[apparmor] [patch] fix severity.py / handle_variable_rank for filenames containing @

Steve Beattie steve at nxnw.org
Mon Oct 13 22:56:31 UTC 2014 

On Sat, Oct 11, 2014 at 08:03:27PM +0200, Christian Boltz wrote:
> Good idea. Here's the updated patch:
> 
> === modified file 'utils/apparmor/severity.py'
> --- utils/apparmor/severity.py  2014-02-13 18:01:03 +0000
> +++ utils/apparmor/severity.py  2014-10-10 23:01:41 +0000
> @@ -143,9 +143,9 @@
>          """Returns the max possible rank for file resources containing variables"""
>          regex_variable = re.compile('@{([^{.]*)}')
>          rank = None
> -        if '@' in resource:
> -            variable = regex_variable.search(resource).groups()[0]
> -            variable = '@{%s}' % variable
> +        matches = regex_variable.search(resource)
> +        if matches:
> +            variable = '@{%s}' % matches.groups()[0]
>              #variables = regex_variable.findall(resource)
>              for replacement in self.severity['VARIABLES'][variable]:
>                  resource_replaced = self.variable_replace(variable, replacement, resource)
> 
> 
> > Also, some unit tests that exercise this method,
> > handle_variable_rank(), of the Severity class would be nice.
> 
> We already have them in utils/test/severity_test.py
> Adding some filenames containing @ is probably a good idea ;-)

I'm so used to the perl utils that had zero automated tests that I
automatically assume that new tests would require new infrastructure;
it's always a pleasant surprise when there's infrastructure already in
place to add test cases to.

> === modified file 'utils/test/severity_test.py'
> --- utils/test/severity_test.py 2014-07-22 19:25:25 +0000
> +++ utils/test/severity_test.py 2014-10-10 23:00:46 +0000
> @@ -52,6 +52,8 @@
>          self.assertEqual(rank, 9, 'Wrong rank')
>          self.assertEqual(sev_db.rank('/etc/apparmor/**', 'r') , 6,  'Invalid Rank')
>          self.assertEqual(sev_db.rank('/etc/**', 'r') , 10,  'Invalid Rank')
> +        self.assertEqual(sev_db.rank('/usr/foo at bar', 'r') , 10,  'Invalid Rank')  ## filename containing @
> +        self.assertEqual(sev_db.rank('/home/foo at bar', 'rw') , 6,  'Invalid Rank')  ## filename containing @
>  
>          # Load all variables for /sbin/klogd and test them
>          sev_db.load_variables('profiles/sbin.klogd')

Acked-by: Steve Beattie <steve at nxnw.org> (both snippets)

Thanks!

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141013/c9797c34/attachment.pgp>

More information about the AppArmor mailing list