felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test(aa-log): add unit tests for profile rules.

Browse source
This commit is contained in:
Alexandre Pujol 2023-09-25 00:22:41 +01:00
parent 43981517b2
commit a5b6373b02
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 647 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

225
pkg/aa/rules_test.go Normal file
View file

@ -0,0 +1,225 @@
// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only
package aa
import (
"reflect"
"testing"
)
func TestRule_FromLog(t *testing.T) {
tests := []struct {
name string
fromLog func(map[string]string, bool, bool) ApparmorRule
log map[string]string
want ApparmorRule
}{
{
name: "capbability",
fromLog: CapabilityFromLog,
log: capability1Log,
want: capability1,
},
{
name: "network",
fromLog: NetworkFromLog,
log: network1Log,
want: network1,
},
{
name: "mount",
fromLog: MountFromLog,
log: mount1Log,
want: mount1,
},
{
name: "signal",
fromLog: SignalFromLog,
log: signal1Log,
want: signal1,
},
{
name: "ptrace/xdg-document-portal",
fromLog: PtraceFromLog,
log: ptrace1Log,
want: ptrace1,
},
{
name: "ptrace/snap-update-ns.firefox",
fromLog: PtraceFromLog,
log: ptrace2Log,
want: ptrace2,
},
{
name: "unix",
fromLog: UnixFromLog,
log: unix1Log,
want: unix1,
},
{
name: "dbus",
fromLog: DbusFromLog,
log: dbus1Log,
want: dbus1,
},
{
name: "file",
fromLog: FileFromLog,
log: file1Log,
want: file1,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.fromLog(tt.log, false, false); !reflect.DeepEqual(got, tt.want) {
t.Errorf("RuleFromLog() = %v, want %v", got, tt.want)
}
})
}
}
func TestRule_Less(t *testing.T) {
tests := []struct {
name string
rule ApparmorRule
other ApparmorRule
want bool
}{
{
name: "capability",
rule: capability1,
other: capability2,
want: true,
},
{
name: "network",
rule: network1,
other: network2,
want: false,
},
{
name: "mount",
rule: mount1,
other: mount2,
want: false,
},
{
name: "signal",
rule: signal1,
other: signal2,
want: true,
},
{
name: "ptrace/less",
rule: ptrace1,
other: ptrace2,
want: true,
},
{
name: "ptrace/more",
rule: ptrace2,
other: ptrace1,
want: false,
},
{
name: "unix",
rule: unix1,
other: unix1,
want: false,
},
{
name: "dbus",
rule: dbus1,
other: dbus1,
want: false,
},
{
name: "file",
rule: file1,
other: file2,
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := tt.rule
if got := r.Less(tt.other); got != tt.want {
t.Errorf("Rule.Less() = %v, want %v", got, tt.want)
}
})
}
}
func TestRule_Equals(t *testing.T) {
tests := []struct {
name string
rule ApparmorRule
other ApparmorRule
want bool
}{
{
name: "capability/equal",
rule: capability1,
other: capability1,
want: true,
},
{
name: "network/equal",
rule: network1,
other: network1,
want: true,
},
{
name: "mount",
rule: mount1,
other: mount1,
want: true,
},
{
name: "signal1/equal",
rule: signal1,
other: signal1,
want: true,
},
{
name: "ptrace/equal",
rule: ptrace1,
other: ptrace1,
want: true,
},
{
name: "ptrace/not_equal",
rule: ptrace1,
other: ptrace2,
want: false,
},
{
name: "unix",
rule: unix1,
other: unix1,
want: true,
},
{
name: "dbus",
rule: dbus1,
other: dbus2,
want: false,
},
{
name: "file",
rule: file2,
other: file2,
want: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := tt.rule
if got := r.Equals(tt.other); got != tt.want {
t.Errorf("Rule.Equals() = %v, want %v", got, tt.want)
}
})
}
}