mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/test/test-aa-notify.py

646 lines
37 KiB
Python
Raw Permalink Normal View History

Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
#! /usr/bin/python3
# ------------------------------------------------------------------
#
# Copyright (C) 2011-2012 Canonical Ltd.
# Copyright (C) 2019 Otto Kekäläinen
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
import os
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
import pwd
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
import signal
import subprocess
utils: test: use sys.executable when launching aa-notify in tests If the tests are running under a different Python, then the aa-notify bin should use the same Python Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-01-22 12:04:35 -08:00
import sys
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
import time
aa-notify: Use AATest class in tests since possible now with Python
2019-02-11 20:18:44 +02:00
import unittest
Ensure opened temporary files are closed.
2022-07-17 21:13:19 -04:00
from tempfile import NamedTemporaryFile
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
from datetime import datetime
aa-notify: Use AATest class in tests since possible now with Python
2019-02-11 20:18:44 +02:00
import apparmor.aa as aa
Order imports and module-level dunder name assignments.
2022-08-07 20:32:07 -04:00
from common_test import AATest, setup_aa, setup_all_loops
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
# The location of the aa-notify utility can be overridden by setting
# the APPARMOR_NOTIFY environment variable; this is useful for running
# these tests in an installed environment
use aa-notify --configdir in test-aa-notify.py
2020-10-25 16:46:07 +01:00
aanotify_bin = ["../aa-notify"]
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
Fix most PEP 8 whitespace, indentation, and major line length violations.
2022-08-07 12:26:24 -04:00
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
# http://www.chiark.greenend.org.uk/ucgi/~cjwatson/blosxom/2009-07-02-python-sigpipe.html
# This is needed so that the subprocesses that produce endless output
# actually quit when the reader goes away.
def subprocess_setup():
# Python installs a SIGPIPE handler by default. This is usually not what
# non-Python subprocesses expect.
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
def cmd(command):
Use triple double-quoted strings for docstrings.
2022-08-07 14:57:30 -04:00
"""Try to execute given command (array) and return its stdout, or return
a textual error if it failed."""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
try:
sp = subprocess.Popen(
command,
stdin=None,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True,
preexec_fn=subprocess_setup
)
except OSError as e:
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
return 127, str(e)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
stdout, stderr = sp.communicate(input)
# If there was some error output, show that instead of stdout to ensure
# test fails and does not mask potentially major warnings and errors.
if stderr:
out = stderr
else:
out = stdout
Speed up list creations, and change lists to tuples where appropriate..
2022-06-18 14:30:49 -04:00
return sp.returncode, out.decode('utf-8')
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
class AANotifyBase(AATest):
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
def create_logfile_contents(_time):
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
"""Create temporary log file with 30 entries of different age"""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
test_logfile_contents_999_days_old = \
'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834888] audit: type=1400 audit({epoch}:114): apparmor="ALLOWED" operation="file_inherit" profile="libreoffice-soffice//null-/bin/uname" name="/dev/null" pid=4097 comm="uname" requested_mask="w" denied_mask="w" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834890] audit: type=1400 audit({epoch}:115): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/bin/uname" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835136] audit: type=1400 audit({epoch}:116): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/ld-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835377] audit: type=1400 audit({epoch}:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/etc/ld.so.cache" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835405] audit: type=1400 audit({epoch}:118): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoch}:119): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
'''.format(epoch=round(_time, 3) - 60 * 60 * 24 * 999) # noqa: E128
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
test_logfile_contents_30_days_old = \
'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834888] audit: type=1400 audit({epoch}:114): apparmor="ALLOWED" operation="file_inherit" profile="libreoffice-soffice//null-/bin/uname" name="/dev/null" pid=4097 comm="uname" requested_mask="w" denied_mask="w" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834890] audit: type=1400 audit({epoch}:115): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/bin/uname" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835136] audit: type=1400 audit({epoch}:116): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/ld-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835377] audit: type=1400 audit({epoch}:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/etc/ld.so.cache" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835405] audit: type=1400 audit({epoch}:118): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoch}:119): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
'''.format(epoch=round(_time, 3) - 60 * 60 * 24 * 30) # noqa: E128
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
test_logfile_contents_unrelevant_entries = \
'''Feb 1 19:35:44 XPS-13-9370 kernel: [99848.048761] audit: type=1400 audit(1549042544.968:72): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/6350/usr/lib/snapd/snap-confine" pid=12871 comm="apparmor_parser"
