apparmor/utils/test/test-baserule.py

#! /usr/bin/python3
# ------------------------------------------------------------------
#
#    Copyright (C) 2015 Christian Boltz <apparmor@cboltz.de>
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

import re
import unittest

import apparmor.severity as severity
from apparmor.common import AppArmorBug, hasher
from apparmor.rule import BaseRule, parse_modifiers
from common_test import AATest, setup_all_loops


class TestBaserule(AATest):

    class ValidSubclass(BaseRule):
        @classmethod
        def _create_instance(cls, raw_rule, matches):
            pass

        def get_clean(self, depth=0):
            pass

        def _is_covered_localvars(self, other_rule):
            pass

        def _is_equal_localvars(self, other_rule, strict):
            pass

        def _logprof_header_localvars(self):
            pass

    def test_implemented_abstract_methods(self):
        self.ValidSubclass()

    def test_unimplemented_abstract_methods(self):
        with self.assertRaises(TypeError):
            BaseRule()

        class InvalidSubclass(BaseRule):
            pass

        with self.assertRaises(TypeError):
            InvalidSubclass()

    def test_abstract__create_instance(self):
        with self.assertRaises(NotImplementedError):
            BaseRule._create_instance('foo', None)

    def test_abstract__create_instance_2(self):
        with self.assertRaises(AppArmorBug):
            BaseRule.create_instance('foo')

    def test_abstract__match(self):
        with self.assertRaises(AppArmorBug):
            BaseRule._match('foo')

    def test_abstract__match2(self):
        with self.assertRaises(AppArmorBug):
            BaseRule.match('foo')

    def test_abstract__match3(self):
        with self.assertRaises(NotImplementedError):
            self.ValidSubclass.match('foo')

    def test_parse_modifiers_invalid(self):
        regex = re.compile(r'^\s*(?P<audit>audit\s+)?(?P<allow>allow\s+|deny\s+|invalid\s+)?')
        matches = regex.search('audit invalid ')

        with self.assertRaises(AppArmorBug):
            parse_modifiers(matches)

    def test_default_severity(self):
        sev_db = severity.Severity('../severity.db', 'unknown')
        obj = self.ValidSubclass()
        rank = obj.severity(sev_db)
        self.assertEqual(rank, sev_db.NOT_IMPLEMENTED)

    def test_edit_header_localvars(self):
        obj = self.ValidSubclass()
        with self.assertRaises(NotImplementedError):
            obj.edit_header()

    def test_validate_edit_localvars(self):
        obj = self.ValidSubclass()
        with self.assertRaises(NotImplementedError):
            obj.validate_edit('/foo')

    def test_store_edit_localvars(self):
        obj = self.ValidSubclass()
        with self.assertRaises(NotImplementedError):
            obj.store_edit('/foo')

    def test_from_hashlog(self):
        obj = self.ValidSubclass()
        with self.assertRaises(NotImplementedError):
            obj.from_hashlog(hasher())

    def test_hashlog_from_event(self):
        with self.assertRaises(NotImplementedError):
            BaseRule.hashlog_from_event(None, None)


setup_all_loops(__name__)
if __name__ == '__main__':
    unittest.main(verbosity=1)
Switch utils to python3 As discussed a while ago, switch the utils (including their tests) to use python3 by default. While on it, drop usage of "env" to always get the system python3 instead of a random one that happens to live somewhere in $PATH. In practise, this patch doesn't change much - AFAIK openSUSE, Debian and Ubuntu already patch aa-* to use python3. Also add a note to README to officially deprecate Python 2.x. (I won't break Python 2.x support intentionally - unless some future change gives me a very good reason to finally drop Python 2.x support.) Acked-by: Seth Arnold <seth.arnold@canonical.com> (since 2016-08-23, but the commit had to wait for the FileRule series because it touches test-file.py) 2016-10-01 20:57:09 +02:00			`#! /usr/bin/python3`
Add tests for Baserule Add some tests for the Baserule class to cover the 3 functions that must be re-implemented in each rule class. This means we finally get 100% test coverage for apparmor/rule/__init__.py ;-) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:05:10 +02:00			`# ------------------------------------------------------------------`
			`#`
			`# Copyright (C) 2015 Christian Boltz <apparmor@cboltz.de>`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License published by the Free Software Foundation.`
			`#`
			`# ------------------------------------------------------------------`

