CORD-1782: Fix xproto general security tests Change-Id: Iea3d944da18c79e33d7374727b58097de058f6c8 (cherry picked from commit 122a46a8294346bbc62787e1944df326a22386bc)

commit: e294aae2d929f29bec0e73000d73800fad59d724 [log] [tgz]
author: Sapan Bhatia <sapan@opennetworking.org> Wed Sep 06 11:21:15 2017 -0400
committer: Matteo Scandolo <teo@opennetworking.org> Mon Sep 25 15:32:49 2017 -0700
tree: a3abee5aaf6949305aca48b4bd8d67657057c89e
parent: 6f24c4588f4ad52b47f53700f97df738f5b1ef5f [diff] [blame]
diff --git a/lib/xos-genx/tests/general_security_test.py b/lib/xos-genx/tests/general_security_test.py
index 252cb61..dbf8538 100644
--- a/lib/xos-genx/tests/general_security_test.py
+++ b/lib/xos-genx/tests/general_security_test.py

@@ -18,10 +18,10 @@
 from xosgenx.generator import XOSGenerator
 from helpers import FakeArgs, XProtoTestHelpers
 
-"""The function below is for eliminating warnings arising due to the missing policy_output_enforcer,
+"""The function below is for eliminating warnings arising due to the missing output_security_check,
 which is generated and loaded dynamically.
 """
-def policy_output_enforcer(x, y):
+def output_security_check(x, y):
     raise Exception("Security enforcer not generated. Test failed.")
     return False
 
@@ -51,12 +51,12 @@
         exec(output) # This loads the generated function, which should look like this:
 
         """
-        def policy_output_enforcer(obj, ctx):
+        def output_security_check(obj, ctx):
             i1 = True
             return i1
         """
 
-        verdict = policy_output_enforcer({}, {})
+        verdict = output_security_check({}, {})
         self.assertTrue(verdict)
 
     def test_equal(self):
@@ -74,7 +74,7 @@
         exec(output) # This loads the generated function, which should look like this:
 
         """
-        def policy_output_enforcer(obj, ctx):
+        def output_security_check(obj, ctx):
             i1 = (ctx.user == obj.user)
             return i1
         """
@@ -84,7 +84,7 @@
         ctx = FakeArgs()
 	ctx.user = 1
 
-        verdict = policy_output_enforcer(obj, ctx)
+        verdict = output_security_check(obj, ctx)
 
     def test_call_policy(self):
         xproto = \
@@ -102,12 +102,15 @@
         exec(output,globals()) # This loads the generated function, which should look like this:
 
         """
-        def policy_sub_policy_enforcer(obj, ctx):
+        def sub_policy_security_check(obj, ctx):
             i1 = (ctx.user == obj.user)
-    	    return i1
+            return i1
 
-	def policy_output_enforcer(obj, ctx):
-	    i1 = policy_sub_policy_enforcer(obj.child, ctx)
+        def output_security_check(obj, ctx):
+            if obj.child:
+		i1 = sub_policy_security_check(obj.child, ctx)
+	    else:
+		i1 = True
 	    return i1
         """
 
@@ -118,7 +121,44 @@
         ctx = FakeArgs()
 	ctx.user = 1
 
-        verdict = policy_output_enforcer(obj, ctx)
+        verdict = output_security_check(obj, ctx)
+        self.assertTrue(verdict)
+
+    def test_call_policy_child_none(self):
+        xproto = \
+"""
+    policy sub_policy < ctx.user = obj.user >
+    policy output < *sub_policy(child) >
+"""
+
+        args = FakeArgs()
+        args.inputs = xproto
+        args.target = self.target
+
+        output = XOSGenerator.generate(args)
+
+        exec(output,globals()) # This loads the generated function, which should look like this:
+
+        """
+        def sub_policy_security_check(obj, ctx):
+            i1 = (ctx.user == obj.user)
+            return i1
+
+        def output_security_check(obj, ctx):
+            if obj.child:
+		i1 = sub_policy_security_check(obj.child, ctx)
+	    else:
+		i1 = True
+	    return i1
+        """
+
+        obj = FakeArgs()
+        obj.child = None
+
+        ctx = FakeArgs()
+	ctx.user = 1
+
+        verdict = output_security_check(obj, ctx)
         self.assertTrue(verdict)
 
 
@@ -136,7 +176,7 @@
         exec(output) # This loads the generated function, which should look like this:
 
         """
-	def policy_output_enforcer(obj, ctx):
+	def output_security_check(obj, ctx):
 	    i2 = (ctx.is_admin == True)
 	    i3 = (obj.empty == True)
 	    i1 = (i2 or i3)
@@ -149,7 +189,7 @@
 	ctx = FakeArgs()
 	ctx.is_admin = True
 
-        verdict = policy_output_enforcer(obj, ctx)
+        verdict = output_security_check(obj, ctx)
 
         self.assertTrue(verdict)
 
@@ -167,12 +207,12 @@
         exec(output) # This loads the generated function, which should look like this:
 
         """
-	def policy_output_enforcer(obj, ctx):
+	def output_security_check(obj, ctx):
 	    i1 = Privilege.objects.filter(object_id=obj.id)
     	    return i1
         """
 
-        self.assertTrue(policy_output_enforcer is not None)
+        self.assertTrue(output_security_check is not None)
 	
     def test_python(self):
         xproto = \
@@ -186,13 +226,13 @@
         exec(output) # This loads the generated function, which should look like this:
 
         """
-        def policy_output_enforcer(obj, ctx):
+        def output_security_check(obj, ctx):
             i2 = ('jack' in ['the', 'box'])
             i1 = (i2 == False)
             return i1
         """
 
-        self.assertTrue(policy_output_enforcer({}, {}) is True)
+        self.assertTrue(output_security_check({}, {}) is True)
 
     def test_forall(self):
         # This one we only parse
@@ -207,7 +247,7 @@
 
         output = XOSGenerator.generate(args)
         """
-        def policy_output_enforcer(obj, ctx):
+        def output_security_check(obj, ctx):
             i2 = Credential.objects.filter((~ Q(obj_id=obj_id)))[0]
             i1 = (not i2)
             return i1
commit	e294aae2d929f29bec0e73000d73800fad59d724	[log] [tgz]
author	Sapan Bhatia <sapan@opennetworking.org>	Wed Sep 06 11:21:15 2017 -0400
committer	Matteo Scandolo <teo@opennetworking.org>	Mon Sep 25 15:32:49 2017 -0700
tree	a3abee5aaf6949305aca48b4bd8d67657057c89e
parent	6f24c4588f4ad52b47f53700f97df738f5b1ef5f [diff] [blame]