Feb 2 00:40:09 XPS-13-9370 kernel: [103014.549071] audit: type=1400 audit(1549060809.600:89): apparmor="STATUS" operation="profile_load" profile="unconfined" name="docker-default" pid=17195 comm="apparmor_parser"
Feb 4 20:05:42 XPS-13-9370 kernel: [132557.202931] audit: type=1400 audit(1549303542.661:136): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.atom.apm" pid=11306 comm="apparmor_parser"
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
''' # noqa: E128
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
test_logfile_contents_0_seconds_old = \
'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834888] audit: type=1400 audit({epoch}:114): apparmor="ALLOWED" operation="file_inherit" profile="libreoffice-soffice//null-/bin/uname" name="/dev/null" pid=4097 comm="uname" requested_mask="w" denied_mask="w" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834890] audit: type=1400 audit({epoch}:115): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/bin/uname" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835136] audit: type=1400 audit({epoch}:116): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/ld-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835377] audit: type=1400 audit({epoch}:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/etc/ld.so.cache" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835405] audit: type=1400 audit({epoch}:118): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoch}:119): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
'''.format(epoch=round(_time, 3)) # noqa: E128
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
return test_logfile_contents_999_days_old \
+ test_logfile_contents_30_days_old \
+ test_logfile_contents_unrelevant_entries \
+ test_logfile_contents_0_seconds_old
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
@classmethod
def setUpClass(cls):
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
file_current = NamedTemporaryFile("w+", prefix='test-aa-notify-', delete=False)
file_last_login = NamedTemporaryFile("w+", prefix='test-aa-notify-', delete=False)
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
cls.test_logfile_current = file_current.name
cls.test_logfile_last_login = file_last_login.name
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
current_time_contents = cls.create_logfile_contents(time.time())
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
file_current.write(current_time_contents)
if os.path.isfile('/var/log/wtmp'):
if os.name == "posix":
username = pwd.getpwuid(os.geteuid()).pw_name
else:
username = os.environ.get('USER')
if not username and hasattr(os, 'getlogin'):
username = os.getlogin()
if 'SUDO_USER' in os.environ:
username = os.environ.get('SUDO_USER')
Pass --fullnames to last in test-aa-notify.py Code assumes full username would be printed, but this actually requires an extra command line option Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-08-07 15:18:58 -07:00
return_code, output = cmd(['last', username, '--fullnames', '--time-format', 'iso'])
Fix test-aa-notify on openSUSE Tumbleweed (new 'last') The new 2037-proof `last` on openSUSE Tumbleweed doesn't support the `-1` option. Remove it, and cut off the output manually.
2024-03-12 19:37:29 +01:00
output = output.split('\n')[0] # the first line is enough
utils: test: account for last cmd format change in test-aa-notify The "last" command, which was supplied by util-linux in older Ubuntu versions, is now supplied by wtmpdb in Oracular and Plucky. Unfortunately, this changed the output format and broke our column based parsing. While the wtmpdb upstream has added json support at https://github.com/thkukuk/wtmpdb/issues/20, we cannot use it because we need to support systems that do not have this new feature added. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-01-27 10:15:45 -08:00
# example of output (util-linux last command):
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
# ubuntu tty7 :0 2024-01-05T14:29:11-03:00 gone - no logout
utils: test: account for last cmd format change in test-aa-notify The "last" command, which was supplied by util-linux in older Ubuntu versions, is now supplied by wtmpdb in Oracular and Plucky. Unfortunately, this changed the output format and broke our column based parsing. While the wtmpdb upstream has added json support at https://github.com/thkukuk/wtmpdb/issues/20, we cannot use it because we need to support systems that do not have this new feature added. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-01-27 10:15:45 -08:00
# example of output (wtmpdb last command, local login):
# ubuntu tty7 2025-01-15T09:32:49-0800 - still logged in
# example of output (wtmpdb last command, remote login)
# ubuntu tty7 192.168.122.1 2024-01-05T14:29:11-03:00 gone - no logout
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
if output.startswith(username):
utils: test: account for last cmd format change in test-aa-notify The "last" command, which was supplied by util-linux in older Ubuntu versions, is now supplied by wtmpdb in Oracular and Plucky. Unfortunately, this changed the output format and broke our column based parsing. While the wtmpdb upstream has added json support at https://github.com/thkukuk/wtmpdb/issues/20, we cannot use it because we need to support systems that do not have this new feature added. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-01-27 10:15:45 -08:00
# Check both possible columns for the date
try:
last_login = output.split()[3]
last_login_epoch = datetime.fromisoformat(last_login).timestamp()
except (IndexError, ValueError):
last_login = output.split()[2]
last_login_epoch = datetime.fromisoformat(last_login).timestamp()
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
# add 60 seconds to the epoch so that the time in the logs are AFTER login time
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
last_login_contents = cls.create_logfile_contents(last_login_epoch + 60)
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
file_last_login.write(last_login_contents)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
@classmethod
def tearDownClass(cls):
Use triple double-quoted strings for docstrings.
