Re: [apparmor] [patch] check for syntax error in aa.py get_profile_flags() and add tests

Mon, 02 Mar 2015 10:27:55 -0800 

Hello,

Am Montag, 2. März 2015 schrieb Steve Beattie:
> On Sun, Mar 01, 2015 at 04:08:23PM +0100, Christian Boltz wrote:
> > this patch adds some tests for aa.py get_profile_flags().
> > 
> > It also adds a check to get_profile_flags() to catch an invalid
> > syntax:
> >     /foo (  ) {
> > 
> > was accepted by get_profile_flags, while
> > 
> >     /foo () {
> > 
> > failed.
> > 
> > When testing with the parser, both result in a syntax error,
> > therefore the patch makes sure it also fails in
> > get_profile_flags().
> 
> As an aside, I can accept that the current behavior of the parser is
> to give an error here, though it could be better:
> 
>   $ echo 'profile /t () { } ' | apparmor_parser -d -QK
>   Warning from stdin (line 1): apparmor_parser: cannot use or update
> cache, disable, or force-complain via stdin AppArmor parser error, in
> stdin line 1: syntax error, unexpected TOK_CLOSEPAREN, expecting
> TOK_VALUE
> 
> I don't see any language test cases that cover this to ensure we
> retain this behavior:
> 
>   $ grep -Er "\( *\)" parser/tst/simple_tests/
>   parser/tst/simple_tests/unix/ok_regex_16.sd:  unix
> peer=(label=splat\(), parser/tst/simple_tests/dbus/ok_regex_06.sd: 
> dbus send bus=session peer=(label=splat\(),
> 
> So we should probably address that as well.

OK, that's an easy one ;-)

(if we ever decide that empty flags should be valid syntax, we can
rename the tests and update the description)


Add parser tests for empty flags (which result in "syntax error")


[ parser-test-add-empty-flags.diff ]

=== added file 'parser/tst/simple_tests/profile/flags/flags_bad16.sd'
--- parser/tst/simple_tests/profile/flags/flags_bad16.sd        1970-01-01 
00:00:00 +0000
+++ parser/tst/simple_tests/profile/flags/flags_bad16.sd        2015-03-02 
18:11:25 +0000
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure empty flags fail
+#=EXRESULT FAIL
+# vim:syntax=apparmor
+#
+/does/not/exist flags=() {
+
+  /does/not/exist r,
+}

=== added file 'parser/tst/simple_tests/profile/flags/flags_bad17.sd'
--- parser/tst/simple_tests/profile/flags/flags_bad17.sd        1970-01-01 
00:00:00 +0000
+++ parser/tst/simple_tests/profile/flags/flags_bad17.sd        2015-03-02 
18:15:26 +0000
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure empty (whitespace-only) flags fail
+#=EXRESULT FAIL
+# vim:syntax=apparmor
+#
+/does/not/exist (      ) {
+
+  /does/not/exist r,
+}



Regards,

Christian Boltz
-- 
Hier wird wohl im Moment alles gesiggt, was bei drei 
nicht auf dem Baum ist.     [Thilo Machotta in dag°]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to