[libvirt] [PATCH v3 20/22] tests: rewrite file access checker in Python

Daniel P. Berrangé berrange at redhat.com
Tue Sep 24 14:59:01 UTC 2019


As part of an goal to eliminate Perl from libvirt build tools,
rewrite the check-file-access.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
 tests/Makefile.am               |   4 +-
 tests/check-file-access.pl      | 126 --------------------------------
 tests/check-file-access.py      | 123 +++++++++++++++++++++++++++++++
 tests/file_access_whitelist.txt |   2 +-
 4 files changed, 126 insertions(+), 129 deletions(-)
 delete mode 100755 tests/check-file-access.pl
 create mode 100755 tests/check-file-access.py

diff --git a/tests/Makefile.am b/tests/Makefile.am
index e1bcd10c7c..aba2310e21 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -450,14 +450,14 @@ EXTRA_DIST += $(test_scripts)
 if WITH_LINUX
 check-access: file-access-clean
 	VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
-	$(PERL) check-file-access.pl | sort -u
+	$(RUNUTF8) $(PYTHON) check-file-access.py | sort -u
 
 file-access-clean:
 	> test_file_access.txt
 endif WITH_LINUX
 
 EXTRA_DIST += \
-	check-file-access.pl \
+	check-file-access.py \
 	file_access_whitelist.txt
 
 if WITH_TESTS
diff --git a/tests/check-file-access.pl b/tests/check-file-access.pl
deleted file mode 100755
index ea0b7a18a2..0000000000
--- a/tests/check-file-access.pl
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2016 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# This script is supposed to check test_file_access.txt file and
-# warn about file accesses outside our working tree.
-#
-#
-
-use strict;
-use warnings;
-
-my $access_file = "test_file_access.txt";
-my $whitelist_file = "file_access_whitelist.txt";
-
-my @known_actions = ("open", "fopen", "access", "stat", "lstat", "connect");
-
-my @files;
-my @whitelist;
-
-open FILE, "<", $access_file or die "Unable to open $access_file: $!";
-while (<FILE>) {
-    chomp;
-    if (/^(\S*):\s*(\S*):\s*(\S*)(\s*:\s*(.*))?$/) {
-        my %rec;
-        ${rec}{path} = $1;
-        ${rec}{action} = $2;
-        ${rec}{progname} = $3;
-        if (defined $5) {
-            ${rec}{testname} = $5;
-        }
-        push (@files, \%rec);
-    } else {
-        die "Malformed line $_";
-    }
-}
-close FILE;
-
-open FILE, "<", $whitelist_file or die "Unable to open $whitelist_file: $!";
-while (<FILE>) {
-    chomp;
-    if (/^\s*#.*$/) {
-        # comment
-    } elsif (/^(\S*):\s*(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/ and
-            grep /^$2$/, @known_actions) {
-        # $path: $action: $progname: $testname
-        my %rec;
-        ${rec}{path} = $1;
-        ${rec}{action} = $3;
-        if (defined $4) {
-            ${rec}{progname} = $4;
-        }
-        if (defined $6) {
-            ${rec}{testname} = $6;
-        }
-        push (@whitelist, \%rec);
-    } elsif (/^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/) {
-        # $path: $progname: $testname
-        my %rec;
-        ${rec}{path} = $1;
-        if (defined $3) {
-            ${rec}{progname} = $3;
-        }
-        if (defined $5) {
-            ${rec}{testname} = $5;
-        }
-        push (@whitelist, \%rec);
-    } else {
-        die "Malformed line $_";
-    }
-}
-close FILE;
-
-# Now we should check if %traces is included in $whitelist. For
-# now checking just keys is sufficient
-my $error = 0;
-for my $file (@files) {
-    my $match = 0;
-
-    for my $rule (@whitelist) {
-        if (not %${file}{path} =~ m/^$rule->{path}$/) {
-            next;
-        }
-
-        if (defined %${rule}{action} and
-            not %${file}{action} =~ m/^$rule->{action}$/) {
-            next;
-        }
-
-        if (defined %${rule}{progname} and
-            not %${file}{progname} =~ m/^$rule->{progname}$/) {
-            next;
-        }
-
-        if (defined %${rule}{testname} and
-            defined %${file}{testname} and
-            not %${file}{testname} =~ m/^$rule->{testname}$/) {
-            next;
-        }
-
-        $match = 1;
-    }
-
-    if (not $match) {
-        $error = 1;
-        print "$file->{path}: $file->{action}: $file->{progname}";
-        print ": $file->{testname}" if defined %${file}{testname};
-        print "\n";
-    }
-}
-
-exit $error;
diff --git a/tests/check-file-access.py b/tests/check-file-access.py
new file mode 100755
index 0000000000..d0e3ef68b4
--- /dev/null
+++ b/tests/check-file-access.py
@@ -0,0 +1,123 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2016-2019 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
+#
+# This script is supposed to check test_file_access.txt file and
+# warn about file accesses outside our working tree.
+#
+#
+
+from __future__ import print_function
+
+import re
+import sys
+
+access_file = "test_file_access.txt"
+whitelist_file = "file_access_whitelist.txt"
+
+known_actions = ["open", "fopen", "access", "stat", "lstat", "connect"]
+
+files = []
+whitelist = []
+
+with open(access_file, "r") as fh:
+    for line in fh:
+        line = line.rstrip("\n")
+
+        m = re.match(r'''^(\S*):\s*(\S*):\s*(\S*)(\s*:\s*(.*))?$''', line)
+        if m is not None:
+            rec = {
+                "path": m.group(1),
+                "action": m.group(2),
+                "progname": m.group(3),
+                "testname": m.group(5),
+            }
+            files.append(rec)
+        else:
+            raise Exception("Malformed line %s" % line)
+
+with open(whitelist_file, "r") as fh:
+    for line in fh:
+        line = line.rstrip("\n")
+
+        if re.match(r'''^\s*#.*$''', line):
+            continue  # comment
+        if line == "":
+            continue
+
+        m = re.match(r'''^(\S*):\s*(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
+        if m is not None and m.group(2) in known_actions:
+            # $path: $action: $progname: $testname
+            rec = {
+                "path": m.group(1),
+                "action": m.group(3),
+                "progname": m.group(4),
+                "testname": m.group(6),
+            }
+            whitelist.append(rec)
+        else:
+            m = re.match(r'''^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
+            if m is not None:
+                # $path: $progname: $testname
+                rec = {
+                    "path": m.group(1),
+                    "action": None,
+                    "progname": m.group(3),
+                    "testname": m.group(5),
+                }
+                whitelist.append(rec)
+            else:
+                raise Exception("Malformed line %s" % line)
+
+
+# Now we should check if %traces is included in $whitelist. For
+# now checking just keys is sufficient
+err = False
+for file in files:
+    match = False
+
+    for rule in whitelist:
+        if not re.match("^" + rule["path"], file["path"]):
+            continue
+
+        if (rule["action"] is not None and
+            not re.match("^" + rule["action"], file["action"])):
+            continue
+
+        if (rule["progname"] is not None and
+            not re.match("^" + rule["progname"], file["progname"])):
+            continue
+
+        if (rule["testname"] is not None and
+            file["testname"] is not None and
+            not re.match("^" + rule["testname"], file["testname"])):
+            continue
+
+        match = True
+
+    if not match:
+        err = True
+        print("%s: %s: %s" %
+              (file["path"], file["action"], file["progname"]),
+              file=sys.stderr, end="")
+        if file["testname"] is not None:
+            print(": %s" % file["testname"], file=sys.stderr, end="")
+        print("", file=sys.stderr)
+
+if err:
+    sys.exit(1)
+sys.exit(0)
diff --git a/tests/file_access_whitelist.txt b/tests/file_access_whitelist.txt
index 3fb318cbab..5ec7ee63bb 100644
--- a/tests/file_access_whitelist.txt
+++ b/tests/file_access_whitelist.txt
@@ -5,7 +5,7 @@
 #  $path: $progname: $testname
 #  $path: $action: $progname: $testname
 #
-# All these variables are evaluated as perl RE. So to allow
+# All these variables are evaluated as python RE. So to allow
 # /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
 # /proc/$pid/status you can '/proc/\d+/status' and so on.
 # Moreover, $action, $progname and $testname can be empty, in which
-- 
2.21.0




More information about the libvir-list mailing list