2022-08-07 14:57:30 -04:00
"""Remove temporary log file after tests ended"""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
if cls.test_logfile_current and os.path.exists(cls.test_logfile_current):
os.remove(cls.test_logfile_current)
if cls.test_logfile_last_login and os.path.exists(cls.test_logfile_last_login):
os.remove(cls.test_logfile_last_login)
class AANotifyTest(AANotifyBase):
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
# The Perl aa-notify script was written so, that it will checked for kern.log
Skip aa-notify tests if their requirements for running are missing When run locally on a development machine or in production, the full test is likely to run. However inside a CI system container 'last' might fail to show last login or there might not be access to kern.log and the test will automatically skip those without failing the whole test suite.
2019-02-09 13:24:53 +02:00
# before printing help when invoked without arguments (sic!).
@unittest.skipUnless(os.path.isfile('/var/log/kern.log'), 'Requires kern.log on system')
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
def test_no_arguments(self):
Use triple double-quoted strings for docstrings.
2022-08-07 14:57:30 -04:00
"""Test using no arguments at all"""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
expected_return_code = 0
expected_output_has = 'usage: aa-notify'
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
use aa-notify --configdir in test-aa-notify.py
2020-10-25 16:46:07 +01:00
return_code, output = cmd(aanotify_bin)
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertEqual(expected_return_code, return_code, result + output)
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertIn(expected_output_has, output, result + output)
def test_help_contents(self):
Use triple double-quoted strings for docstrings.
2022-08-07 14:57:30 -04:00
"""Test output of help text"""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
expected_return_code = 0
make test-aa-notify test_help_contents () less strict Python 3.10 generates a slightly different --help output. Fixes https://gitlab.com/apparmor/apparmor/-/issues/220
2022-02-14 19:59:21 +01:00
expected_output_1 = \
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
'''usage: aa-notify [-h] [-p] [--display DISPLAY] [-f FILE] [-l] [-s NUM] [-v]
aa-notify: Adding support for merging notification.
2024-11-26 18:35:37 +00:00
[-u USER] [-w NUM] [-m] [--prompt-filter PF] [--debug]
aa-notify: Enhanced Graphical User Interfaces
2024-08-13 16:58:25 +00:00
[--filter.profile PROFILE] [--filter.operation OPERATION]
[--filter.name NAME] [--filter.denied DENIED]
[--filter.family FAMILY] [--filter.socket SOCKET]
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
Display AppArmor notifications or messages for DENIED entries.
