Codebase list libvirt / debian/5.6.0-1 tests / check-file-access.pl
debian/5.6.0-1

Tree @debian/5.6.0-1 (Download .tar.gz)

check-file-access.pl @debian/5.6.0-1raw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/usr/bin/env perl
#
# Copyright (C) 2016 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library.  If not, see
# <http://www.gnu.org/licenses/>.
#
# This script is supposed to check test_file_access.txt file and
# warn about file accesses outside our working tree.
#
#

use strict;
use warnings;

my $access_file = "test_file_access.txt";
my $whitelist_file = "file_access_whitelist.txt";

my @known_actions = ("open", "fopen", "access", "stat", "lstat", "connect");

my @files;
my @whitelist;

open FILE, "<", $access_file or die "Unable to open $access_file: $!";
while (<FILE>) {
    chomp;
    if (/^(\S*):\s*(\S*):\s*(\S*)(\s*:\s*(.*))?$/) {
        my %rec;
        ${rec}{path} = $1;
        ${rec}{action} = $2;
        ${rec}{progname} = $3;
        if (defined $5) {
            ${rec}{testname} = $5;
        }
        push (@files, \%rec);
    } else {
        die "Malformed line $_";
    }
}
close FILE;

open FILE, "<", $whitelist_file or die "Unable to open $whitelist_file: $!";
while (<FILE>) {
    chomp;
    if (/^\s*#.*$/) {
        # comment
    } elsif (/^(\S*):\s*(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/ and
            grep /^$2$/, @known_actions) {
        # $path: $action: $progname: $testname
        my %rec;
        ${rec}{path} = $1;
        ${rec}{action} = $3;
        if (defined $4) {
            ${rec}{progname} = $4;
        }
        if (defined $6) {
            ${rec}{testname} = $6;
        }
        push (@whitelist, \%rec);
    } elsif (/^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/) {
        # $path: $progname: $testname
        my %rec;
        ${rec}{path} = $1;
        if (defined $3) {
            ${rec}{progname} = $3;
        }
        if (defined $5) {
            ${rec}{testname} = $5;
        }
        push (@whitelist, \%rec);
    } else {
        die "Malformed line $_";
    }
}
close FILE;

# Now we should check if %traces is included in $whitelist. For
# now checking just keys is sufficient
my $error = 0;
for my $file (@files) {
    my $match = 0;

    for my $rule (@whitelist) {
        if (not %${file}{path} =~ m/^$rule->{path}$/) {
            next;
        }

        if (defined %${rule}{action} and
            not %${file}{action} =~ m/^$rule->{action}$/) {
            next;
        }

        if (defined %${rule}{progname} and
            not %${file}{progname} =~ m/^$rule->{progname}$/) {
            next;
        }

        if (defined %${rule}{testname} and
            defined %${file}{testname} and
            not %${file}{testname} =~ m/^$rule->{testname}$/) {
            next;
        }

        $match = 1;
    }

    if (not $match) {
        $error = 1;
        print "$file->{path}: $file->{action}: $file->{progname}";
        print ": $file->{testname}" if defined %${file}{testname};
        print "\n";
    }
}

exit $error;