apparmor/parser/tst/errors.py

#!/usr/bin/env python3
# ------------------------------------------------------------------
#
#  Copyright (C) 2013-2020 Canonical Ltd.
#  Authors: Steve Beattie <steve.beattie@canonical.com>
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of version 2 of the GNU General Public
#  License published by the Free Software Foundation.
#
#  Simple test script for checking for errors and warnings emitted by
#  the apparmor parser.
#
# ------------------------------------------------------------------

from argparse import ArgumentParser
import os
import unittest
import subprocess
import testlib

config = None

class AAErrorTests(testlib.AATestTemplate):
    def setUp(self):
        self.maxDiff = None
        self.cmd_prefix = [config.parser, '--config-file=./parser.conf', '-S', '-I', 'errors']

    def _run_test(self, profile, message='', is_error=True):
        cmd = self.cmd_prefix + [profile]

        (rc, out, outerr) = self._run_cmd(cmd, stdout=subprocess.DEVNULL)
        report = "\nCommand: %s\nExit value:%s\nSTDERR\n%s" % (" ".join(cmd), rc, outerr)
        if is_error:
            self.assertNotEqual(rc, 0, report)
        else:
            self.assertEqual(rc, 0, report)

        ignore_messages = [
            'Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)\n',
        ]
        for ign in ignore_messages:
            if ign in outerr:
                outerr = outerr.replace(ign, '')

        self.assertEqual(message, outerr, report)

    def test_okay(self):
        self._run_test('errors/okay.sd', is_error=False)

    def test_single(self):
        self._run_test(
            'errors/single.sd',
            "AppArmor parser error for errors/single.sd in profile errors/single.sd at line 3: Could not open 'failure'\n",
        )

    def test_double(self):
        self._run_test(
            'errors/double.sd',
            "AppArmor parser error for errors/double.sd in profile errors/includes/busted at line 66: Could not open 'does-not-exist'\n",
        )

    def test_modefail(self):
        self._run_test(
            'errors/modefail.sd',
            "AppArmor parser error for errors/modefail.sd in profile errors/modefail.sd at line 6: syntax error, unexpected TOK_ID, expecting TOK_MODE\n",
        )

    def test_multi_include(self):
        self._run_test(
            'errors/multi_include.sd',
            "AppArmor parser error for errors/multi_include.sd in profile errors/multi_include.sd at line 12: Could not open 'failure'\n",
        )

    def test_deprecation1(self):
        self.cmd_prefix.extend(['--warn=deprecated'])
        self._run_test(
            'errors/deprecation1.sd',
            "Warning from errors/deprecation1.sd (errors/deprecation1.sd line 6): The use of file paths as profile names is deprecated. See man apparmor.d for more information\n",
            is_error=False
        )

    def test_deprecation2(self):
        self.cmd_prefix.extend(['--warn=deprecated'])
        self._run_test(
            'errors/deprecation2.sd',
            "Warning from errors/deprecation2.sd (errors/deprecation2.sd line 6): The use of file paths as profile names is deprecated. See man apparmor.d for more information\n",
            is_error=False
        )


def main():
    rc = 0

    global config
    p = ArgumentParser()
    p.add_argument('-p', '--parser', default=testlib.DEFAULT_PARSER, action="store", dest='parser',
                   help="Specify path of apparmor parser to use [default = %(default)s]")
    p.add_argument('-v', '--verbose', action="store_true", dest="verbose")
    config = p.parse_args()

    verbosity = 1
    if config.verbose:
        verbosity = 2

    test_suite = unittest.TestSuite()
    test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAErrorTests))
    try:
        result = unittest.TextTestRunner(verbosity=verbosity).run(test_suite)
        if not result.wasSuccessful():
            rc = 1
    except:
        rc = 1

    return rc


if __name__ == "__main__":
    exit(main())
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`#!/usr/bin/env python3`
			`# ------------------------------------------------------------------`
			`#`
			`# Copyright (C) 2013-2020 Canonical Ltd.`
			`# Authors: Steve Beattie <steve.beattie@canonical.com>`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of version 2 of the GNU General Public`
			`# License published by the Free Software Foundation.`
			`#`
			`# Simple test script for checking for errors and warnings emitted by`
			`# the apparmor parser.`
			`#`
			`# ------------------------------------------------------------------`

