[apparmor] [patch] add and move logparser.py tests
Christian Boltz
apparmor at cboltz.de
Sat Jan 17 14:19:32 UTC 2015
Hello,
this patch adds some tests for logparser.py based on the log lines from
https://bugs.launchpad.net/apparmor/+bug/1399027
It also moves some existing tests from aa_test.py to test-logparser.py
and adds checks for RE_LOG_v2_6_audit and RE_LOG_v2_6_syslog to them.
I propose this patch for trunk and 2.9.
logparser-tests.diff
=== modified file 'utils/test/aa_test.py'
--- utils/test/aa_test.py 2014-07-26 00:49:06 +0000
+++ utils/test/aa_test.py 2015-01-17 14:10:13 +0000
@@ -86,29 +86,6 @@
for path in globs.keys():
self.assertEqual(apparmor.aa.glob_path_withext(path), globs[path], 'Unexpected glob generated for path: %s'%path)
- def test_parse_event(self):
- parser = apparmor.logparser.ReadLog('', '', '', '', '')
- event = 'type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30'
- parsed_event = parser.parse_event(event)
- self.assertEqual(parsed_event['name'], '/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg', 'Incorrectly parsed/decoded name')
- self.assertEqual(parsed_event['profile'], '/usr/sbin/httpd2-prefork//vhost_foo', 'Incorrectly parsed/decode profile name')
- self.assertEqual(parsed_event['aamode'], 'PERMITTING')
- self.assertEqual(parsed_event['request_mask'], set(['w', 'a', '::w', '::a']))
- #print(parsed_event)
-
- #event = 'type=AVC msg=audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name=74657374207370616365 pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0'
- #parsed_event = apparmor.aa.parse_event(event)
- #print(parsed_event)
-
- event = 'type=AVC msg=audit(1322614918.292:4376): apparmor="ALLOWED" operation="file_perm" parent=16001 profile=666F6F20626172 name="/home/foo/.bash_history" pid=17011 comm="bash" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=1000'
- parsed_event = parser.parse_event(event)
- self.assertEqual(parsed_event['name'], '/home/foo/.bash_history', 'Incorrectly parsed/decoded name')
- self.assertEqual(parsed_event['profile'], 'foo bar', 'Incorrectly parsed/decode profile name')
- self.assertEqual(parsed_event['aamode'], 'PERMITTING')
- self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a','::r' , '::w', '::a']))
- #print(parsed_event)
-
-
def test_modes_to_string(self):
for string in self.MODE_TEST.keys():
=== added file 'utils/test/test-logparser.py'
--- utils/test/test-logparser.py 1970-01-01 00:00:00 +0000
+++ utils/test/test-logparser.py 2015-01-17 14:16:01 +0000
@@ -0,0 +1,71 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
+# Copyright (C) 2015 Christian Boltz <apparmor at cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+import unittest
+
+from apparmor.logparser import ReadLog
+
+class TestParseEvent(unittest.TestCase):
+ def setUp(self):
+ self.parser = ReadLog('', '', '', '', '')
+
+ def test_parse_event_audit_1(self):
+ event = 'type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30'
+ parsed_event = self.parser.parse_event(event)
+ self.assertEqual(parsed_event['name'], '/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg')
+ self.assertEqual(parsed_event['profile'], '/usr/sbin/httpd2-prefork//vhost_foo')
+ self.assertEqual(parsed_event['aamode'], 'PERMITTING')
+ self.assertEqual(parsed_event['request_mask'], set(['w', 'a', '::w', '::a']))
+
+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_audit.search(event))
+ self.assertIsNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
+
+ def test_parse_event_audit_2(self):
+ event = 'type=AVC msg=audit(1322614918.292:4376): apparmor="ALLOWED" operation="file_perm" parent=16001 profile=666F6F20626172 name="/home/foo/.bash_history" pid=17011 comm="bash" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=1000'
+ parsed_event = self.parser.parse_event(event)
+ self.assertEqual(parsed_event['name'], '/home/foo/.bash_history')
+ self.assertEqual(parsed_event['profile'], 'foo bar')
+ self.assertEqual(parsed_event['aamode'], 'PERMITTING')
+ self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a','::r' , '::w', '::a']))
+
+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_audit.search(event))
+ self.assertIsNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
+
+ def test_parse_event_syslog_1(self):
+ # from https://bugs.launchpad.net/apparmor/+bug/1399027
+ event = '2014-06-09T20:37:28.975070+02:00 geeko kernel: [21028.143765] type=1400 audit(1402339048.973:1421): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/dev/tty" pid=14335 comm="hello" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0'
+ parsed_event = self.parser.parse_event(event)
+ self.assertEqual(parsed_event['name'], '/dev/tty')
+ self.assertEqual(parsed_event['profile'], '/home/cb/linuxtag/apparmor/scripts/hello')
+ self.assertEqual(parsed_event['aamode'], 'PERMITTING')
+ self.assertEqual(parsed_event['request_mask'], set(['r', 'w', 'a', '::r', '::w', '::a']))
+
+ self.assertIsNone(ReadLog.RE_LOG_v2_6_audit.search(event))
+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
+
+ def test_parse_event_syslog_2(self):
+ # from https://bugs.launchpad.net/apparmor/+bug/1399027
+ event = 'Dec 7 13:18:59 rosa kernel: audit: type=1400 audit(1417954745.397:82): apparmor="ALLOWED" operation="open" profile="/home/simi/bin/aa-test" name="/usr/bin/" pid=3231 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0'
+ parsed_event = self.parser.parse_event(event)
+ self.assertEqual(parsed_event['name'], '/usr/bin/')
+ self.assertEqual(parsed_event['profile'], '/home/simi/bin/aa-test')
+ self.assertEqual(parsed_event['aamode'], 'PERMITTING')
+ self.assertEqual(parsed_event['request_mask'], set(['r', '::r']))
+
+ self.assertIsNone(ReadLog.RE_LOG_v2_6_audit.search(event))
+ self.assertIsNotNone(ReadLog.RE_LOG_v2_6_syslog.search(event))
+
+
+if __name__ == "__main__":
+ unittest.main(verbosity=2)
Regards,
Christian Boltz
--
"Wirklich praxisnah wären Münzen zu EUR 0,99."
[Wolfgang Schwanke in de.etc.sprache.deutsch]
More information about the AppArmor
mailing list