Gitiles
Code Review Sign In
gerrit.opencord.org / xos / d3fcb6606e865aaf4ee304e70c9cef904ac410e8 / . / lib / xos-genx / tests / general_security_test.py
blob: 1201baa27d2165763ff568e186eec8f380606293 [file] [log] [blame]
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]1import unittest
2from xosgenx.generator import XOSGenerator
3from helpers import FakeArgs, XProtoTestHelpers
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]4
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]5"""The function below is for eliminating warnings arising due to the missing policy_output_enforcer,
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]6which is generated and loaded dynamically.
7"""
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]8def policy_output_enforcer(x, y):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]9 raise Exception("Security enforcer not generated. Test failed.")
10 return False
11
12"""
13The tests below use the Python code target to generate
14Python security policies, set up an appropriate environment and execute the Python.
15"""
16class XProtoSecurityTest(unittest.TestCase):
17 def setUp(self):
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]18 self.target = XProtoTestHelpers.write_tmp_target("""
19{% for name, policy in proto.policies.items() %}
20{{ xproto_fol_to_python_test(name, policy, None, '0') }}
21{% endfor %}
22""")
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]23
24 def test_constant(self):
25 xproto = \
26"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]27 policy output < True >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]28"""
29 args = FakeArgs()
30 args.inputs = xproto
31 args.target = self.target
32
33 output = XOSGenerator.generate(args)
34
35 exec(output) # This loads the generated function, which should look like this:
36
37 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]38 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]39 i1 = True
40 return i1
41 """
42
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]43 verdict = policy_output_enforcer({}, {})
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]44 self.assertTrue(verdict)
45
46 def test_equal(self):
47 xproto = \
48"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]49 policy output < ctx.user = obj.user >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]50"""
51
52 args = FakeArgs()
53 args.inputs = xproto
54 args.target = self.target
55
56 output = XOSGenerator.generate(args)
57
58 exec(output) # This loads the generated function, which should look like this:
59
60 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]61 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]62 i1 = (ctx.user == obj.user)
63 return i1
64 """
65
66 obj = FakeArgs()
67 obj.user = 1
68 ctx = FakeArgs()
69 ctx.user = 1
70
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]71 verdict = policy_output_enforcer(obj, ctx)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]72
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]73 def test_call_policy(self):
74 xproto = \
75"""
76 policy sub_policy < ctx.user = obj.user >
77 policy output < *sub_policy(child) >
78"""
79
80 args = FakeArgs()
81 args.inputs = xproto
82 args.target = self.target
83
84 output = XOSGenerator.generate(args)
85
86 exec(output,globals()) # This loads the generated function, which should look like this:
87
88 """
89 def policy_sub_policy_enforcer(obj, ctx):
90 i1 = (ctx.user == obj.user)
91 return i1
92
93 def policy_output_enforcer(obj, ctx):
94 i1 = policy_sub_policy_enforcer(obj.child, ctx)
95 return i1
96 """
97
98 obj = FakeArgs()
99 obj.child = FakeArgs()
100 obj.child.user = 1
101
102 ctx = FakeArgs()
103 ctx.user = 1
104
105 verdict = policy_output_enforcer(obj, ctx)
106 self.assertTrue(verdict)
107
108
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]109 def test_bin(self):
110 xproto = \
111"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]112 policy output < ctx.is_admin = True | obj.empty = True>
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]113"""
114
115 args = FakeArgs()
116 args.inputs = xproto
117 args.target = self.target
118
119 output = XOSGenerator.generate(args)
120 exec(output) # This loads the generated function, which should look like this:
121
122 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]123 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]124 i2 = (ctx.is_admin == True)
125 i3 = (obj.empty == True)
126 i1 = (i2 or i3)
127 return i1
128 """
129
130 obj = FakeArgs()
131 obj.empty = True
132
133 ctx = FakeArgs()
134 ctx.is_admin = True
135
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]136 verdict = policy_output_enforcer(obj, ctx)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]137
138 self.assertTrue(verdict)
139
140
141 def test_exists(self):
142 xproto = \
143"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]144 policy output < exists Privilege: Privilege.object_id = obj.id >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]145"""
146 args = FakeArgs()
147 args.inputs = xproto
148 args.target = self.target
149
150 output = XOSGenerator.generate(args)
151 exec(output) # This loads the generated function, which should look like this:
152
153 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]154 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]155 i1 = Privilege.objects.filter(object_id=obj.id)
156 return i1
157 """
158
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]159 self.assertTrue(policy_output_enforcer is not None)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]160
161 def test_python(self):
162 xproto = \
163"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]164 policy output < {{ "jack" in ["the", "box"] }} = False >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]165"""
166 args = FakeArgs()
167 args.inputs = xproto
168 args.target = self.target
169 output = XOSGenerator.generate(args)
170 exec(output) # This loads the generated function, which should look like this:
171
172 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]173 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]174 i2 = ('jack' in ['the', 'box'])
175 i1 = (i2 == False)
176 return i1
177 """
178
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]179 self.assertTrue(policy_output_enforcer({}, {}) is True)
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]180
181 def test_forall(self):
182 # This one we only parse
183 xproto = \
184"""
Sapan Bhatiad3fcb662017-07-25 21:13:48 -0400[diff] [blame^]185 policy output < forall Credential: Credential.obj_id = obj_id >
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]186"""
187
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]188 args = FakeArgs()
189 args.inputs = xproto
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]190 args.target = self.target
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]191
192 output = XOSGenerator.generate(args)
193 """
Sapan Bhatia5ea307d2017-07-19 00:13:21 -0400[diff] [blame]194 def policy_output_enforcer(obj, ctx):
Sapan Bhatia3e3c1cd2017-07-15 01:35:44 -0400[diff] [blame]195 i2 = Credential.objects.filter((~ Q(obj_id=obj_id)))[0]
196 i1 = (not i2)
197 return i1
198 """
199 exec(output)
200
201if __name__ == '__main__':
202 unittest.main()