			`from argparse import ArgumentParser`
			`import os`
			`import unittest`
			`import subprocess`
			`import testlib`

			`config = None`

			`class AAErrorTests(testlib.AATestTemplate):`
			`def setUp(self):`
			`self.maxDiff = None`
			`self.cmd_prefix = [config.parser, '--config-file=./parser.conf', '-S', '-I', 'errors']`

Ensure empty stderr if no errors are expected ... instead of not checking stderr if it's expected to be empty. 2020-10-04 19:49:35 +02:00			`def _run_test(self, profile, message='', is_error=True):`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`cmd = self.cmd_prefix + [profile]`

			`(rc, out, outerr) = self._run_cmd(cmd, stdout=subprocess.DEVNULL)`
			`report = "\nCommand: %s\nExit value:%s\nSTDERR\n%s" % (" ".join(cmd), rc, outerr)`
			`if is_error:`
			`self.assertNotEqual(rc, 0, report)`
			`else:`
			`self.assertEqual(rc, 0, report)`

Test for full parser error messages, not parts By using assertIn, we test if a given message is contained in the parser error message. This can (and actually does) hide errors if the error message changes outside the checked part. Change the test to assertEqual to test the full error message, and add '\n' to all expected error messages to make them still match. Depending on the kernel version and patches, there can be an additional message Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) which will be ignored by the check. 2020-09-21 00:18:00 +02:00			`ignore_messages = [`
			`'Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)\n',`
			`]`
			`for ign in ignore_messages:`
			`if ign in outerr:`
			`outerr = outerr.replace(ign, '')`

Ensure empty stderr if no errors are expected ... instead of not checking stderr if it's expected to be empty. 2020-10-04 19:49:35 +02:00			`self.assertEqual(message, outerr, report)`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00
			`def test_okay(self):`
			`self._run_test('errors/okay.sd', is_error=False)`

			`def test_single(self):`
			`self._run_test(`
			`'errors/single.sd',`
Test for full parser error messages, not parts By using assertIn, we test if a given message is contained in the parser error message. This can (and actually does) hide errors if the error message changes outside the checked part. Change the test to assertEqual to test the full error message, and add '\n' to all expected error messages to make them still match. Depending on the kernel version and patches, there can be an additional message Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) which will be ignored by the check. 2020-09-21 00:18:00 +02:00			`"AppArmor parser error for errors/single.sd in profile errors/single.sd at line 3: Could not open 'failure'\n",`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`)`

			`def test_double(self):`
			`self._run_test(`
			`'errors/double.sd',`
Test for full parser error messages, not parts By using assertIn, we test if a given message is contained in the parser error message. This can (and actually does) hide errors if the error message changes outside the checked part. Change the test to assertEqual to test the full error message, and add '\n' to all expected error messages to make them still match. Depending on the kernel version and patches, there can be an additional message Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) which will be ignored by the check. 2020-09-21 00:18:00 +02:00			`"AppArmor parser error for errors/double.sd in profile errors/includes/busted at line 66: Could not open 'does-not-exist'\n",`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`)`

			`def test_modefail(self):`
			`self._run_test(`
			`'errors/modefail.sd',`
Test for full parser error messages, not parts By using assertIn, we test if a given message is contained in the parser error message. This can (and actually does) hide errors if the error message changes outside the checked part. Change the test to assertEqual to test the full error message, and add '\n' to all expected error messages to make them still match. Depending on the kernel version and patches, there can be an additional message Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) which will be ignored by the check. 2020-09-21 00:18:00 +02:00			`"AppArmor parser error for errors/modefail.sd in profile errors/modefail.sd at line 6: syntax error, unexpected TOK_ID, expecting TOK_MODE\n",`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`)`

