[apparmor] [patch] [28/38] AARE: let match() handle plain path regexes as non-regex
    Steve Beattie 
    steve at nxnw.org
       
    Mon Sep 26 21:45:34 UTC 2016
    
    
  
On Fri, Aug 12, 2016 at 11:03:09PM +0200, Christian Boltz wrote:
> when matching an AARE against another AARE, most AARE objects don't
> contain orig_regex (only AARE instances originating from a log event
> contain orig_regex).
> 
> In this case, match() will use is_equal() to error out on the safe side.
> Unfortunately this also means that there are lots of false negative
> cases where match() returns False errornously.
> 
> With this patch, match() checks the given AARE regex and, if it doesn't
> contain any special characters (wildcards, alternations or variables),
> handles it as plain path. This avoids most of the false negatives.
> 
> Also extend the AARE tests to check a bunch of plain path regexes using
> AARE matching instead of only str matching.
> 
> [ 28-aare-plain-path.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>, though I'm not crazy about
commingling the plain checks with the regex checks in the same function,
as I suspect it will make figuring out what's failing when something
goes wrong more difficult (in answering "What's being tested and why?").
> --- utils/test/test-aare.py	2016-07-31 13:01:49.562023867 +0200
> +++ utils/test/test-aare.py	2016-07-31 16:46:39.743227189 +0200
> @@ -138,6 +138,9 @@
>  
>          aare_obj = AARE(regex, True)
>          self.assertEqual(aare_obj.match(path), expected, 'Incorrectly parsed AARE object: %s' % regex)
> +        if not ('*' in path or '{' in path or '}' in path or '?' in path):
> +            self.assertEqual(aare_obj.match(AARE(path, False)), expected, 'Incorrectly parsed AARE object: AARE(%s)' % regex)
> +
>  
>      def test_multi_usage(self):
>          aare_obj = AARE('/foo/*', True)
> 
Thanks.
-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160926/e96e8d19/attachment.pgp>
    
    
More information about the AppArmor
mailing list