Order imports and module-level dunder name assignments. 2022-08-07 20:32:07 -04:00			`import re`
Add tests for Baserule Add some tests for the Baserule class to cover the 3 functions that must be re-implemented in each rule class. This means we finally get 100% test coverage for apparmor/rule/__init__.py ;-) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:05:10 +02:00			`import unittest`

Order imports and module-level dunder name assignments. 2022-08-07 20:32:07 -04:00			`import apparmor.severity as severity`
utils: Simplify logparsing and rule creation from hashlog/event 2024-07-23 16:09:53 +00:00			`from apparmor.common import AppArmorBug, hasher`
Move test_parse_modifiers_invalid() to test-baserule.py test_parse_modifiers_invalid() uses a hand-broken ;-) regex to parse only the allow/deny/audit keywords. This test applies to all rule types and doesn't contain anything specific to capability or other rules, therefore it should live in test-baserule.py Moving that test also means to move the imports for parse_modifiers and re around (nothing else in test-capability.py needs them). Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:08:24 +02:00			`from apparmor.rule import BaseRule, parse_modifiers`
Order imports and module-level dunder name assignments. 2022-08-07 20:32:07 -04:00			`from common_test import AATest, setup_all_loops`
Add tests for Baserule Add some tests for the Baserule class to cover the 3 functions that must be re-implemented in each rule class. This means we finally get 100% test coverage for apparmor/rule/__init__.py ;-) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:05:10 +02:00
Fix most PEP 8 whitespace, indentation, and major line length violations. 2022-08-07 12:26:24 -04:00
Add tests for Baserule Add some tests for the Baserule class to cover the 3 functions that must be re-implemented in each rule class. This means we finally get 100% test coverage for apparmor/rule/__init__.py ;-) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:05:10 +02:00			`class TestBaserule(AATest):`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00
			`class ValidSubclass(BaseRule):`
			`@classmethod`
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> 2024-05-17 13:53:42 +02:00			`def _create_instance(cls, raw_rule, matches):`
			`pass`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> 2024-05-17 13:53:42 +02:00			`def get_clean(self, depth=0):`
			`pass`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> 2024-05-17 13:53:42 +02:00			`def _is_covered_localvars(self, other_rule):`
			`pass`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> 2024-05-17 13:53:42 +02:00			`def _is_equal_localvars(self, other_rule, strict):`
			`pass`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00
utils: fix coding style to match PEP8 Annotate exceptions with ' # noqa: ERROR' Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> 2024-05-17 13:53:42 +02:00			`def _logprof_header_localvars(self):`
			`pass`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00
			`def test_implemented_abstract_methods(self):`
			`self.ValidSubclass()`

			`def test_unimplemented_abstract_methods(self):`
			`with self.assertRaises(TypeError):`
			`BaseRule()`

			`class InvalidSubclass(BaseRule):`
			`pass`

			`with self.assertRaises(TypeError):`
			`InvalidSubclass()`

Rename BaseRule's _parse() method to _create_instance() 2022-09-10 19:54:20 -04:00			`def test_abstract__create_instance(self):`
Change abstract methods in BaseRule to use NotImplementedError As Kshitij mentioned, abstract methods should use NotImplementedError instead of AppArmorBug. While changing this, I noticed that __repr__() needs to be robust against NotImplementedError because get_raw() is not available in BaseRule. Therefore the patch changes __repr__() to catch NotImplementedError. Of course the change to NotImplementedError also needs several adjustments in the tests. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> (long before branching off 2.10, therefore I'll also commit to 2.10) 2015-11-24 00:16:35 +01:00			`with self.assertRaises(NotImplementedError):`
Unify rule._match() calls 2022-11-15 22:30:49 -05:00			`BaseRule._create_instance('foo', None)`
Add tests for Baserule Add some tests for the Baserule class to cover the 3 functions that must be re-implemented in each rule class. This means we finally get 100% test coverage for apparmor/rule/__init__.py ;-) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:05:10 +02:00
Rename BaseRule's parse() method to create_instance() 2022-09-10 19:45:22 -04:00			`def test_abstract__create_instance_2(self):`
Unify rule._match() implementations 2022-11-15 22:49:16 -05:00			`with self.assertRaises(AppArmorBug):`
Rename BaseRule's parse() method to create_instance() 2022-09-10 19:45:22 -04:00			`BaseRule.create_instance('foo')`
Add match() and _match() class methods to rule classes Add match() and _match() class methods to rule classes: - _match() returns a regex match object for the given raw_rule - match() converts the _match() result to True or False The primary usage is to get an answer to the question "is this raw_rule your job?". (For a moment, I thought about naming the function Rule.myjob() instead of Rule.match() ;-) My next patch will change aa.py to use Rule.match() instead of directly using RE_, which will make the import list much shorter and hide another implementation detail inside the rule classes. Also change _parse() to use _match() instead of the regex, and add some tests for match() and _match(). Acked-by: Seth Arnold <seth.arnold@canonical.com> 2015-04-26 21:59:12 +02:00
			`def test_abstract__match(self):`
Unify rule._match() implementations 2022-11-15 22:49:16 -05:00			`with self.assertRaises(AppArmorBug):`
Add match() and _match() class methods to rule classes Add match() and _match() class methods to rule classes: - _match() returns a regex match object for the given raw_rule - match() converts the _match() result to True or False The primary usage is to get an answer to the question "is this raw_rule your job?". (For a moment, I thought about naming the function Rule.myjob() instead of Rule.match() ;-) My next patch will change aa.py to use Rule.match() instead of directly using RE_, which will make the import list much shorter and hide another implementation detail inside the rule classes. Also change _parse() to use _match() instead of the regex, and add some tests for match() and _match(). Acked-by: Seth Arnold <seth.arnold@canonical.com> 2015-04-26 21:59:12 +02:00			`BaseRule._match('foo')`

