| Sapan Bhatia | 3e3c1cd | 2017-07-15 01:35:44 -0400 | [diff] [blame] | 1 | import unittest |
| 2 | from xosgenx.generator import XOSGenerator |
| 3 | from helpers import FakeArgs, XProtoTestHelpers |
| 4 | import pdb |
| 5 | |
| 6 | """The function below is for eliminating warnings arising due to the missing policy_output_0, |
| 7 | which is generated and loaded dynamically. |
| 8 | """ |
| 9 | def policy_output_0(x, y): |
| 10 | raise Exception("Security enforcer not generated. Test failed.") |
| 11 | return False |
| 12 | |
| 13 | """ |
| 14 | The tests below use the Python code target to generate |
| 15 | Python security policies, set up an appropriate environment and execute the Python. |
| 16 | """ |
| 17 | class XProtoSecurityTest(unittest.TestCase): |
| 18 | def setUp(self): |
| 19 | self.target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_test(proto.policies.test_policy, None, '0') }}") |
| 20 | |
| 21 | def test_constant(self): |
| 22 | xproto = \ |
| 23 | """ |
| 24 | policy test_policy < True > |
| 25 | """ |
| 26 | args = FakeArgs() |
| 27 | args.inputs = xproto |
| 28 | args.target = self.target |
| 29 | |
| 30 | output = XOSGenerator.generate(args) |
| 31 | |
| 32 | exec(output) # This loads the generated function, which should look like this: |
| 33 | |
| 34 | """ |
| 35 | def policy_output_0(obj, ctx): |
| 36 | i1 = True |
| 37 | return i1 |
| 38 | """ |
| 39 | |
| 40 | verdict = policy_output_0({}, {}) |
| 41 | self.assertTrue(verdict) |
| 42 | |
| 43 | def test_equal(self): |
| 44 | xproto = \ |
| 45 | """ |
| 46 | policy test_policy < ctx.user = obj.user > |
| 47 | """ |
| 48 | |
| 49 | args = FakeArgs() |
| 50 | args.inputs = xproto |
| 51 | args.target = self.target |
| 52 | |
| 53 | output = XOSGenerator.generate(args) |
| 54 | |
| 55 | exec(output) # This loads the generated function, which should look like this: |
| 56 | |
| 57 | """ |
| 58 | def policy_output_0(obj, ctx): |
| 59 | i1 = (ctx.user == obj.user) |
| 60 | return i1 |
| 61 | """ |
| 62 | |
| 63 | obj = FakeArgs() |
| 64 | obj.user = 1 |
| 65 | ctx = FakeArgs() |
| 66 | ctx.user = 1 |
| 67 | |
| 68 | verdict = policy_output_0(obj, ctx) |
| 69 | |
| 70 | def test_bin(self): |
| 71 | xproto = \ |
| 72 | """ |
| 73 | policy test_policy < ctx.is_admin = True | obj.empty = True> |
| 74 | """ |
| 75 | |
| 76 | args = FakeArgs() |
| 77 | args.inputs = xproto |
| 78 | args.target = self.target |
| 79 | |
| 80 | output = XOSGenerator.generate(args) |
| 81 | exec(output) # This loads the generated function, which should look like this: |
| 82 | |
| 83 | """ |
| 84 | def policy_output_0(obj, ctx): |
| 85 | i2 = (ctx.is_admin == True) |
| 86 | i3 = (obj.empty == True) |
| 87 | i1 = (i2 or i3) |
| 88 | return i1 |
| 89 | """ |
| 90 | |
| 91 | obj = FakeArgs() |
| 92 | obj.empty = True |
| 93 | |
| 94 | ctx = FakeArgs() |
| 95 | ctx.is_admin = True |
| 96 | |
| 97 | verdict = policy_output_0(obj, ctx) |
| 98 | |
| 99 | self.assertTrue(verdict) |
| 100 | |
| 101 | |
| 102 | def test_exists(self): |
| 103 | xproto = \ |
| 104 | """ |
| 105 | policy test_policy < exists Privilege: Privilege.object_id = obj.id > |
| 106 | """ |
| 107 | args = FakeArgs() |
| 108 | args.inputs = xproto |
| 109 | args.target = self.target |
| 110 | |
| 111 | output = XOSGenerator.generate(args) |
| 112 | exec(output) # This loads the generated function, which should look like this: |
| 113 | |
| 114 | """ |
| 115 | def policy_output_0(obj, ctx): |
| 116 | i1 = Privilege.objects.filter(object_id=obj.id) |
| 117 | return i1 |
| 118 | """ |
| 119 | |
| 120 | self.assertTrue(policy_output_0 is not None) |
| 121 | |
| 122 | def test_python(self): |
| 123 | xproto = \ |
| 124 | """ |
| 125 | policy test_policy < {{ "jack" in ["the", "box"] }} = False > |
| 126 | """ |
| 127 | args = FakeArgs() |
| 128 | args.inputs = xproto |
| 129 | args.target = self.target |
| 130 | output = XOSGenerator.generate(args) |
| 131 | exec(output) # This loads the generated function, which should look like this: |
| 132 | |
| 133 | """ |
| 134 | def policy_output_0(obj, ctx): |
| 135 | i2 = ('jack' in ['the', 'box']) |
| 136 | i1 = (i2 == False) |
| 137 | return i1 |
| 138 | """ |
| 139 | |
| 140 | self.assertTrue(policy_output_0({}, {}) is True) |
| 141 | |
| 142 | def test_forall(self): |
| 143 | # This one we only parse |
| 144 | xproto = \ |
| 145 | """ |
| 146 | policy test_policy < forall Credential: Credential.obj_id = obj_id > |
| 147 | """ |
| 148 | |
| 149 | target = XProtoTestHelpers.write_tmp_target("{{ xproto_fol_to_python_test(proto.policies.test_policy, None, '0') }}") |
| 150 | |
| 151 | args = FakeArgs() |
| 152 | args.inputs = xproto |
| 153 | args.target = target |
| 154 | |
| 155 | output = XOSGenerator.generate(args) |
| 156 | """ |
| 157 | def policy_output_0(obj, ctx): |
| 158 | i2 = Credential.objects.filter((~ Q(obj_id=obj_id)))[0] |
| 159 | i1 = (not i2) |
| 160 | return i1 |
| 161 | """ |
| 162 | exec(output) |
| 163 | |
| 164 | if __name__ == '__main__': |
| 165 | unittest.main() |