test(aa): improve some internal unit test.

Thanks to the last changes...
This commit is contained in:
Alexandre Pujol 2024-04-23 21:38:52 +01:00
parent a0b5362589
commit de73c9b706
Failed to generate hash of commit
3 changed files with 25 additions and 28 deletions

View file

@ -6,27 +6,16 @@ package aa
import (
"reflect"
"strings"
"testing"
"github.com/arduino/go-paths-helper"
"github.com/roddhjav/apparmor.d/pkg/util"
)
func readprofile(path string) string {
file := paths.New("../../").Join(path)
lines, err := file.ReadFileAsLines()
if err != nil {
panic(err)
}
res := ""
for _, line := range lines {
if strings.HasPrefix(line, "#") {
continue
}
res += line + "\n"
}
return res[:len(res)-1]
}
var (
testData = paths.New("../../").Join("tests")
intData = paths.New("../../").Join("apparmor.d")
)
func TestAppArmorProfileFile_String(t *testing.T) {
tests := []struct {
@ -50,6 +39,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
Name: "exec_path", Define: true,
Values: []string{"@{bin}/foo", "@{lib}/foo"},
}},
Comments: []*RuleBase{{Comment: "Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
},
Profiles: []*Profile{{
Header: Header{
@ -67,11 +57,12 @@ func TestAppArmorProfileFile_String(t *testing.T) {
&Network{Domain: "inet", Type: "stream"},
&Network{Domain: "inet6", Type: "stream"},
&Mount{
RuleBase: RuleBase{Comment: "failed perms check"},
MountConditions: MountConditions{
FsType: "fuse.portal",
Options: []string{"rw", "rbind"},
},
Source: "@{run}/user/@{uid}/ ",
Source: "@{run}/user/@{uid}/",
MountPoint: "/",
},
&Umount{
@ -112,7 +103,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
},
}},
},
want: readprofile("tests/string.aa"),
want: util.MustReadFile(testData.Join("string.aa")),
},
}
for _, tt := range tests {
@ -205,9 +196,14 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
Abi: []*Abi{{IsMagic: true, Path: "abi/3.0"}},
Includes: []*Include{{IsMagic: true, Path: "tunables/global"}},
Variables: []*Variable{{
Name: "exec_path",
Name: "exec_path", Define: true,
Values: []string{"@{bin}/aa-status", "@{bin}/apparmor_status"},
}},
Comments: []*RuleBase{
{Comment: "apparmor.d - Full set of apparmor profiles", IsLineRule: true},
{Comment: "Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true},
{Comment: "SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true},
},
},
Profiles: []*Profile{{
Header: Header{
@ -232,7 +228,7 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
},
}},
},
want: readprofile("apparmor.d/profiles-a-f/aa-status"),
want: util.MustReadFile(intData.Join("profiles-a-f/aa-status")),
},
}
for _, tt := range tests {
@ -240,8 +236,8 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
tt.f.Sort()
tt.f.MergeRules()
tt.f.Format()
if got := tt.f.String(); "\n"+got != tt.want {
t.Errorf("AppArmorProfile = |%v|, want |%v|", "\n"+got, tt.want)
if got := tt.f.String(); got != tt.want {
t.Errorf("AppArmorProfile = |%v|, want |%v|", got, tt.want)
}
})
}

View file

@ -193,13 +193,13 @@ func TestRule_Less(t *testing.T) {
name: "signal",
rule: signal1,
other: signal2,
want: true,
want: false,
},
{
name: "ptrace/less",
rule: ptrace1,
other: ptrace2,
want: true,
want: false,
},
{
name: "ptrace/more",

View file

@ -1,4 +1,5 @@
# Simple test profile for the AppArmorProfile.String() method
# Simple test profile for the AppArmorProfileFile.String() method
abi <abi/4.0>,
alias /mnt/usr -> /usr,
@ -18,13 +19,13 @@ profile foo @{exec_path} xattrs=(security.tagged=allowed) flags=(complain attach
network inet stream,
network inet6 stream,
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /,
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /, # failed perms check
umount @{run}/user/@{uid}/,
signal (receive) set=(term) peer=at-spi-bus-launcher,
signal receive set=term peer=at-spi-bus-launcher,
ptrace (read) peer=nautilus,
ptrace read peer=nautilus,
unix (send receive) type=stream addr=@/tmp/.ICE-unix/1995 peer=(label=gnome-shell, addr=none),