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
''' # noqa: E128
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
make test-aa-notify test_help_contents () less strict Python 3.10 generates a slightly different --help output. Fixes https://gitlab.com/apparmor/apparmor/-/issues/220
2022-02-14 19:59:21 +01:00
expected_output_2 = \
'''
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
-h, --help show this help message and exit
-p, --poll poll AppArmor logs and display notifications
aa-notify: Use fixed output width in tests so results always look same
2019-04-19 23:12:32 +03:00
--display DISPLAY set the DISPLAY environment variable (might be needed if
sudo resets $DISPLAY)
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
-f, --file FILE search FILE for AppArmor messages
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
-l, --since-last display stats since last login
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
-s, --since-days NUM show stats for last NUM days (can be used alone or with
aa-notify: Use fixed output width in tests so results always look same
2019-04-19 23:12:32 +03:00
-p)
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
-v, --verbose show messages with stats
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
-u, --user USER user to drop privileges to when not using sudo
-w, --wait NUM wait NUM seconds before displaying notifications (with
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
-p)
aa-notify: Adding support for merging notification.
2024-11-26 18:35:37 +00:00
-m, --merge-notifications
Merge notification for improved readability (with -p)
aa-notify: Enhanced Graphical User Interfaces
2024-08-13 16:58:25 +00:00
--prompt-filter PF kind of operations which display a popup prompt
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
--debug debug mode
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
Filtering options:
Filters are used to reduce the output of information to only those entries
that will match the filter. Filters use Python's regular expression syntax.
--filter.profile PROFILE
regular expression to match the profile
--filter.operation OPERATION
regular expression to match the operation
--filter.name NAME regular expression to match the name
--filter.denied DENIED
regular expression to match the denied mask
--filter.family FAMILY
regular expression to match the network family
--filter.socket SOCKET
regular expression to match the network socket type
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
''' # noqa: E128
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
if sys.version_info[:2] < (3, 13):
# Python 3.13 tweaked argparse output [1]. When running on older
# Python versions, we adapt the expected output to match.
#
# https://github.com/python/cpython/pull/103372
patches = [(
utils: abbreviate delta for Python 3.12 argparse Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-28 20:12:25 +01:00
', --file FILE ',
' FILE, --file FILE',
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
), (
utils: abbreviate delta for Python 3.12 argparse Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-28 20:12:25 +01:00
', --since-days NUM show stats for last NUM days (can be used alone or with',
' NUM, --since-days NUM\n'
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
+ ' show stats for last NUM days (can be used alone or with',
), (
utils: abbreviate delta for Python 3.12 argparse Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-28 20:12:25 +01:00
', --user USER ',
' USER, --user USER',
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
), (
utils: abbreviate delta for Python 3.12 argparse Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-28 20:12:25 +01:00
', --wait NUM ',
' NUM, --wait NUM',
utils: adjusts aa-notify tests to handle Python 3.13+ Python 3.13 changes the formatting of long-short option pairs that use a meta-variable. Up until 3.13 the meta-variable was repeated. Since Python change [1] the meta-var is only printed once. [1] https://github.com/python/cpython/pull/103372 Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 20:52:36 +01:00
)]
for patch in patches:
expected_output_2 = expected_output_2.replace(patch[0], patch[1])
use aa-notify --configdir in test-aa-notify.py
2020-10-25 16:46:07 +01:00
return_code, output = cmd(aanotify_bin + ['--help'])
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertEqual(expected_return_code, return_code, result + output)
make test-aa-notify test_help_contents () less strict Python 3.10 generates a slightly different --help output. Fixes https://gitlab.com/apparmor/apparmor/-/issues/220
2022-02-14 19:59:21 +01:00
self.assertIn(expected_output_1, output)
self.assertIn(expected_output_2, output)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
def test_entries_since_100_days(self):
Use triple double-quoted strings for docstrings.
2022-08-07 14:57:30 -04:00
"""Test showing log entries since 100 days"""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
expected_return_code = 0
expected_output_has = 'AppArmor denials: 20 (since'
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile_current, '-s', '100'])
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertEqual(expected_return_code, return_code, result + output)
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertIn(expected_output_has, output, result + output)
Skip test if it can not access /var/log/wtmp utils/test/test-aa-notify.py: Change `AANotifyTest.test_entries_since_login()` to be decorated by a `skipUnless()` checking for existence of **/var/log/wtmp** (similar to `AANotifyTest.test_entries_since_login_verbose()`). The test otherwise fails trying to access /var/log/wtmp in environments where the file is not available. Fixes #120
2020-10-02 23:58:53 +02:00
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
def test_entries_since_login(self):
Use triple double-quoted strings for docstrings.
