp/.ICE-unix/1995 peer=(label=gnome-shell, addr=none), unix (send receive) type=stream addr=@/tmp/.ICE-unix/1995 peer=(label=gnome-shell, addr=none),