import re
import sys
-whitelist = {
+permitted = {
"connectClose": True,
"connectIsEncrypted": True,
"connectIsSecure": True,
# XXX this vzDomainMigrateConfirm3Params looks
# bogus - determine why it doesn't have a valid
# ACL check.
-implwhitelist = {
+implpermitted = {
"vzDomainMigrateConfirm3Params": True,
}
api not in ["no", "name"] and
table != "virStateDriver"):
if (impl not in acls and
- api not in whitelist and
- impl not in implwhitelist):
+ api not in permitted and
+ impl not in implpermitted):
print(("%s:%d Missing ACL check in " +
"function '%s' for '%s'") %
(filename, lineno, impl, api),
import sys
if len(sys.argv) != 3:
- print("syntax: %s ACCESS-FILE ACCESS-WHITELIST")
+ print("syntax: %s ACCESS-FILE PERMITTED-ACCESS-FILE")
sys.exit(1)
access_file = sys.argv[1]
-whitelist_file = sys.argv[2]
+permitted_file = sys.argv[2]
known_actions = ["open", "fopen", "access", "stat", "lstat", "connect"]
files = []
-whitelist = []
+permitted = []
with open(access_file, "r") as fh:
for line in fh:
else:
raise Exception("Malformed line %s" % line)
-with open(whitelist_file, "r") as fh:
+with open(permitted_file, "r") as fh:
for line in fh:
line = line.rstrip("\n")
"progname": m.group(4),
"testname": m.group(6),
}
- whitelist.append(rec)
+ permitted.append(rec)
else:
m = re.search(r'''^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
if m is not None:
"progname": m.group(3),
"testname": m.group(5),
}
- whitelist.append(rec)
+ permitted.append(rec)
else:
raise Exception("Malformed line %s" % line)
-# Now we should check if %traces is included in $whitelist. For
+# Now we should check if %traces is included in $permitted. For
# now checking just keys is sufficient
err = False
for file in files:
match = False
- for rule in whitelist:
+ for rule in permitted:
if not re.match("^" + rule["path"] + "$", file["path"]):
continue
mocked = {}
# Functions in public header don't get the noinline annotation
-# so whitelist them here
noninlined["virEventAddTimeout"] = True
# This one confuses the script as its defined in the mock file
# but is actually just a local helper
VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-file-access.py \
$(abs_builddir)/test_file_access.txt \
- $(abs_srcdir)/file_access_whitelist.txt | sort -u
+ $(abs_srcdir)/permitted_file_access.txt | sort -u
file-access-clean:
> test_file_access.txt
endif WITH_LINUX
EXTRA_DIST += \
- file_access_whitelist.txt
+ permitted_file_access.txt
if WITH_TESTS
noinst_PROGRAMS = $(test_programs) $(test_helpers)
+++ /dev/null
-# This is a whitelist that allows accesses to files not in our
-# build directory nor source directory. The records are in the
-# following formats:
-#
-# $path: $progname: $testname
-# $path: $action: $progname: $testname
-#
-# All these variables are evaluated as python RE. So to allow
-# /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
-# /proc/$pid/status you can '/proc/\d+/status' and so on.
-# Moreover, $action, $progname and $testname can be empty, in which
-# which case $path is allowed for all tests. However, $action (if
-# specified) must be one of "open", "fopen", "access", "stat",
-# "lstat", "connect".
-
-/bin/cat: sysinfotest
-/bin/dirname: sysinfotest: x86 sysinfo
-/bin/sleep: commandtest
-/bin/true: commandtest
-/dev/null
-/dev/urandom
-/etc/hosts
-/proc/\d+/status
-
-/etc/passwd: fopen
-
-# This is just a dummy example, DO NOT USE IT LIKE THAT!
-.*: nonexistent-test-touching-everything
--- /dev/null
+# This is a list of files not in our build directory nor source
+# directory which are permitted to be accessed by tests. The
+# records are in the following formats:
+#
+# $path: $progname: $testname
+# $path: $action: $progname: $testname
+#
+# All these variables are evaluated as python RE. So to allow
+# /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
+# /proc/$pid/status you can '/proc/\d+/status' and so on.
+# Moreover, $action, $progname and $testname can be empty, in which
+# which case $path is allowed for all tests. However, $action (if
+# specified) must be one of "open", "fopen", "access", "stat",
+# "lstat", "connect".
+
+/bin/cat: sysinfotest
+/bin/dirname: sysinfotest: x86 sysinfo
+/bin/sleep: commandtest
+/bin/true: commandtest
+/dev/null
+/dev/urandom
+/etc/hosts
+/proc/\d+/status
+
+/etc/passwd: fopen
+
+# This is just a dummy example, DO NOT USE IT LIKE THAT!
+.*: nonexistent-test-touching-everything
projects / libvirt.git / commitdiff