2022-08-07 14:57:30 -04:00
"""Test showing log entries since last login"""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
expected_return_code = 0
expected_output_has = 'AppArmor denials: 10 (since'
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile_last_login, '-l'])
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
if "ERROR: Could not find last login" in output:
Skip aa-notify tests if their requirements for running are missing When run locally on a development machine or in production, the full test is likely to run. However inside a CI system container 'last' might fail to show last login or there might not be access to kern.log and the test will automatically skip those without failing the whole test suite.
2019-02-09 13:24:53 +02:00
self.skipTest('Could not find last login')
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertEqual(expected_return_code, return_code, result + output)
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertIn(expected_output_has, output, result + output)
Skip aa-notify tests if their requirements for running are missing When run locally on a development machine or in production, the full test is likely to run. However inside a CI system container 'last' might fail to show last login or there might not be access to kern.log and the test will automatically skip those without failing the whole test suite.
2019-02-09 13:24:53 +02:00
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
def test_entries_since_login_verbose(self):
Use triple double-quoted strings for docstrings.
2022-08-07 14:57:30 -04:00
"""Test showing log entries since last login in verbose mode"""
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
expected_return_code = 0
expected_output_has = \
'''Profile: libreoffice-soffice
Operation: exec
Name: /bin/uname
Denied: x
Logfile: {logfile}
Profile: libreoffice-soffice//null-/bin/uname
Operation: file_inherit
Name: /dev/null
Denied: w
Logfile: {logfile}
Profile: libreoffice-soffice//null-/bin/uname
Operation: file_mmap
Name: /bin/uname
Denied: rm
Logfile: {logfile}
Profile: libreoffice-soffice//null-/bin/uname
Operation: file_mmap
Name: /lib/x86_64-linux-gnu/ld-2.27.so
Denied: rm
Logfile: {logfile}
Profile: libreoffice-soffice//null-/bin/uname
Operation: open
Name: /etc/ld.so.cache
Denied: r
Logfile: {logfile}
Profile: libreoffice-soffice//null-/bin/uname
Operation: open
Name: /lib/x86_64-linux-gnu/libc-2.27.so
Denied: r
Logfile: {logfile}
Profile: libreoffice-soffice//null-/bin/uname
Operation: file_mmap
Name: /lib/x86_64-linux-gnu/libc-2.27.so
Denied: rm
Logfile: {logfile}
Profile: libreoffice-soffice//null-/bin/uname
Operation: open
Name: /usr/lib/locale/locale-archive
Denied: r
Logfile: {logfile}
Profile: libreoffice-soffice
Operation: exec
Name: /usr/bin/file
Denied: x
Logfile: {logfile}
Profile: libreoffice-soffice//null-/usr/bin/file
Operation: file_mmap
Name: /usr/bin/file
Denied: rm
Logfile: {logfile}
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-05-17 13:53:42 +02:00
AppArmor denials: 10 (since'''.format(logfile=self.test_logfile_last_login) # noqa: E128
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
utils: fix aa-notify last login test The tests for aa-notify that were related to the last login were assuming that the machine had been logged in at least once in the last 30 days, but that might not be the case. Update the test to check for the last login date and update the test logs considering that value. Fixes: https://bugs.launchpad.net/bugs/1939022 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-21 16:53:35 -03:00
return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile_last_login, '-l', '-v'])
Re-implement aa-notify in Python (Closes: #16) - Code layout based on aa-genprof example - Extend Python dependencies to cover new need by aa-notify - Update documentation after aa-notify is no longer in Perl
2019-01-09 23:59:40 +01:00
if "ERROR: Could not find last login" in output:
Skip aa-notify tests if their requirements for running are missing When run locally on a development machine or in production, the full test is likely to run. However inside a CI system container 'last' might fail to show last login or there might not be access to kern.log and the test will automatically skip those without failing the whole test suite.
