'Re: [apparmor] [patch 14/18] parser: add additional language tests to get wider test coverage'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apparmor-dev
Subject:    Re: [apparmor] [patch 14/18] parser: add additional language tests to get wider test coverage
From:       John Johansen <john.johansen () canonical ! com>
Date:       2014-01-24 10:29:35
Message-ID: 52E2408F.2060501 () canonical ! com
[Download RAW message or body]

On 01/17/2014 11:16 PM, Steve Beattie wrote:

> 
> Ah, so it is. Here's a patch that adds it, as well as some additional
> test cases around the combinations of audit, allow, deny and other:
> 
> Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>

> ---
> parser/tst/simple_tests/file/allow/ok_other_1.sd |    7 +++++++
> parser/tst/simple_tests/file/allow/ok_other_2.sd |    7 +++++++
> parser/tst/simple_tests/file/ok_other_2.sd       |    7 +++++++
> parser/tst/simple_tests/file/ok_other_3.sd       |    7 +++++++
> utils/vim/create-apparmor.vim.py                 |    8 ++++----
> 5 files changed, 32 insertions(+), 4 deletions(-)
> 
> Index: b/utils/vim/create-apparmor.vim.py
> ===================================================================
> --- a/utils/vim/create-apparmor.vim.py
> +++ b/utils/vim/create-apparmor.vim.py
> @@ -88,11 +88,11 @@ filename=r'(\/|\@\{\S*\})\S*'
> 
> aa_regex_map = {
> 'FILENAME':         filename,
> -    'FILE':             r'\v^\s*(audit\s+)?(deny\s+|allow\s+)?(owner\s+)?' + \
> filename + r'\s+', # Start of a file rule +    'FILE':             \
> r'\v^\s*(audit\s+)?(deny\s+|allow\s+)?(owner\s+|other\s+)?' + filename + r'\s+', # \
> Start of a file rule # (whitespace_+_, owner etc. flag_?_, filename pattern, \
>                 whitespace_+_)
> -    'DENYFILE':         r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + \
>                 r'\s+', # deny, otherwise like FILE
> -    'auditdenyowner':   r'(audit\s+)?(deny\s+|allow\s+)?(owner\s+)?',
> -    'audit_DENY_owner': r'(audit\s+)?deny\s+(owner\s+)?', # must include "deny", \
> otherwise like auditdenyowner +    'DENYFILE':         \
> r'\v^\s*(audit\s+)?deny\s+(owner\s+|other\s+)?' + filename + r'\s+', # deny, \
> otherwise like FILE +    'auditdenyowner':   \
> r'(audit\s+)?(deny\s+|allow\s+)?(owner\s+|other\s+)?', +    'audit_DENY_owner': \
> r'(audit\s+)?deny\s+(owner\s+|other\s+)?', # must include "deny", otherwise like \
> auditdenyowner 'auditdeny':        r'(audit\s+)?(deny\s+|allow\s+)?',
> 'EOL':              r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line (whitespace_?_, \
> comma, whitespace_?_ comment.*) 'TRANSITION':       r'(\s+-\>\s+\S+)?',
> Index: b/parser/tst/simple_tests/file/ok_other_2.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/ok_other_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION simple deny other flag test
> +#=EXRESULT PASS
> +
> +profile test {
> +  deny other /tmp/** rw,
> +}
> Index: b/parser/tst/simple_tests/file/ok_other_3.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/ok_other_3.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION simple other flag test
> +#=EXRESULT PASS
> +
> +profile test {
> +  audit other /tmp/** rw,
> +}
> Index: b/parser/tst/simple_tests/file/allow/ok_other_1.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_other_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION simple allow other flag test
> +#=EXRESULT PASS
> +
> +profile test {
> +  allow other /tmp/** rw,
> +}
> Index: b/parser/tst/simple_tests/file/allow/ok_other_2.sd
> ===================================================================
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_other_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION simple audit allow other flag test
> +#=EXRESULT PASS
> +
> +profile test {
> +  audit allow other /tmp/** rw,
> +}
> 
> > That all said - I remember that we discussed an automated way to test 
> > apparmor.vim (basically by letting vim write the colored file as HTML) - 
> > but that was loooong ago and I don't remember the details.
> > 
> > Can someone give a pointer or, better, provide a patch for the tests/ 
> > Makefile? ;-)
> 
> I don't have time to draw up a patch, but the 2html.vim
> syntax plugin looks like it's the right thing to use, based on
> http://vim.wikia.com/wiki/Pasting_code_with_syntax_coloring_in_emails ,
> if anyone else wants to take this on.
> 
> 
> 

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

[prev in list] [next in list] [prev in thread] [next in thread] 