feat(aa): add more unit tests.

2024-05-28 18:23:37 +01:00 · 2024-05-28 18:23:37 +01:00 · fe4c86a245
commit fe4c86a245
parent e33c1243cc
2 changed files with 249 additions and 6 deletions
--- a/pkg/aa/rules_test.go
+++ b/pkg/aa/rules_test.go
@ -117,6 +117,18 @@ func TestRules_Less(t *testing.T) {
 		other Rule
 		want  bool
 	}{
+		{
+			name:  "comment",
+			rule:  comment1,
+			other: comment2,
+			want:  false,
+		},
+		{
+			name:  "abi",
+			rule:  abi1,
+			other: abi2,
+			want:  false,
+		},
 		{
 			name:  "include1",
 			rule:  include1,
@ -135,6 +147,18 @@ func TestRules_Less(t *testing.T) {
 			other: include3,
 			want:  false,
 		},
+		{
+			name:  "variable",
+			rule:  variable2,
+			other: variable1,
+			want:  false,
+		},
+		{
+			name:  "all",
+			rule:  all1,
+			other: all2,
+			want:  false,
+		},
 		{
 			name:  "rlimit",
 			rule:  rlimit1,
@ -153,6 +177,12 @@ func TestRules_Less(t *testing.T) {
 			other: rlimit3,
 			want:  false,
 		},
+		{
+			name:  "userns",
+			rule:  userns1,
+			other: userns2,
+			want:  true,
+		},
 		{
 			name:  "capability",
 			rule:  capability1,
@ -171,6 +201,12 @@ func TestRules_Less(t *testing.T) {
 			other: mount2,
 			want:  false,
 		},
+		{
+			name:  "remount",
+			rule:  remount1,
+			other: remount2,
+			want:  true,
+		},
 		{
 			name:  "umount",
 			rule:  umount1,
@ -201,6 +237,18 @@ func TestRules_Less(t *testing.T) {
 			other: changeprofile3,
 			want:  true,
 		},
+		{
+			name:  "mqueue",
+			rule:  mqueue1,
+			other: mqueue2,
+			want:  true,
+		},
+		{
+			name:  "iouring",
+			rule:  iouring1,
+			other: iouring2,
+			want:  false,
+		},
 		{
 			name:  "signal",
 			rule:  signal1,
@ -279,6 +327,18 @@ func TestRules_Less(t *testing.T) {
 			other: link2,
 			want:  true,
 		},
+		{
+			name:  "profile",
+			rule:  profile1,
+			other: profile2,
+			want:  true,
+		},
+		{
+			name:  "hat",
+			rule:  hat1,
+			other: hat2,
+			want:  false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -298,17 +358,53 @@ func TestRules_Equals(t *testing.T) {
 		want  bool
 	}{
 		{
-			name:  "include1",
+			name:  "comment",
+			rule:  comment1,
+			other: comment2,
+			want:  false,
+		},
+		{
+			name:  "abi",
+			rule:  abi1,
+			other: abi1,
+			want:  true,
+		},
+		{
+			name:  "alias",
+			rule:  alias1,
+			other: alias2,
+			want:  false,
+		},
+		{
+			name:  "include",
 			rule:  include1,
 			other: includeLocal1,
 			want:  false,
 		},
+		{
+			name:  "variable",
+			rule:  variable1,
+			other: variable2,
+			want:  false,
+		},
+		{
+			name:  "all",
+			rule:  all1,
+			other: all2,
+			want:  false,
+		},
 		{
 			name:  "rlimit",
 			rule:  rlimit1,
 			other: rlimit1,
 			want:  true,
 		},
+		{
+			name:  "userns",
+			rule:  userns1,
+			other: userns1,
+			want:  true,
+		},
 		{
 			name:  "capability/equal",
 			rule:  capability1,
@ -324,7 +420,19 @@ func TestRules_Equals(t *testing.T) {
 		{
 			name:  "mount",
 			rule:  mount1,
-			other: mount1,
+			other: mount2,
+			want:  false,
+		},
+		{
+			name:  "remount",
+			rule:  remount2,
+			other: remount2,
+			want:  true,
+		},
+		{
+			name:  "umount",
+			rule:  umount1,
+			other: umount1,
 			want:  true,
 		},
 		{
@ -339,6 +447,18 @@ func TestRules_Equals(t *testing.T) {
 			other: changeprofile2,
 			want:  false,
 		},
+		{
+			name:  "mqueue",
+			rule:  mqueue1,
+			other: mqueue1,
+			want:  true,
+		},
+		{
+			name:  "iouring",
+			rule:  iouring1,
+			other: iouring2,
+			want:  false,
+		},
 		{
 			name:  "signal1/equal",
 			rule:  signal1,
@ -381,6 +501,18 @@ func TestRules_Equals(t *testing.T) {
 			other: link3,
 			want:  false,
 		},
+		{
+			name:  "profile",
+			rule:  profile1,
+			other: profile1,
+			want:  true,
+		},
+		{
+			name:  "hat",
+			rule:  hat1,
+			other: hat1,
+			want:  true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@ -399,7 +531,22 @@ func TestRules_String(t *testing.T) {
 		want string
 	}{
 		{
-			name: "include1",
+			name: "comment",
+			rule: comment1,
+			want: "#comment",
+		},
+		{
+			name: "abi",
+			rule: abi1,
+			want: "abi <abi/4.0>,",
+		},
+		{
+			name: "alias",
+			rule: alias1,
+			want: "alias /mnt/usr -> /usr,",
+		},
+		{
+			name: "include",
 			rule: include1,
 			want: "include <abstraction/base>",
 		},
@ -413,11 +560,26 @@ func TestRules_String(t *testing.T) {
 			rule: &Include{Path: "/usr/share/apparmor.d/", IsMagic: false},
 			want: `include "/usr/share/apparmor.d/"`,
 		},
+		{
+			name: "variable",
+			rule: variable1,
+			want: "@{bin} = /{,usr/}{,s}bin",
+		},
+		{
+			name: "all",
+			rule: all1,
+			want: "all,",
+		},
 		{
 			name: "rlimit",
 			rule: rlimit1,
 			want: "set rlimit nproc <= 200,",
 		},
+		{
+			name: "userns",
+			rule: userns1,
+			want: "userns,",
+		},
 		{
 			name: "capability",
 			rule: capability1,
@ -443,6 +605,16 @@ func TestRules_String(t *testing.T) {
 			rule: mount1,
 			want: "mount fstype=overlay overlay -> /var/lib/docker/overlay2/opaque-bug-check1209538631/merged/,  # failed perms check",
 		},
+		{
+			name: "remount",
+			rule: remount1,
+			want: "remount /,",
+		},
+		{
+			name: "umount",
+			rule: umount1,
+			want: "umount /,",
+		},
 		{
 			name: "pivot_root",
 			rule: pivotroot1,
@ -453,6 +625,16 @@ func TestRules_String(t *testing.T) {
 			rule: changeprofile1,
 			want: "change_profile -> systemd-user,",
 		},
+		{
+			name: "mqeue",
+			rule: mqueue1,
+			want: "mqueue r type=posix /,",
+		},
+		{
+			name: "iouring",
+			rule: iouring1,
+			want: "io_uring sqpoll label=foo,",
+		},
 		{
 			name: "signal",
 			rule: signal1,
@ -496,6 +678,11 @@ func TestRules_String(t *testing.T) {
 			rule: link3,
 			want: "owner link @{user_config_dirs}/kiorc -> @{user_config_dirs}/#3954,",
 		},
+		{
+			name: "hat",
+			rule: hat1,
+			want: "hat user {\n}",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {