Gitiles
Code Review Sign In
gerrit.opencord.org / xos / 5ea307d637cece80a167ee62e6d4aeafc2029c14 / . / lib / xos-genx / tests / general_security_test.py
blob: d5f3e79129be7bb934eb6e6407a0debbc91031de [file] [log] [blame]
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]1import unittest
2from xosgenx.generator import XOSGenerator
3from helpers import FakeArgs, XProtoTestHelpers
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]4
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]5"""The function below is for eliminating warnings arising due to the missing policy_output_enforcer,
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]6which is generated and loaded dynamically.
7"""
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]8def policy_output_enforcer(x, y):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]9 raise Exception("Security enforcer not generated. Test failed.")
10 return False
11
12"""
13The tests below use the Python code target to generate
14Python security policies, set up an appropriate environment and execute the Python.
15"""
16class XProtoSecurityTest(unittest.TestCase):
17 def setUp(self):
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]18 self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_test('output', proto.policies.test_policy, None, '0') }}")
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]19
20 def test_constant(self):
21 xproto = \
22"""
23 policy test_policy < True >
24"""
25 args = FakeArgs()
26 args.inputs = xproto
27 args.target = self.target
28
29 output = XOSGenerator.generate(args)
30
31 exec(output) # This loads the generated function, which should look like this:
32
33 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]34 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]35 i1 = True
36 return i1
37 """
38
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]39 verdict = policy_output_enforcer({}, {})
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]40 self.assertTrue(verdict)
41
42 def test_equal(self):
43 xproto = \
44"""
45 policy test_policy < ctx.user = obj.user >
46"""
47
48 args = FakeArgs()
49 args.inputs = xproto
50 args.target = self.target
51
52 output = XOSGenerator.generate(args)
53
54 exec(output) # This loads the generated function, which should look like this:
55
56 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]57 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]58 i1 = (ctx.user == obj.user)
59 return i1
60 """
61
62 obj = FakeArgs()
63 obj.user = 1
64 ctx = FakeArgs()
65 ctx.user = 1
66
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]67 verdict = policy_output_enforcer(obj, ctx)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]68
69 def test_bin(self):
70 xproto = \
71"""
72 policy test_policy < ctx.is_admin = True | obj.empty = True>
73"""
74
75 args = FakeArgs()
76 args.inputs = xproto
77 args.target = self.target
78
79 output = XOSGenerator.generate(args)
80 exec(output) # This loads the generated function, which should look like this:
81
82 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]83 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]84 i2 = (ctx.is_admin == True)
85 i3 = (obj.empty == True)
86 i1 = (i2 or i3)
87 return i1
88 """
89
90 obj = FakeArgs()
91 obj.empty = True
92
93 ctx = FakeArgs()
94 ctx.is_admin = True
95
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]96 verdict = policy_output_enforcer(obj, ctx)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]97
98 self.assertTrue(verdict)
99
100
101 def test_exists(self):
102 xproto = \
103"""
104 policy test_policy < exists Privilege: Privilege.object_id = obj.id >
105"""
106 args = FakeArgs()
107 args.inputs = xproto
108 args.target = self.target
109
110 output = XOSGenerator.generate(args)
111 exec(output) # This loads the generated function, which should look like this:
112
113 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]114 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]115 i1 = Privilege.objects.filter(object_id=obj.id)
116 return i1
117 """
118
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]119 self.assertTrue(policy_output_enforcer is not None)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]120
121 def test_python(self):
122 xproto = \
123"""
124 policy test_policy < {{ "jack" in ["the", "box"] }} = False >
125"""
126 args = FakeArgs()
127 args.inputs = xproto
128 args.target = self.target
129 output = XOSGenerator.generate(args)
130 exec(output) # This loads the generated function, which should look like this:
131
132 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]133 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]134 i2 = ('jack' in ['the', 'box'])
135 i1 = (i2 == False)
136 return i1
137 """
138
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]139 self.assertTrue(policy_output_enforcer({}, {}) is True)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]140
141 def test_forall(self):
142 # This one we only parse
143 xproto = \
144"""
145 policy test_policy < forall Credential: Credential.obj_id = obj_id >
146"""
147
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]148 args = FakeArgs()
149 args.inputs = xproto
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]150 args.target = self.target
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]151
152 output = XOSGenerator.generate(args)
153 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame^]154 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]155 i2 = Credential.objects.filter((~ Q(obj_id=obj_id)))[0]
156 i1 = (not i2)
157 return i1
158 """
159 exec(output)
160
161if __name__ == '__main__':
162 unittest.main()