Gitiles
Code Review Sign In
gerrit.opencord.org / xos / 391f5d85e893eb186c32f24904a3c790c704c1b1 / . / lib / xos-genx / xos-genx-tests / test_general_security.py
blob: 8744a6cf79111d1b541f7518584a5f349e4828d6 [file] [log] [blame]
Matteo Scandolod2044a42017-08-07 16:08:28 -0700[diff] [blame]1
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]17import unittest
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]18from xosgenx.generator import XOSProcessor
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]19from helpers import FakeArgs, XProtoTestHelpers
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]20
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]21"""The function below is for eliminating warnings arising due to the missing output_security_check,
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]22which is generated and loaded dynamically.
23"""
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]24def output_security_check(x, y):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]25 raise Exception("Security enforcer not generated. Test failed.")
26 return False
27
28"""
29The tests below use the Python code target to generate
30Python security policies, set up an appropriate environment and execute the Python.
31"""
32class XProtoSecurityTest(unittest.TestCase):
33 def setUp(self):
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]34 self.target = XProtoTestHelpers.write_tmp_target("""
35{% for name, policy in proto.policies.items() %}
36{{ xproto_fol_to_python_test(name, policy, None, '0') }}
37{% endfor %}
38""")
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]39
40 def test_constant(self):
41 xproto = \
42"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]43 policy output < True >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]44"""
45 args = FakeArgs()
46 args.inputs = xproto
47 args.target = self.target
48
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]49 output = XOSProcessor.process(args)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]50
51 exec(output) # This loads the generated function, which should look like this:
52
53 """
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]54 def output_security_check(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]55 i1 = True
56 return i1
57 """
58
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]59 verdict = output_security_check({}, {})
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]60 self.assertTrue(verdict)
61
62 def test_equal(self):
63 xproto = \
64"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]65 policy output < ctx.user = obj.user >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]66"""
67
68 args = FakeArgs()
69 args.inputs = xproto
70 args.target = self.target
71
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]72 output = XOSProcessor.process(args)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]73
74 exec(output) # This loads the generated function, which should look like this:
75
76 """
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]77 def output_security_check(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]78 i1 = (ctx.user == obj.user)
79 return i1
80 """
81
82 obj = FakeArgs()
83 obj.user = 1
84 ctx = FakeArgs()
85 ctx.user = 1
86
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]87 verdict = output_security_check(obj, ctx)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]88
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]89 def test_call_policy(self):
90 xproto = \
91"""
92 policy sub_policy < ctx.user = obj.user >
93 policy output < *sub_policy(child) >
94"""
95
96 args = FakeArgs()
97 args.inputs = xproto
98 args.target = self.target
99
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]100 output = XOSProcessor.process(args)
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]101
102 exec(output,globals()) # This loads the generated function, which should look like this:
103
104 """
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]105 def sub_policy_security_check(obj, ctx):
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]106 i1 = (ctx.user == obj.user)
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]107 return i1
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]108
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]109 def output_security_check(obj, ctx):
110 if obj.child:
111 i1 = sub_policy_security_check(obj.child, ctx)
112 else:
113 i1 = True
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]114 return i1
115 """
116
117 obj = FakeArgs()
118 obj.child = FakeArgs()
119 obj.child.user = 1
120
121 ctx = FakeArgs()
122 ctx.user = 1
123
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]124 verdict = output_security_check(obj, ctx)
125 self.assertTrue(verdict)
126
127 def test_call_policy_child_none(self):
128 xproto = \
129"""
130 policy sub_policy < ctx.user = obj.user >
131 policy output < *sub_policy(child) >
132"""
133
134 args = FakeArgs()
135 args.inputs = xproto
136 args.target = self.target
137
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]138 output = XOSProcessor.process(args)
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]139
140 exec(output,globals()) # This loads the generated function, which should look like this:
141
142 """
143 def sub_policy_security_check(obj, ctx):
144 i1 = (ctx.user == obj.user)
145 return i1
146
147 def output_security_check(obj, ctx):
148 if obj.child:
149 i1 = sub_policy_security_check(obj.child, ctx)
150 else:
151 i1 = True
152 return i1
153 """
154
155 obj = FakeArgs()
156 obj.child = None
157
158 ctx = FakeArgs()
159 ctx.user = 1
160
Sapan Bhatiac6543dd2017-12-07 11:40:36 -0500[diff] [blame]161 verdict = output_security_check(obj, ctx)
162 self.assertTrue(verdict)
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]163
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]164 def test_bin(self):
165 xproto = \
166"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]167 policy output < ctx.is_admin = True | obj.empty = True>
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]168"""
169
170 args = FakeArgs()
171 args.inputs = xproto
172 args.target = self.target
173
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]174 output = XOSProcessor.process(args)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]175 exec(output) # This loads the generated function, which should look like this:
176
177 """
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]178 def output_security_check(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]179 i2 = (ctx.is_admin == True)
180 i3 = (obj.empty == True)
181 i1 = (i2 or i3)
182 return i1
183 """
184
185 obj = FakeArgs()
186 obj.empty = True
187
188 ctx = FakeArgs()
189 ctx.is_admin = True
190
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]191 verdict = output_security_check(obj, ctx)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]192
193 self.assertTrue(verdict)
194
195
196 def test_exists(self):
197 xproto = \
198"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]199 policy output < exists Privilege: Privilege.object_id = obj.id >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]200"""
201 args = FakeArgs()
202 args.inputs = xproto
203 args.target = self.target
204
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]205 output = XOSProcessor.process(args)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]206 exec(output) # This loads the generated function, which should look like this:
207
208 """
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]209 def output_security_check(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]210 i1 = Privilege.objects.filter(object_id=obj.id)
211 return i1
212 """
213
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]214 self.assertTrue(output_security_check is not None)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]215
216 def test_python(self):
217 xproto = \
218"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]219 policy output < {{ "jack" in ["the", "box"] }} = False >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]220"""
221 args = FakeArgs()
222 args.inputs = xproto
223 args.target = self.target
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]224 output = XOSProcessor.process(args)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]225 exec(output) # This loads the generated function, which should look like this:
226
227 """
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]228 def output_security_check(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]229 i2 = ('jack' in ['the', 'box'])
230 i1 = (i2 == False)
231 return i1
232 """
233
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]234 self.assertTrue(output_security_check({}, {}) is True)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]235
236 def test_forall(self):
237 # This one we only parse
238 xproto = \
239"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame]240 policy output < forall Credential: Credential.obj_id = obj_id >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]241"""
242
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]243 args = FakeArgs()
244 args.inputs = xproto
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]245 args.target = self.target
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]246
Sapan Bhatiabfb233a2018-02-09 14:53:09 -0800[diff] [blame]247 output = XOSProcessor.process(args)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]248 """
Sapan Bhatiae294aae2017-09-06 11:21:15 -0400[diff] [blame]249 def output_security_check(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]250 i2 = Credential.objects.filter((~ Q(obj_id=obj_id)))[0]
251 i1 = (not i2)
252 return i1
253 """
254 exec(output)
255
256if __name__ == '__main__':
257 unittest.main()