2019-02-09 13:24:53 +02:00
self.skipTest('Could not find last login')
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertEqual(expected_return_code, return_code, result + output)
Change string formatting method in Python tests
2023-02-19 16:26:14 -05:00
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
self.assertIn(expected_output_has, output, result + output)
aa-notify: Use AATest class in tests since possible now with Python
2019-02-11 20:18:44 +02:00
aa-notify: add notification filtering Allow notification filtering of the fields profile, operation, name, denied_mask, net_family and net_socket using regex. Both command line and config options in notify.conf are available. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-02-23 17:15:14 -03:00
class AANotifyProfileFilterTest(AANotifyBase):
def test_profile_regex_since_100_days(self):
profile_tests = (
(['--filter.profile', 'libreoffice'], (0, 'AppArmor denials: 20 (since')),
(['--filter.profile', 'libreoffice-soffice'], (0, 'AppArmor denials: 20 (since')),
(['--filter.profile', 'libreoffice-soffice$'], (0, 'AppArmor denials: 4 (since')),
(['--filter.profile', '^libreoffice-soffice$'], (0, 'AppArmor denials: 4 (since')),
(['--filter.profile', 'libreoffice-soffice//null-/bin/uname'], (0, 'AppArmor denials: 14 (since')),
(['--filter.profile', 'uname'], (0, 'AppArmor denials: 0 (since')),
(['--filter.profile', '.*uname'], (0, 'AppArmor denials: 14 (since')),
(['--filter.profile', 'libreoffice-soffice//null-/.*'], (0, 'AppArmor denials: 16 (since')),
(['--filter.profile', 'libreoffice-soffice//null-/foo'], (0, 'AppArmor denials: 0 (since')),
(['--filter.profile', 'libreoffice-soffice/foo'], (0, 'AppArmor denials: 0 (since')),
(['--filter.profile', 'bar'], (0, 'AppArmor denials: 0 (since')),
)
days_params = ['-f', self.test_logfile_current, '-s', '100']
for test in profile_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + days_params + params)
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
def test_profile_regex_since_login(self):
profile_tests = (
(['--filter.profile', 'libreoffice'], (0, 'AppArmor denials: 10 (since')),
(['--filter.profile', 'libreoffice-soffice'], (0, 'AppArmor denials: 10 (since')),
(['--filter.profile', 'libreoffice-soffice$'], (0, 'AppArmor denials: 2 (since')),
(['--filter.profile', '^libreoffice-soffice$'], (0, 'AppArmor denials: 2 (since')),
(['--filter.profile', 'libreoffice-soffice//null-/bin/uname'], (0, 'AppArmor denials: 7 (since')),
(['--filter.profile', 'uname'], (0, 'AppArmor denials: 0 (since')),
(['--filter.profile', '.*uname'], (0, 'AppArmor denials: 7 (since')),
(['--filter.profile', 'libreoffice-soffice//null-/.*'], (0, 'AppArmor denials: 8 (since')),
(['--filter.profile', 'libreoffice-soffice//null-/foo'], (0, 'AppArmor denials: 0 (since')),
(['--filter.profile', 'libreoffice-soffice/foo'], (0, 'AppArmor denials: 0 (since')),
(['--filter.profile', 'bar'], (0, 'AppArmor denials: 0 (since')),
)
login_params = ['-f', self.test_logfile_last_login, '-l']
for test in profile_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + login_params + params)
if 'ERROR: Could not find last login' in output:
self.skipTest('Could not find last login')
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
class AANotifyOperationFilterTest(AANotifyBase):
def test_operation_regex_since_100_days(self):
operation_tests = (
(['--filter.operation', 'exec'], (0, 'AppArmor denials: 4 (since')),
(['--filter.operation', 'file_inherit'], (0, 'AppArmor denials: 2 (since')),
(['--filter.operation', 'file_mmap'], (0, 'AppArmor denials: 8 (since')),
(['--filter.operation', 'open'], (0, 'AppArmor denials: 6 (since')),
(['--filter.operation', 'file.*'], (0, 'AppArmor denials: 10 (since')),
(['--filter.operation', 'profile_load'], (0, 'AppArmor denials: 0 (since')),