			`def test_abstract__match2(self):`
Unify rule._match() implementations 2022-11-15 22:49:16 -05:00			`with self.assertRaises(AppArmorBug):`
Add match() and _match() class methods to rule classes Add match() and _match() class methods to rule classes: - _match() returns a regex match object for the given raw_rule - match() converts the _match() result to True or False The primary usage is to get an answer to the question "is this raw_rule your job?". (For a moment, I thought about naming the function Rule.myjob() instead of Rule.match() ;-) My next patch will change aa.py to use Rule.match() instead of directly using RE_, which will make the import list much shorter and hide another implementation detail inside the rule classes. Also change _parse() to use _match() instead of the regex, and add some tests for match() and _match(). Acked-by: Seth Arnold <seth.arnold@canonical.com> 2015-04-26 21:59:12 +02:00			`BaseRule.match('foo')`

Unify rule._match() implementations 2022-11-15 22:49:16 -05:00			`def test_abstract__match3(self):`
			`with self.assertRaises(NotImplementedError):`
			`self.ValidSubclass.match('foo')`

Move test_parse_modifiers_invalid() to test-baserule.py test_parse_modifiers_invalid() uses a hand-broken ;-) regex to parse only the allow/deny/audit keywords. This test applies to all rule types and doesn't contain anything specific to capability or other rules, therefore it should live in test-baserule.py Moving that test also means to move the imports for parse_modifiers and re around (nothing else in test-capability.py needs them). Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:08:24 +02:00			`def test_parse_modifiers_invalid(self):`
Resolve string escape sequence DeprecationWarnings 2022-11-20 13:41:44 -05:00			`regex = re.compile(r'^\s*(?P<audit>audit\s+)?(?P<allow>allow\s+\|deny\s+\|invalid\s+)?')`
Move test_parse_modifiers_invalid() to test-baserule.py test_parse_modifiers_invalid() uses a hand-broken ;-) regex to parse only the allow/deny/audit keywords. This test applies to all rule types and doesn't contain anything specific to capability or other rules, therefore it should live in test-baserule.py Moving that test also means to move the imports for parse_modifiers and re around (nothing else in test-capability.py needs them). Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:08:24 +02:00			`matches = regex.search('audit invalid ')`

