mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-11 23:07:25 +01:00
test(aa): improve some internal unit test.
Thanks to the last changes...
This commit is contained in:
parent
a0b5362589
commit
de73c9b706
3 changed files with 25 additions and 28 deletions
|
@ -6,27 +6,16 @@ package aa
|
|||
|
||||
import (
|
||||
"reflect"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/arduino/go-paths-helper"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
func readprofile(path string) string {
|
||||
file := paths.New("../../").Join(path)
|
||||
lines, err := file.ReadFileAsLines()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
res := ""
|
||||
for _, line := range lines {
|
||||
if strings.HasPrefix(line, "#") {
|
||||
continue
|
||||
}
|
||||
res += line + "\n"
|
||||
}
|
||||
return res[:len(res)-1]
|
||||
}
|
||||
var (
|
||||
testData = paths.New("../../").Join("tests")
|
||||
intData = paths.New("../../").Join("apparmor.d")
|
||||
)
|
||||
|
||||
func TestAppArmorProfileFile_String(t *testing.T) {
|
||||
tests := []struct {
|
||||
|
@ -50,6 +39,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
|||
Name: "exec_path", Define: true,
|
||||
Values: []string{"@{bin}/foo", "@{lib}/foo"},
|
||||
}},
|
||||
Comments: []*RuleBase{{Comment: "Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||
},
|
||||
Profiles: []*Profile{{
|
||||
Header: Header{
|
||||
|
@ -67,6 +57,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
|||
&Network{Domain: "inet", Type: "stream"},
|
||||
&Network{Domain: "inet6", Type: "stream"},
|
||||
&Mount{
|
||||
RuleBase: RuleBase{Comment: "failed perms check"},
|
||||
MountConditions: MountConditions{
|
||||
FsType: "fuse.portal",
|
||||
Options: []string{"rw", "rbind"},
|
||||
|
@ -112,7 +103,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
|||
},
|
||||
}},
|
||||
},
|
||||
want: readprofile("tests/string.aa"),
|
||||
want: util.MustReadFile(testData.Join("string.aa")),
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
|
@ -205,9 +196,14 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
|||
Abi: []*Abi{{IsMagic: true, Path: "abi/3.0"}},
|
||||
Includes: []*Include{{IsMagic: true, Path: "tunables/global"}},
|
||||
Variables: []*Variable{{
|
||||
Name: "exec_path",
|
||||
Name: "exec_path", Define: true,
|
||||
Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"},
|
||||
}},
|
||||
Comments: []*RuleBase{
|
||||
{Comment: "apparmor.d - Full set of apparmor profiles", IsLineRule: true},
|
||||
{Comment: "Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true},
|
||||
{Comment: "SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true},
|
||||
},
|
||||
},
|
||||
Profiles: []*Profile{{
|
||||
Header: Header{
|
||||
|
@ -232,7 +228,7 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
|||
},
|
||||
}},
|
||||
},
|
||||
want: readprofile("apparmor.d/profiles-a-f/aa-status"),
|
||||
want: util.MustReadFile(intData.Join("profiles-a-f/aa-status")),
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
|
@ -240,8 +236,8 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
|||
tt.f.Sort()
|
||||
tt.f.MergeRules()
|
||||
tt.f.Format()
|
||||
if got := tt.f.String(); "\n"+got != tt.want {
|
||||
t.Errorf("AppArmorProfile = |%v|, want |%v|", "\n"+got, tt.want)
|
||||
if got := tt.f.String(); got != tt.want {
|
||||
t.Errorf("AppArmorProfile = |%v|, want |%v|", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
@ -193,13 +193,13 @@ func TestRule_Less(t *testing.T) {
|
|||
name: "signal",
|
||||
rule: signal1,
|
||||
other: signal2,
|
||||
want: true,
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: "ptrace/less",
|
||||
rule: ptrace1,
|
||||
other: ptrace2,
|
||||
want: true,
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: "ptrace/more",
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# Simple test profile for the AppArmorProfile.String() method
|
||||
# Simple test profile for the AppArmorProfileFile.String() method
|
||||
|
||||
abi <abi/4.0>,
|
||||
|
||||
alias /mnt/usr -> /usr,
|
||||
|
@ -18,13 +19,13 @@ profile foo @{exec_path} xattrs=(security.tagged=allowed) flags=(complain attach
|
|||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /,
|
||||
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /, # failed perms check
|
||||
|
||||
umount @{run}/user/@{uid}/,
|
||||
|
||||
signal (receive) set=(term) peer=at-spi-bus-launcher,
|
||||
signal receive set=term peer=at-spi-bus-launcher,
|
||||
|
||||
ptrace (read) peer=nautilus,
|
||||
ptrace read peer=nautilus,
|
||||
|
||||
unix (send receive) type=stream addr=@/tmp/.ICE-unix/1995 peer=(label=gnome-shell, addr=none),
|
||||
|
||||
|
|
Loading…
Reference in a new issue