(['--filter.operation', 'profile_replace'], (0, 'AppArmor denials: 0 (since')),
(['--filter.operation', 'bar'], (0, 'AppArmor denials: 0 (since')),
(['--filter.operation', 'userns_create'], (0, 'AppArmor denials: 0 (since')),
)
days_params = ['-f', self.test_logfile_current, '-s', '100']
for test in operation_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + days_params + params)
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
def test_operation_regex_since_login(self):
operation_tests = (
(['--filter.operation', 'exec'], (0, 'AppArmor denials: 2 (since')),
(['--filter.operation', 'file_inherit'], (0, 'AppArmor denials: 1 (since')),
(['--filter.operation', 'file_mmap'], (0, 'AppArmor denials: 4 (since')),
(['--filter.operation', 'open'], (0, 'AppArmor denials: 3 (since')),
(['--filter.operation', 'file.*'], (0, 'AppArmor denials: 5 (since')),
(['--filter.operation', 'profile_load'], (0, 'AppArmor denials: 0 (since')),
(['--filter.operation', 'profile_replace'], (0, 'AppArmor denials: 0 (since')),
(['--filter.operation', 'bar'], (0, 'AppArmor denials: 0 (since')),
(['--filter.operation', 'userns_create'], (0, 'AppArmor denials: 0 (since')),
)
login_params = ['-f', self.test_logfile_last_login, '-l']
for test in operation_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + login_params + params)
if 'ERROR: Could not find last login' in output:
self.skipTest('Could not find last login')
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
class AANotifyNameFilterTest(AANotifyBase):
def test_name_regex_since_100_days(self):
name_tests = (
(['--filter.name', '/bin/uname'], (0, 'AppArmor denials: 4 (since')),
(['--filter.name', '/dev/null'], (0, 'AppArmor denials: 2 (since')),
(['--filter.name', '/lib/x86_64-linux-gnu/ld-2.27.so'], (0, 'AppArmor denials: 2 (since')),
(['--filter.name', '/lib/x86_64-linux-gnu/libc-2.27.so'], (0, 'AppArmor denials: 4 (since')),
(['--filter.name', '/etc/ld.so.cache'], (0, 'AppArmor denials: 2 (since')),
(['--filter.name', '/usr/lib/locale/locale-archive'], (0, 'AppArmor denials: 2 (since')),
(['--filter.name', '/usr/bin/file'], (0, 'AppArmor denials: 4 (since')),
(['--filter.name', '/'], (0, 'AppArmor denials: 20 (since')),
(['--filter.name', '/.*'], (0, 'AppArmor denials: 20 (since')),
(['--filter.name', '.*bin.*'], (0, 'AppArmor denials: 8 (since')),
(['--filter.name', '/(usr/)?bin.*'], (0, 'AppArmor denials: 8 (since')),
(['--filter.name', '/foo'], (0, 'AppArmor denials: 0 (since')),
)
days_params = ['-f', self.test_logfile_current, '-s', '100']
for test in name_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + days_params + params)
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
def test_name_regex_since_login(self):
name_tests = (
(['--filter.name', '/bin/uname'], (0, 'AppArmor denials: 2 (since')),
(['--filter.name', '/dev/null'], (0, 'AppArmor denials: 1 (since')),
(['--filter.name', '/lib/x86_64-linux-gnu/ld-2.27.so'], (0, 'AppArmor denials: 1 (since')),
(['--filter.name', '/lib/x86_64-linux-gnu/libc-2.27.so'], (0, 'AppArmor denials: 2 (since')),
(['--filter.name', '/etc/ld.so.cache'], (0, 'AppArmor denials: 1 (since')),
(['--filter.name', '/usr/lib/locale/locale-archive'], (0, 'AppArmor denials: 1 (since')),
(['--filter.name', '/usr/bin/file'], (0, 'AppArmor denials: 2 (since')),
(['--filter.name', '/'], (0, 'AppArmor denials: 10 (since')),
(['--filter.name', '/.*'], (0, 'AppArmor denials: 10 (since')),
(['--filter.name', '.*bin.*'], (0, 'AppArmor denials: 4 (since')),
(['--filter.name', '/(usr/)?bin.*'], (0, 'AppArmor denials: 4 (since')),
(['--filter.name', '/foo'], (0, 'AppArmor denials: 0 (since')),
)
login_params = ['-f', self.test_logfile_last_login, '-l']
for test in name_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + login_params + params)