			`def test_multi_include(self):`
			`self._run_test(`
			`'errors/multi_include.sd',`
Test for full parser error messages, not parts By using assertIn, we test if a given message is contained in the parser error message. This can (and actually does) hide errors if the error message changes outside the checked part. Change the test to assertEqual to test the full error message, and add '\n' to all expected error messages to make them still match. Depending on the kernel version and patches, there can be an additional message Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) which will be ignored by the check. 2020-09-21 00:18:00 +02:00			`"AppArmor parser error for errors/multi_include.sd in profile errors/multi_include.sd at line 12: Could not open 'failure'\n",`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`)`

			`def test_deprecation1(self):`
parser: Add warning flag that can toggle deprecation warnings Add the flag --warn=deprecated to be able to toggle deprecation warnings MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/600 Signed-off-by: John Johansen <john.johansen@canonical.com> 2020-08-28 07:30:06 -07:00			`self.cmd_prefix.extend(['--warn=deprecated'])`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`self._run_test(`
			`'errors/deprecation1.sd',`
Test for full parser error messages, not parts By using assertIn, we test if a given message is contained in the parser error message. This can (and actually does) hide errors if the error message changes outside the checked part. Change the test to assertEqual to test the full error message, and add '\n' to all expected error messages to make them still match. Depending on the kernel version and patches, there can be an additional message Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) which will be ignored by the check. 2020-09-21 00:18:00 +02:00			`"Warning from errors/deprecation1.sd (errors/deprecation1.sd line 6): The use of file paths as profile names is deprecated. See man apparmor.d for more information\n",`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`is_error=False`
			`)`

			`def test_deprecation2(self):`
parser: Add warning flag that can toggle deprecation warnings Add the flag --warn=deprecated to be able to toggle deprecation warnings MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/600 Signed-off-by: John Johansen <john.johansen@canonical.com> 2020-08-28 07:30:06 -07:00			`self.cmd_prefix.extend(['--warn=deprecated'])`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`self._run_test(`
			`'errors/deprecation2.sd',`
Test for full parser error messages, not parts By using assertIn, we test if a given message is contained in the parser error message. This can (and actually does) hide errors if the error message changes outside the checked part. Change the test to assertEqual to test the full error message, and add '\n' to all expected error messages to make them still match. Depending on the kernel version and patches, there can be an additional message Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) which will be ignored by the check. 2020-09-21 00:18:00 +02:00			`"Warning from errors/deprecation2.sd (errors/deprecation2.sd line 6): The use of file paths as profile names is deprecated. See man apparmor.d for more information\n",`
parser tests: convert makefile error tests to python script Make the error and warning message tests a first class test script; in gitlab CI, failures would not necessarily result in output being captured. Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/522 2020-05-05 00:25:49 -07:00			`is_error=False`
			`)`


			`def main():`
			`rc = 0`

			`global config`
			`p = ArgumentParser()`
			`p.add_argument('-p', '--parser', default=testlib.DEFAULT_PARSER, action="store", dest='parser',`
			`help="Specify path of apparmor parser to use [default = %(default)s]")`
			`p.add_argument('-v', '--verbose', action="store_true", dest="verbose")`
			`config = p.parse_args()`

			`verbosity = 1`
			`if config.verbose:`
			`verbosity = 2`

			`test_suite = unittest.TestSuite()`
			`test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAErrorTests))`
			`try:`
			`result = unittest.TextTestRunner(verbosity=verbosity).run(test_suite)`
			`if not result.wasSuccessful():`
			`rc = 1`
			`except:`
			`rc = 1`

			`return rc`


			`if __name__ == "__main__":`
			`exit(main())`