Hello, this patch adds a check to parse_profile_data() to detect if a file contains two profiles with the same name.
Note: Two profiles with the same name, but in different files, won't be detected by this check. Also add basic tests to ensure that a valid profile gets parsed, and two profiles with the same name inside the same file raise an exception. (Sidenote: these simple tests improve aa.py coverage from 9% to 12%, which also confirms the function is too long ;-) [ 11-parse_profile_data-check-in-file-duplicates.diff ] === modified file utils/apparmor/aa.py --- utils/apparmor/aa.py 2015-05-17 21:01:43.242707282 +0200 +++ utils/apparmor/aa.py 2015-05-17 22:52:42.724981850 +0200 @@ -2638,6 +2647,11 @@ # Starting line of a profile if RE_PROFILE_START.search(line): (profile, hat, attachment, flags, in_contained_hat, pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file, lineno, profile, hat) + + if profile_data[profile].get(hat, False): + raise AppArmorException('Profile %(profile)s defined twice in %(file)s, last found in line %(line)s' % + { 'file': file, 'line': lineno + 1, 'profile': combine_name(profile, hat) }) + if attachment: profile_data[profile][hat]['attachment'] = attachment if pps_set_profile: === modified file utils/test/test-aa.py --- utils/test/test-aa.py 2015-05-17 22:58:08.045895428 +0200 +++ utils/test/test-aa.py 2015-05-17 23:17:34.462485547 +0200 @@ -13,7 +13,8 @@ from common_test import AATest, setup_all_loops from common_test import read_file, write_file -from apparmor.aa import check_for_apparmor, get_profile_flags, set_profile_flags, is_skippable_file, is_skippable_dir, parse_profile_start, separate_vars, store_list_var, write_header, serialize_parse_profile_start +from apparmor.aa import (check_for_apparmor, get_profile_flags, set_profile_flags, is_skippable_file, is_skippable_dir, + parse_profile_start, parse_profile_data, separate_vars, store_list_var, write_header, serialize_parse_profile_start) from apparmor.common import AppArmorException, AppArmorBug class AaTestWithTempdir(AATest): @@ -381,6 +382,21 @@ with self.assertRaises(AppArmorBug): self._parse('xy', '/bar', '/bar') # not a profile start +class AaTest_parse_profile_data(AATest): + def test_parse_empty_profile_01(self): + prof = parse_profile_data('/foo {\n}\n'.split(), 'somefile', False) + + self.assertEqual(list(prof.keys()), ['/foo']) + self.assertEqual(list(prof['/foo'].keys()), ['/foo']) + self.assertEqual(prof['/foo']['/foo']['name'], '/foo') + self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile') + self.assertEqual(prof['/foo']['/foo']['flags'], None) + + def test_parse_empty_profile_02(self): + with self.assertRaises(AppArmorException): + # file contains two profiles with the same name + parse_profile_data('profile /foo {\n}\nprofile /foo {\n}\n'.split(), 'somefile', False) + class AaTest_separate_vars(AATest): tests = [ ('' , set() ), Regards, Christian Boltz -- > You cannot mix selections and patterns in a product - and we > will remove all selection support now. AAARRRRRRGGGGGG. Needing to re-write makeSUSEdvd again. ;-) It looks like you do all this on purpose, just to anoy me. :-D [> Andreas Jaeger and houghi in opensuse] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor