From: Daniel P. Berrangé <berrange@redhat.com>
Date: Tue, 16 Jun 2020 08:39:12 +0000 (+0100)
Subject: scripts: remove use of the term 'whitelist' from build helpers
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=d3475e71bcb397f721eb2a5906f9b015b516eab2;p=libvirt.git

scripts: remove use of the term 'whitelist' from build helpers

The term "permitted list" is a better choice for the filtering
logic applied.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/scripts/check-aclrules.py b/scripts/check-aclrules.py
index a1fa473174..2335e8cfdd 100755
--- a/scripts/check-aclrules.py
+++ b/scripts/check-aclrules.py
@@ -35,7 +35,7 @@
 import re
 import sys
 
-whitelist = {
+permitted = {
     "connectClose": True,
     "connectIsEncrypted": True,
     "connectIsSecure": True,
@@ -58,7 +58,7 @@ whitelist = {
 # XXX this vzDomainMigrateConfirm3Params looks
 # bogus - determine why it doesn't have a valid
 # ACL check.
-implwhitelist = {
+implpermitted = {
     "vzDomainMigrateConfirm3Params": True,
 }
 
@@ -230,8 +230,8 @@ def process_file(filename):
                             api not in ["no", "name"] and
                             table != "virStateDriver"):
                         if (impl not in acls and
-                                api not in whitelist and
-                                impl not in implwhitelist):
+                                api not in permitted and
+                                impl not in implpermitted):
                             print(("%s:%d Missing ACL check in " +
                                    "function '%s' for '%s'") %
                                   (filename, lineno, impl, api),
diff --git a/scripts/check-file-access.py b/scripts/check-file-access.py
index dd39de2d79..aa120cafac 100755
--- a/scripts/check-file-access.py
+++ b/scripts/check-file-access.py
@@ -25,16 +25,16 @@ import re
 import sys
 
 if len(sys.argv) != 3:
-    print("syntax: %s ACCESS-FILE ACCESS-WHITELIST")
+    print("syntax: %s ACCESS-FILE PERMITTED-ACCESS-FILE")
     sys.exit(1)
 
 access_file = sys.argv[1]
-whitelist_file = sys.argv[2]
+permitted_file = sys.argv[2]
 
 known_actions = ["open", "fopen", "access", "stat", "lstat", "connect"]
 
 files = []
-whitelist = []
+permitted = []
 
 with open(access_file, "r") as fh:
     for line in fh:
@@ -52,7 +52,7 @@ with open(access_file, "r") as fh:
         else:
             raise Exception("Malformed line %s" % line)
 
-with open(whitelist_file, "r") as fh:
+with open(permitted_file, "r") as fh:
     for line in fh:
         line = line.rstrip("\n")
 
@@ -70,7 +70,7 @@ with open(whitelist_file, "r") as fh:
                 "progname": m.group(4),
                 "testname": m.group(6),
             }
-            whitelist.append(rec)
+            permitted.append(rec)
         else:
             m = re.search(r'''^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
             if m is not None:
@@ -81,18 +81,18 @@ with open(whitelist_file, "r") as fh:
                     "progname": m.group(3),
                     "testname": m.group(5),
                 }
-                whitelist.append(rec)
+                permitted.append(rec)
             else:
                 raise Exception("Malformed line %s" % line)
 
 
-# Now we should check if %traces is included in $whitelist. For
+# Now we should check if %traces is included in $permitted. For
 # now checking just keys is sufficient
 err = False
 for file in files:
     match = False
 
-    for rule in whitelist:
+    for rule in permitted:
         if not re.match("^" + rule["path"] + "$", file["path"]):
             continue
 
diff --git a/scripts/mock-noinline.py b/scripts/mock-noinline.py
index 4fc60c0be3..a8b7680c11 100644
--- a/scripts/mock-noinline.py
+++ b/scripts/mock-noinline.py
@@ -23,7 +23,6 @@ noninlined = {}
 mocked = {}
 
 # Functions in public header don't get the noinline annotation
-# so whitelist them here
 noninlined["virEventAddTimeout"] = True
 # This one confuses the script as its defined in the mock file
 # but is actually just a local helper
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 3505c40f42..65d1ceeefd 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -458,14 +458,14 @@ check-access: file-access-clean
 	VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
 	$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-file-access.py \
 		$(abs_builddir)/test_file_access.txt \
-		$(abs_srcdir)/file_access_whitelist.txt | sort -u
+		$(abs_srcdir)/permitted_file_access.txt | sort -u
 
 file-access-clean:
 	> test_file_access.txt
 endif WITH_LINUX
 
 EXTRA_DIST += \
-	file_access_whitelist.txt
+	permitted_file_access.txt
 
 if WITH_TESTS
 noinst_PROGRAMS = $(test_programs) $(test_helpers)
diff --git a/tests/file_access_whitelist.txt b/tests/file_access_whitelist.txt
deleted file mode 100644
index 5ec7ee63bb..0000000000
--- a/tests/file_access_whitelist.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-# This is a whitelist that allows accesses to files not in our
-# build directory nor source directory. The records are in the
-# following formats:
-#
-#  $path: $progname: $testname
-#  $path: $action: $progname: $testname
-#
-# All these variables are evaluated as python RE. So to allow
-# /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
-# /proc/$pid/status you can '/proc/\d+/status' and so on.
-# Moreover, $action, $progname and $testname can be empty, in which
-# which case $path is allowed for all tests. However, $action (if
-# specified) must be one of "open", "fopen", "access", "stat",
-# "lstat", "connect".
-
-/bin/cat: sysinfotest
-/bin/dirname: sysinfotest: x86 sysinfo
-/bin/sleep: commandtest
-/bin/true: commandtest
-/dev/null
-/dev/urandom
-/etc/hosts
-/proc/\d+/status
-
-/etc/passwd: fopen
-
-# This is just a dummy example, DO NOT USE IT LIKE THAT!
-.*: nonexistent-test-touching-everything
diff --git a/tests/permitted_file_access.txt b/tests/permitted_file_access.txt
new file mode 100644
index 0000000000..52292d56be
--- /dev/null
+++ b/tests/permitted_file_access.txt
@@ -0,0 +1,28 @@
+# This is a list of files not in our build directory nor source
+# directory which are permitted to be accessed by tests. The
+# records are in the following formats:
+#
+#  $path: $progname: $testname
+#  $path: $action: $progname: $testname
+#
+# All these variables are evaluated as python RE. So to allow
+# /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
+# /proc/$pid/status you can '/proc/\d+/status' and so on.
+# Moreover, $action, $progname and $testname can be empty, in which
+# which case $path is allowed for all tests. However, $action (if
+# specified) must be one of "open", "fopen", "access", "stat",
+# "lstat", "connect".
+
+/bin/cat: sysinfotest
+/bin/dirname: sysinfotest: x86 sysinfo
+/bin/sleep: commandtest
+/bin/true: commandtest
+/dev/null
+/dev/urandom
+/etc/hosts
+/proc/\d+/status
+
+/etc/passwd: fopen
+
+# This is just a dummy example, DO NOT USE IT LIKE THAT!
+.*: nonexistent-test-touching-everything