if 'ERROR: Could not find last login' in output:
self.skipTest('Could not find last login')
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
class AANotifyDeniedFilterTest(AANotifyBase):
def test_denied_regex_since_100_days(self):
denied_tests = (
(['--filter.denied', 'x'], (0, 'AppArmor denials: 4 (since')),
(['--filter.denied', 'w'], (0, 'AppArmor denials: 2 (since')),
(['--filter.denied', 'rm'], (0, 'AppArmor denials: 8 (since')),
(['--filter.denied', 'r'], (0, 'AppArmor denials: 14 (since')),
(['--filter.denied', '^r$'], (0, 'AppArmor denials: 6 (since')),
(['--filter.denied', 'x|w'], (0, 'AppArmor denials: 6 (since')),
(['--filter.denied', '^(?!rm).*'], (0, 'AppArmor denials: 12 (since')),
(['--filter.denied', '.(?!m).*'], (0, 'AppArmor denials: 12 (since')),
(['--filter.denied', 'r.?'], (0, 'AppArmor denials: 14 (since')),
)
days_params = ['-f', self.test_logfile_current, '-s', '100']
for test in denied_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + days_params + params)
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
def test_denied_regex_since_login(self):
denied_tests = (
(['--filter.denied', 'x'], (0, 'AppArmor denials: 2 (since')),
(['--filter.denied', 'w'], (0, 'AppArmor denials: 1 (since')),
(['--filter.denied', 'rm'], (0, 'AppArmor denials: 4 (since')),
(['--filter.denied', 'r'], (0, 'AppArmor denials: 7 (since')),
(['--filter.denied', '^r$'], (0, 'AppArmor denials: 3 (since')),
(['--filter.denied', 'x|w'], (0, 'AppArmor denials: 3 (since')),
(['--filter.denied', '^(?!rm).*'], (0, 'AppArmor denials: 6 (since')),
(['--filter.denied', '.(?!m).*'], (0, 'AppArmor denials: 6 (since')),
(['--filter.denied', 'r.?'], (0, 'AppArmor denials: 7 (since')),
)
login_params = ['-f', self.test_logfile_last_login, '-l']
for test in denied_tests:
params = test[0]
expected = test[1]
with self.subTest(params=params, expected=expected):
expected_return_code = expected[0]
expected_output_has = expected[1]
return_code, output = cmd(aanotify_bin + login_params + params)
if 'ERROR: Could not find last login' in output:
self.skipTest('Could not find last login')
result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
aa-notify: Use AATest class in tests since possible now with Python
2019-02-11 20:18:44 +02:00
setup_aa(aa) # Wrapper for aa.init_aa()
setup_all_loops(__name__)
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
if __name__ == '__main__':
if 'APPARMOR_NOTIFY' in os.environ:
utils: test: test-aa-notify: Ensure aanotify_bin is always a list os.environ returns a string, but the default value is a list, and the concatenation of __AA_CONFDIR assumes a list. Thus, if APPARMOR_NOTIFY and __AA_CONFDIR were both specified, this would error out. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-01-22 11:52:38 -08:00
aanotify_bin = [os.environ['APPARMOR_NOTIFY']]
use aa-notify --configdir in test-aa-notify.py
2020-10-25 16:46:07 +01:00
utils: test: use sys.executable when launching aa-notify in tests If the tests are running under a different Python, then the aa-notify bin should use the same Python Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-01-22 12:04:35 -08:00
if sys.executable:
aanotify_bin = [sys.executable] + aanotify_bin
use aa-notify --configdir in test-aa-notify.py
2020-10-25 16:46:07 +01:00
if '__AA_CONFDIR' in os.environ:
aanotify_bin = aanotify_bin + ['--configdir', os.getenv('__AA_CONFDIR')]
Add tests for aa-notify This will help ensure the future rewrite of aa-notify from Perl to Python is less likely to introduce regressions. Tests run the command line utility via a subprocess so it does not matter that the tests are in Python but the aa-notify utility is in Perl (for now).
2019-02-03 23:01:30 +01:00
unittest.main(verbosity=1)
Reference in a new issue Copy permalink