Tree @debian/5.6.0-1 (Download .tar.gz)
- ..
- bhyveargv2xmldata
- bhyvexml2argvdata
- bhyvexml2xmloutdata
- capabilityschemadata
- commanddata
- cputestdata
- domaincapsschemadata
- domainconfdata
- domainschemadata
- fchostdata
- genericxml2xmlindata
- genericxml2xmloutdata
- interfaceschemadata
- libxlxml2domconfigdata
- lxcconf2xmldata
- lxcxml2xmldata
- lxcxml2xmloutdata
- networkxml2confdata
- networkxml2firewalldata
- networkxml2xmlin
- networkxml2xmlout
- networkxml2xmlupdatein
- networkxml2xmlupdateout
- nodedevschemadata
- nssdata
- nwfilterxml2firewalldata
- nwfilterxml2xmlin
- nwfilterxml2xmlout
- qemuagentdata
- qemublocktestdata
- qemucapabilitiesdata
- qemucaps2xmloutdata
- qemudomaincheckpointxml2xmlin
- qemudomaincheckpointxml2xmlout
- qemudomainsnapshotxml2xmlin
- qemudomainsnapshotxml2xmlout
- qemufirmwaredata
- qemuhotplugtestcpus
- qemuhotplugtestdevices
- qemuhotplugtestdomains
- qemumemlockdata
- qemumigparamsdata
- qemumonitorjsondata
- qemustatusxml2xmldata
- qemuxml2argvdata
- qemuxml2xmloutdata
- secretxml2xmlin
- securityselinuxhelperdata
- securityselinuxlabeldata
- storagepoolcapsschemadata
- storagepoolschemadata
- storagepoolxml2argvdata
- storagepoolxml2xmlin
- storagepoolxml2xmlout
- storagevolschemadata
- storagevolxml2argvdata
- storagevolxml2xmlin
- storagevolxml2xmlout
- sysinfodata
- vboxsnapshotxmldata
- vircaps2xmldata
- vircgroupdata
- virconfdata
- virfilecachedata
- virfiledata
- virhostcpudata
- virjsondata
- virmacmaptestdata
- virnetdaemondata
- virnetdevopenvswitchdata
- virnetdevtestdata
- virnetworkportxml2xmldata
- virnwfilterbindingxml2xmldata
- virpcitestdata
- virresctrldata
- virscsidata
- virstorageutildata
- virusbtestdata
- vmwareverdata
- vmx2xmldata
- xlconfigdata
- xmconfigdata
- xml2vmxdata
- .valgrind.supp
- bhyveargv2xmlmock.c
- bhyveargv2xmltest.c
- bhyvexml2argvmock.c
- bhyvexml2argvtest.c
- bhyvexml2xmltest.c
- check-file-access.pl
- commandhelper.c
- commandtest.c
- cputest.c
- domaincapsmock.c
- domaincapstest.c
- domainconftest.c
- esxutilstest.c
- eventtest.c
- fchosttest.c
- fdstreamtest.c
- file_access_whitelist.txt
- genericxml2xmltest.c
- interfacexml2xmltest.c
- libvirtd-fail
- libvirtd-pool
- libxlmock.c
- libxlxml2domconfigtest.c
- lxcconf2xmltest.c
- lxcxml2xmltest.c
- Makefile.am
- Makefile.in
- metadatatest.c
- networkxml2conftest.c
- networkxml2firewalltest.c
- networkxml2xmltest.c
- networkxml2xmlupdatetest.c
- nodedevxml2xmltest.c
- nsslinktest.c
- nssmock.c
- nsstest.c
- nwfilterebiptablestest.c
- nwfilterxml2firewalltest.c
- nwfilterxml2xmltest.c
- objecteventtest.c
- objectlocking.ml
- oomtrace.pl
- openvzutilstest.c
- openvzutilstest.conf
- pkix_asn1_tab.c
- qemuagenttest.c
- qemublocktest.c
- qemucapabilitiestest.c
- qemucaps2xmlmock.c
- qemucaps2xmltest.c
- qemucapsprobe.c
- qemucapsprobemock.c
- qemucommandutiltest.c
- qemucpumock.c
- qemudomaincheckpointxml2xmltest.c
- qemudomainsnapshotxml2xmltest.c
- qemufirmwaretest.c
- qemuhotplugtest.c
- qemumemlocktest.c
- qemumigparamstest.c
- qemumonitorjsontest.c
- qemumonitortestutils.c
- qemumonitortestutils.h
- qemusecuritymock.c
- qemusecuritytest.c
- qemusecuritytest.h
- qemuxml2argvmock.c
- qemuxml2argvtest.c
- qemuxml2xmltest.c
- scsihosttest.c
- seclabeltest.c
- secretxml2xmltest.c
- securityselinuxhelper.c
- securityselinuxlabeltest.c
- securityselinuxtest.c
- shunloadhelper.c
- shunloadtest.c
- sockettest.c
- ssh.c
- storagebackendsheepdogtest.c
- storagepoolcapstest.c
- storagepoolxml2argvtest.c
- storagepoolxml2xmltest.c
- storagevolxml2argvtest.c
- storagevolxml2xmltest.c
- sysinfotest.c
- test-lib.sh
- testutils.c
- testutils.h
- testutilshostcpus.h
- testutilslxc.c
- testutilslxc.h
- testutilsqemu.c
- testutilsqemu.h
- testutilsqemuschema.c
- testutilsqemuschema.h
- testutilsxen.c
- testutilsxen.h
- utiltest.c
- vboxsnapshotxmltest.c
- viralloctest.c
- viratomictest.c
- virauthconfigtest.c
- virbitmaptest.c
- virbuftest.c
- vircaps2xmltest.c
- vircapstest.c
- vircgroupmock.c
- vircgrouptest.c
- virconftest.c
- vircryptotest.c
- virdbusmock.c
- virdbustest.c
- virdeterministichashmock.c
