From 53c4d119d691d5864764658f2e5f268f963852fa Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 4 Dec 2021 23:53:32 +0000
Subject: [PATCH] aa-log: add tests.

---
 cmd/aa-log/main_test.go | 129 ++++++++++++++++++++++++++++++++++++++++
 tests/audit.log         |  28 +++++++++
 2 files changed, 157 insertions(+)
 create mode 100644 cmd/aa-log/main_test.go
 create mode 100644 tests/audit.log

diff --git a/cmd/aa-log/main_test.go b/cmd/aa-log/main_test.go
new file mode 100644
index 000000000..861e861a2
--- /dev/null
+++ b/cmd/aa-log/main_test.go
@@ -0,0 +1,129 @@
+// aa-log - Review AppArmor generated messages
+// Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package main
+
+import (
+	"os"
+	"reflect"
+	"testing"
+)
+
+var refDnsmasq = AppArmorLogs{
+	{
+		"apparmor":       "DENIED",
+		"profile":        "dnsmasq",
+		"operation":      "open",
+		"name":           "/proc/sys/kernel/osrelease",
+		"comm":           "dnsmasq",
+		"requested_mask": "r",
+		"denied_mask":    "r",
+	},
+	{
+		"apparmor":       "DENIED",
+		"profile":        "dnsmasq",
+		"operation":      "open",
+		"name":           "/proc/1/environ",
+		"comm":           "dnsmasq",
+		"requested_mask": "r",
+		"denied_mask":    "r",
+	},
+	{
+		"apparmor":       "DENIED",
+		"profile":        "dnsmasq",
+		"operation":      "open",
+		"name":           "/proc/cmdline",
+		"comm":           "dnsmasq",
+		"requested_mask": "r",
+		"denied_mask":    "r",
+	},
+}
+
+var refKmod = AppArmorLogs{
+	{
+		"apparmor":       "ALLOWED",
+		"profile":        "kmod",
+		"operation":      "file_inherit",
+		"comm":           "modprobe",
+		"family":         "unix",
+		"sock_type":      "stream",
+		"protocol":       "0",
+		"requested_mask": "send receive",
+	},
+}
+
+var refMan = AppArmorLogs{
+	{
+		"apparmor":       "ALLOWED",
+		"profile":        "man",
+		"operation":      "exec",
+		"name":           "/usr/bin/preconv",
+		"info":           "no new privs",
+		"comm":           "man",
+		"requested_mask": "x",
+		"denied_mask":    "x",
+		"error":          "-1",
+	},
+}
+
+var refStringKmod = "\033[1;32mALLOWED\033[0m \033[34mkmod\033[0m \033[33mfile_inherit\033[0m comm=modprobe family=unix sock_type=stream protocol=0 requested_mask=\033[1;31m\"send receive\"\033[0m\n"
+var refStringMan = "\033[1;32mALLOWED\033[0m \033[34mman\033[0m \033[33mexec\033[0m \033[35m/usr/bin/preconv\033[0m info=\"no new privs\" comm=man requested_mask=\033[1;31mx\033[0m denied_mask=\033[1;31mx\033[0m error=-1\n"
+
+func TestNewApparmorLogs(t *testing.T) {
+	tests := []struct {
+		name string
+		path string
+		want AppArmorLogs
+	}{
+		{
+			name: "dnsmasq",
+			path: "../../tests/audit.log",
+			want: refDnsmasq,
+		},
+		{
+			name: "kmod",
+			path: "../../tests/audit.log",
+			want: refKmod,
+		},
+		{
+			name: "man",
+			path: "../../tests/audit.log",
+			want: refMan,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			file, _ := os.Open(tt.path)
+			if got := NewApparmorLogs(file, tt.name); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("NewApparmorLogs() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestAppArmorLogs_String(t *testing.T) {
+	tests := []struct {
+		name   string
+		aaLogs AppArmorLogs
+		want   string
+	}{
+		{
+			name:   "kmod",
+			aaLogs: refKmod,
+			want:   refStringKmod,
+		},
+		{
+			name:   "man",
+			aaLogs: refMan,
+			want:   refStringMan,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.aaLogs.String(); got != tt.want {
+				t.Errorf("AppArmorLogs.String() = %v, want %v len: %d - %d", got, tt.want, len(got), len(tt.want))
+			}
+		})
+	}
+}
diff --git a/tests/audit.log b/tests/audit.log
new file mode 100644
index 000000000..4f05b1cb8
--- /dev/null
+++ b/tests/audit.log
@@ -0,0 +1,28 @@
+type=BPF msg=audit(1111111111.111:1111): prog-id=60 op=LOAD
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="kmod" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="mkinitcpio" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="file_inherit" profile="pacman-hook-mkinitcpio-install" pid=505701 comm="modprobe" family="unix" sock_type="stream" protocol=0 requested_mask="receive"
+type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509201 comm="apparmor_parser"
+type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="apparmor_parser" name="firejail-default" pid=509200 comm="apparmor_parser"
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="aa-log" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=509286 comm="remove-system.m" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="user"
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="sysctl" name="/proc/sys/kernel/panic_on_oops" pid=509859 comm="sysctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
+type=BPF msg=audit(1111111111.111:1111): prog-id=75 op=LOAD
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="signal" profile="dbus-daemon" pid=2466 comm="at-spi-bus-laun" requested_mask="receive" denied_mask="receive" signal=term peer="at-spi-bus-launcher"
+type=BPF msg=audit(1111111111.111:1111): prog-id=16 op=LOAD
+type=BPF msg=audit(1111111111.111:1111): prog-id=17 op=LOAD
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/sys/kernel/osrelease" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/1/environ" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="dnsmasq" name="/proc/cmdline" pid=1427 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
+type=AVC msg=audit(1111111111.111:1111): apparmor="STATUS" operation="profile_load" profile="apparmor_parser" name="docker-default" pid=1775 comm="apparmor_parser"
+type=BPF msg=audit(1111111111.111:1111): prog-id=18 op=LOAD
+type=BPF msg=audit(1111111111.111:1111): prog-id=22 op=LOAD
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/home/user/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="lsb_release" name="/etc/" pid=2737 comm="find" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0FSUID="user" OUID="root"
+type=BPF msg=audit(1111111111.111:1111): prog-id=23 op=LOAD
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="file_inherit" profile="chromium-chromium" name="/home/user/.local/share/gvfs-metadata/root-aaabbbc0.log" pid=8661 comm="chromium" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="open" profile="fusermount" name="/run/user/1000/doc/" pid=8703 comm="fusermount" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000FSUID="root" OUID="user"
+type=AVC msg=audit(1111111111.111:1111): apparmor="DENIED" operation="open" profile="chrome-gnome-shell" name="/home/user/.netrc" pid=9119 comm="chrome-gnome-sh" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000FSUID="user" OUID="user"
+type=BPF msg=audit(1111111111.111:1111): prog-id=26 op=LOAD
+type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="exec" info="no new privs" error=-1 profile="man" name="/usr/bin/preconv" pid=60755 comm="man" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="man_groff"FSUID="user" OUID="root"