Hello,
this patch adds a check to parse_profile_data() to detect if a file
contains two profiles with the same name.
Note: Two profiles with the same name, but in different files, won't be
detected by this check.
Also add basic tests to ensure that a valid profile gets parsed, and two
profiles with the same name inside the same file raise an exception.
(Sidenote: these simple tests improve aa.py coverage from 9% to 12%,
which also confirms the function is too long ;-)
[ 11-parse_profile_data-check-in-file-duplicates.diff ]
=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-05-17 21:01:43.242707282 +0200
+++ utils/apparmor/aa.py 2015-05-17 22:52:42.724981850 +0200
@@ -2638,6 +2647,11 @@
# Starting line of a profile
if RE_PROFILE_START.search(line):
(profile, hat, attachment, flags, in_contained_hat,
pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file,
lineno, profile, hat)
+
+ if profile_data[profile].get(hat, False):
+ raise AppArmorException('Profile %(profile)s defined twice in
%(file)s, last found in line %(line)s' %
+ { 'file': file, 'line': lineno + 1, 'profile':
combine_name(profile, hat) })
+
if attachment:
profile_data[profile][hat]['attachment'] = attachment
if pps_set_profile:
=== modified file utils/test/test-aa.py
--- utils/test/test-aa.py 2015-05-17 22:58:08.045895428 +0200
+++ utils/test/test-aa.py 2015-05-17 23:17:34.462485547 +0200
@@ -13,7 +13,8 @@
from common_test import AATest, setup_all_loops
from common_test import read_file, write_file
-from apparmor.aa import check_for_apparmor, get_profile_flags,
set_profile_flags, is_skippable_file, is_skippable_dir, parse_profile_start,
separate_vars, store_list_var, write_header, serialize_parse_profile_start
+from apparmor.aa import (check_for_apparmor, get_profile_flags,
set_profile_flags, is_skippable_file, is_skippable_dir,
+ parse_profile_start, parse_profile_data, separate_vars, store_list_var,
write_header, serialize_parse_profile_start)
from apparmor.common import AppArmorException, AppArmorBug
class AaTestWithTempdir(AATest):
@@ -381,6 +382,21 @@
with self.assertRaises(AppArmorBug):
self._parse('xy', '/bar', '/bar') # not a profile start
+class AaTest_parse_profile_data(AATest):
+ def test_parse_empty_profile_01(self):
+ prof = parse_profile_data('/foo {\n}\n'.split(), 'somefile', False)
+
+ self.assertEqual(list(prof.keys()), ['/foo'])
+ self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
+ self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
+ self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
+ self.assertEqual(prof['/foo']['/foo']['flags'], None)
+
+ def test_parse_empty_profile_02(self):
+ with self.assertRaises(AppArmorException):
+ # file contains two profiles with the same name
+ parse_profile_data('profile /foo {\n}\nprofile /foo
{\n}\n'.split(), 'somefile', False)
+
class AaTest_separate_vars(AATest):
tests = [
('' , set() ),
Regards,
Christian Boltz
--
> You cannot mix selections and patterns in a product - and we
> will remove all selection support now.
AAARRRRRRGGGGGG. Needing to re-write makeSUSEdvd again. ;-)
It looks like you do all this on purpose, just to anoy me. :-D
[> Andreas Jaeger and houghi in opensuse]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