			`with self.assertRaises(AppArmorBug):`
			`parse_modifiers(matches)`

Add severity() to BaseRule class severity() will, surprise!, return the severity of a rule, or sev_db.NOT_IMPLEMENTED if a *Rule class doesn't implement the severity() function. Also add the NOT_IMPLEMENTED constant to severity.py, and a test to test-baserule.py that checks the return value in BaseRule. Acked-by: Steve Beattie <steve@nxnw.org> 2015-06-06 13:56:26 +02:00			`def test_default_severity(self):`
Run severity tests with official severity.db ... instead of the slightly outdated copy in test/ 2021-04-14 21:32:34 +02:00			`sev_db = severity.Severity('../severity.db', 'unknown')`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00			`obj = self.ValidSubclass()`
Add severity() to BaseRule class severity() will, surprise!, return the severity of a rule, or sev_db.NOT_IMPLEMENTED if a *Rule class doesn't implement the severity() function. Also add the NOT_IMPLEMENTED constant to severity.py, and a test to test-baserule.py that checks the return value in BaseRule. Acked-by: Steve Beattie <steve@nxnw.org> 2015-06-06 13:56:26 +02:00			`rank = obj.severity(sev_db)`
			`self.assertEqual(rank, sev_db.NOT_IMPLEMENTED)`
Move test_parse_modifiers_invalid() to test-baserule.py test_parse_modifiers_invalid() uses a hand-broken ;-) regex to parse only the allow/deny/audit keywords. This test applies to all rule types and doesn't contain anything specific to capability or other rules, therefore it should live in test-baserule.py Moving that test also means to move the imports for parse_modifiers and re around (nothing else in test-capability.py needs them). Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:08:24 +02:00
[19/38] Add support for editing paths to FileRule This means adding - self.can_edit - True if editing via '(N)ew' should be possible (will be False for bare file rules) - edit_header() - returns the prompt text and the current path - validate_edit() - checks if the new path matches the original one - store_edit() - changes the path to the new one (even if it doesn't match the old one) self.can_edit and the 3 functions are also added to BaseRule: - can_edit is False by default - the functions raise a NotImplementedError Also add tests for the added code. Acked-by: Steve Beattie <steve@nxnw.org> 2016-10-01 20:00:32 +02:00			`def test_edit_header_localvars(self):`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00			`obj = self.ValidSubclass()`
[19/38] Add support for editing paths to FileRule This means adding - self.can_edit - True if editing via '(N)ew' should be possible (will be False for bare file rules) - edit_header() - returns the prompt text and the current path - validate_edit() - checks if the new path matches the original one - store_edit() - changes the path to the new one (even if it doesn't match the old one) self.can_edit and the 3 functions are also added to BaseRule: - can_edit is False by default - the functions raise a NotImplementedError Also add tests for the added code. Acked-by: Steve Beattie <steve@nxnw.org> 2016-10-01 20:00:32 +02:00			`with self.assertRaises(NotImplementedError):`
			`obj.edit_header()`

			`def test_validate_edit_localvars(self):`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00			`obj = self.ValidSubclass()`
[19/38] Add support for editing paths to FileRule This means adding - self.can_edit - True if editing via '(N)ew' should be possible (will be False for bare file rules) - edit_header() - returns the prompt text and the current path - validate_edit() - checks if the new path matches the original one - store_edit() - changes the path to the new one (even if it doesn't match the old one) self.can_edit and the 3 functions are also added to BaseRule: - can_edit is False by default - the functions raise a NotImplementedError Also add tests for the added code. Acked-by: Steve Beattie <steve@nxnw.org> 2016-10-01 20:00:32 +02:00			`with self.assertRaises(NotImplementedError):`
			`obj.validate_edit('/foo')`

			`def test_store_edit_localvars(self):`
Make BaseRule a proper abstract base class 2022-09-27 22:14:31 -04:00			`obj = self.ValidSubclass()`
[19/38] Add support for editing paths to FileRule This means adding - self.can_edit - True if editing via '(N)ew' should be possible (will be False for bare file rules) - edit_header() - returns the prompt text and the current path - validate_edit() - checks if the new path matches the original one - store_edit() - changes the path to the new one (even if it doesn't match the old one) self.can_edit and the 3 functions are also added to BaseRule: - can_edit is False by default - the functions raise a NotImplementedError Also add tests for the added code. Acked-by: Steve Beattie <steve@nxnw.org> 2016-10-01 20:00:32 +02:00			`with self.assertRaises(NotImplementedError):`
			`obj.store_edit('/foo')`

utils: Simplify logparsing and rule creation from hashlog/event 2024-07-23 16:09:53 +00:00			`def test_from_hashlog(self):`
			`obj = self.ValidSubclass()`
			`with self.assertRaises(NotImplementedError):`
			`obj.from_hashlog(hasher())`

			`def test_hashlog_from_event(self):`
			`with self.assertRaises(NotImplementedError):`
			`BaseRule.hashlog_from_event(None, None)`

Add tests for Baserule Add some tests for the Baserule class to cover the 3 functions that must be re-implemented in each rule class. This means we finally get 100% test coverage for apparmor/rule/__init__.py ;-) Acked-by: Kshitij Gupta <kgupta8592@gmail.com> 2015-04-22 22:05:10 +02:00
			`setup_all_loops(__name__)`
			`if __name__ == '__main__':`
make utils tests less verbose Given the big number of tests, printing a dot for each test (instead of multiple lines) is enough ;-) 2018-04-08 20:18:30 +02:00			`unittest.main(verbosity=1)`