- virdrivermoduletest.c
- virendiantest.c
- virerrortest.c
- virfilecachemock.c
- virfilecachetest.c
- virfilemock.c
- virfiletest.c
- virfilewrapper.c
- virfilewrapper.h
- virfirewalltest.c
- virhashdata.h
- virhashtest.c
- virhostcpumock.c
- virhostcputest.c
- virhostdevtest.c
- viridentitytest.c
- viriscsitest.c
- virjsontest.c
- virkeycodetest.c
- virkeyfiletest.c
- virkmodtest.c
- virlockspacetest.c
- virlogtest.c
- virmacmaptest.c
- virmock.h
- virmockstathelpers.c
- virnetdaemonmock.c
- virnetdaemontest.c
- virnetdevbandwidthmock.c
- virnetdevbandwidthtest.c
- virnetdevmock.c
- virnetdevopenvswitchtest.c
- virnetdevtest.c
- virnetmessagetest.c
- virnetserverclientmock.c
- virnetserverclienttest.c
- virnetsockettest.c
- virnettlscontexttest.c
- virnettlshelpers.c
- virnettlshelpers.h
- virnettlssessiontest.c
- virnetworkportxml2xmltest.c
- virnumamock.c
- virnwfilterbindingxml2xmltest.c
- virpcimock.c
- virpcitest.c
- virpolkittest.c
- virportallocatormock.c
- virportallocatortest.c
- virrandommock.c
- virresctrltest.c
- virrotatingfiletest.c
- virschematest.c
- virscsitest.c
- virsh-checkpoint
- virsh-cpuset
- virsh-define-dev-segfault
- virsh-int-overflow
- virsh-optparse
- virsh-read-bufsiz
- virsh-read-non-seekable
- virsh-schedinfo
- virsh-self-test
- virsh-snapshot
- virsh-start
- virsh-undefine
- virsh-uriprecedence
- virsh-vcpupin
- virshtest.c
- virstoragetest.c
- virstorageutiltest.c
- virstringtest.c
- virsystemdtest.c
- virt-aa-helper-test
- virt-admin-self-test
- virtestmock.c
- virtimetest.c
- virtypedparamtest.c
- viruritest.c
- virusbmock.c
- virusbtest.c
- vmwarevertest.c
- vmx2xmltest.c
- vshtabletest.c
- xlconfigtest.c
- xmconfigtest.c
- xml2vmxtest.c
check-file-access.pl @debian/5.6.0-1 — raw · history · blame
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | #!/usr/bin/env perl # # Copyright (C) 2016 Red Hat, Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see # <http://www.gnu.org/licenses/>. # # This script is supposed to check test_file_access.txt file and # warn about file accesses outside our working tree. # # use strict; use warnings; my $access_file = "test_file_access.txt"; my $whitelist_file = "file_access_whitelist.txt"; my @known_actions = ("open", "fopen", "access", "stat", "lstat", "connect"); my @files; my @whitelist; open FILE, "<", $access_file or die "Unable to open $access_file: $!"; while (<FILE>) { chomp; if (/^(\S*):\s*(\S*):\s*(\S*)(\s*:\s*(.*))?$/) { my %rec; ${rec}{path} = $1; ${rec}{action} = $2; ${rec}{progname} = $3; if (defined $5) { ${rec}{testname} = $5; } push (@files, \%rec); } else { die "Malformed line $_"; } } close FILE; open FILE, "<", $whitelist_file or die "Unable to open $whitelist_file: $!"; while (<FILE>) { chomp; if (/^\s*#.*$/) { # comment } elsif (/^(\S*):\s*(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/ and grep /^$2$/, @known_actions) { # $path: $action: $progname: $testname my %rec; ${rec}{path} = $1; ${rec}{action} = $3; if (defined $4) { ${rec}{progname} = $4; } if (defined $6) { ${rec}{testname} = $6; } push (@whitelist, \%rec); } elsif (/^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/) { # $path: $progname: $testname my %rec; ${rec}{path} = $1; if (defined $3) { ${rec}{progname} = $3; } if (defined $5) { ${rec}{testname} = $5; } push (@whitelist, \%rec); } else { die "Malformed line $_"; } } close FILE; # Now we should check if %traces is included in $whitelist. For # now checking just keys is sufficient my $error = 0; for my $file (@files) { my $match = 0; for my $rule (@whitelist) { if (not %${file}{path} =~ m/^$rule->{path}$/) { next; } if (defined %${rule}{action} and not %${file}{action} =~ m/^$rule->{action}$/) { next; } if (defined %${rule}{progname} and not %${file}{progname} =~ m/^$rule->{progname}$/) { next; } if (defined %${rule}{testname} and defined %${file}{testname} and not %${file}{testname} =~ m/^$rule->{testname}$/) { next; } $match = 1; } if (not $match) { $error = 1; print "$file->{path}: $file->{action}: $file->{progname}"; print ": $file->{testname}" if defined %${file}{testname}; print "\n"; } } exit $error; |