Re: [apparmor] [patch] fix severity.py / handle_variable_rank for filenames containing @

Steve Beattie Mon, 13 Oct 2014 15:57:06 -0700

On Sat, Oct 11, 2014 at 08:03:27PM +0200, Christian Boltz wrote:
> Good idea. Here's the updated patch:
> 
> === modified file 'utils/apparmor/severity.py'
> --- utils/apparmor/severity.py  2014-02-13 18:01:03 +0000
> +++ utils/apparmor/severity.py  2014-10-10 23:01:41 +0000
> @@ -143,9 +143,9 @@
>          """Returns the max possible rank for file resources containing 
> variables"""
>          regex_variable = re.compile('@{([^{.]*)}')
>          rank = None
> -        if '@' in resource:
> -            variable = regex_variable.search(resource).groups()[0]
> -            variable = '@{%s}' % variable
> +        matches = regex_variable.search(resource)
> +        if matches:
> +            variable = '@{%s}' % matches.groups()[0]
>              #variables = regex_variable.findall(resource)
>              for replacement in self.severity['VARIABLES'][variable]:
>                  resource_replaced = self.variable_replace(variable, 
> replacement, resource)
> 
> 
> > Also, some unit tests that exercise this method,
> > handle_variable_rank(), of the Severity class would be nice.
> 
> We already have them in utils/test/severity_test.py
> Adding some filenames containing @ is probably a good idea ;-)


I'm so used to the perl utils that had zero automated tests that I
automatically assume that new tests would require new infrastructure;
it's always a pleasant surprise when there's infrastructure already in
place to add test cases to.

> === modified file 'utils/test/severity_test.py'
> --- utils/test/severity_test.py 2014-07-22 19:25:25 +0000
> +++ utils/test/severity_test.py 2014-10-10 23:00:46 +0000
> @@ -52,6 +52,8 @@
>          self.assertEqual(rank, 9, 'Wrong rank')
>          self.assertEqual(sev_db.rank('/etc/apparmor/**', 'r') , 6,  'Invalid 
> Rank')
>          self.assertEqual(sev_db.rank('/etc/**', 'r') , 10,  'Invalid Rank')
> +        self.assertEqual(sev_db.rank('/usr/foo@bar', 'r') , 10,  'Invalid 
> Rank')  ## filename containing @
> +        self.assertEqual(sev_db.rank('/home/foo@bar', 'rw') , 6,  'Invalid 
> Rank')  ## filename containing @
>  
>          # Load all variables for /sbin/klogd and test them
>          sev_db.load_variables('profiles/sbin.klogd')

Acked-by: Steve Beattie <[email protected]> (both snippets)

Thanks!

-- 
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/

signature.asc
Description: Digital signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [patch] fix severity.py / handle_variable_rank for filenames containing @

Reply via email to