2019-12-03 19:29:12 +03:00
#!/usr/bin/env python3
2019-08-30 15:22:54 +03:00
#
# Copyright (C) 2013-2019 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
# This script validates that the driver implementation of any
# public APIs contain ACL checks.
#
# As the script reads each source file, it attempts to identify
# top level function names.
#
# When reading the body of the functions, it looks for anything
# that looks like an API called named XXXEnsureACL. It will
# validate that the XXX prefix matches the name of the function
# it occurs in.
#
# When it later finds the virDriverPtr table, for each entry
# point listed, it will validate if there was a previously
# detected EnsureACL call recorded.
#
import re
import sys
2020-06-16 11:39:12 +03:00
permitted = {
2019-08-30 15:22:54 +03:00
" connectClose " : True ,
" connectIsEncrypted " : True ,
" connectIsSecure " : True ,
" connectIsAlive " : True ,
" networkOpen " : True ,
" networkClose " : True ,
" nwfilterOpen " : True ,
" nwfilterClose " : True ,
" secretOpen " : True ,
" secretClose " : True ,
" storageOpen " : True ,
" storageClose " : True ,
" interfaceOpen " : True ,
" interfaceClose " : True ,
" connectURIProbe " : True ,
" localOnly " : True ,
" domainQemuAttach " : True ,
}
# XXX this vzDomainMigrateConfirm3Params looks
# bogus - determine why it doesn't have a valid
# ACL check.
2020-06-16 11:39:12 +03:00
implpermitted = {
2019-08-30 15:22:54 +03:00
" vzDomainMigrateConfirm3Params " : True ,
}
scripts/check-aclrules.py: check ACL for domain_driver.c ACL callers
This script works under two specific conditions. For each opened file,
search for all functions that has ACL calls and store them, and see
if there is a vir*DriverPtr struct declared in it. For each implementation
found, check if there is an ACL verification inside it, and error out if
none was found. The script also supports the concept of stub, where another
function takes the responsibility for the ACL call instead of the
original API.
Unfortunately this is not enough to cover the new scenario we have now,
with domain_driver.c containing helper functions that execute the ACL
calls. The script does not store state between files because, until now,
it wasn't needed to - APIs and stubs and vir*DriverPtr declarations were
always in the same file. Also, the script will not check for ACL in functions
that does not belong to a vir*DriverPtr interface. What we have now in
domain_driver.c breaks both assumptions: the functions are in a different
file, and there is no vir*DriverPtr being implemented in the file that
uses these functions.
This patch changes check-aclrules.py to accomodate this scenario. The helpers
that have ACL checks are stored beforehand in aclFuncHelpers, allowing other
files to use them to recognize a stub situation. In case the current file
being analyzed is domain_driver.c itself, we'll do a manual check using
aclFuncHelpers to verify that these functions indeed have ACL checks.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-02 23:44:34 +03:00
aclFuncHelpers = {
" virDomainDriverNodeDeviceDetachFlags " : True ,
" virDomainDriverNodeDeviceReset " : True ,
" virDomainDriverNodeDeviceReAttach " : True ,
}
aclFuncHelperFile = " domain_driver.c "
2019-08-30 15:22:54 +03:00
lastfile = None
def fixup_name ( name ) :
name . replace ( " Nwfilter " , " NWFilter " )
name . replace ( " Pm " , " PM " )
name . replace ( " Scsi " , " SCSI " )
if name . endswith ( " Xml " ) :
name = name [ : - 3 ] + " XML "
elif name . endswith ( " Uri " ) :
name = name [ : - 3 ] + " URI "
elif name . endswith ( " Uuid " ) :
name = name [ : - 4 ] + " UUID "
elif name . endswith ( " Id " ) :
name = name [ : - 2 ] + " ID "
elif name . endswith ( " Mac " ) :
name = name [ : - 3 ] + " MAC "
elif name . endswith ( " Cpu " ) :
name = name [ : - 3 ] + " MAC "
elif name . endswith ( " Os " ) :
name = name [ : - 2 ] + " OS "
elif name . endswith ( " Nmi " ) :
name = name [ : - 3 ] + " NMI "
elif name . endswith ( " Fstrim " ) :
name = name [ : - 6 ] + " FSTrim "
elif name . endswith ( " Wwn " ) :
name = name [ : - 3 ] + " WWN "
return name
def name_to_ProcName ( name ) :
elems = [ ]
2019-11-20 21:05:13 +03:00
if " _ " in name or name . lower ( ) in [ " open " , " close " ] :
2019-08-30 15:22:54 +03:00
elems = [ n . lower ( ) . capitalize ( ) for n in name . split ( " _ " ) ]
else :
elems = [ name ]
elems = [ fixup_name ( n ) for n in elems ]
procname = " " . join ( elems )
return procname [ 0 : 1 ] . lower ( ) + procname [ 1 : ]
proto = sys . argv [ 1 ]
filteredmap = { }
with open ( proto , " r " ) as fh :
incomment = False
filtered = False
for line in fh :
2019-11-20 21:05:13 +03:00
if " /** " in line :
2019-08-30 15:22:54 +03:00
incomment = True
filtered = False
elif incomment :
2019-11-20 21:05:13 +03:00
if " * @aclfilter " in line :
2019-08-30 15:22:54 +03:00
filtered = True
elif filtered :
m = re . search ( r ''' REMOTE_PROC_(.*) \ s+= \ s* \ d+ ''' , line )
if m is not None :
api = name_to_ProcName ( m . group ( 1 ) )
# Event filtering is handled in daemon/remote.c
# instead of drivers
2019-11-20 22:10:13 +03:00
if " _EVENT_REGISTER " not in line :
2019-08-30 15:22:54 +03:00
filteredmap [ api ] = True
incomment = False
def process_file ( filename ) :
brace = 0
maybefunc = None
intable = False
table = None
scripts/check-aclrules.py: check ACL for domain_driver.c ACL callers
This script works under two specific conditions. For each opened file,
search for all functions that has ACL calls and store them, and see
if there is a vir*DriverPtr struct declared in it. For each implementation
found, check if there is an ACL verification inside it, and error out if
none was found. The script also supports the concept of stub, where another
function takes the responsibility for the ACL call instead of the
original API.
Unfortunately this is not enough to cover the new scenario we have now,
with domain_driver.c containing helper functions that execute the ACL
calls. The script does not store state between files because, until now,
it wasn't needed to - APIs and stubs and vir*DriverPtr declarations were
always in the same file. Also, the script will not check for ACL in functions
that does not belong to a vir*DriverPtr interface. What we have now in
domain_driver.c breaks both assumptions: the functions are in a different
file, and there is no vir*DriverPtr being implemented in the file that
uses these functions.
This patch changes check-aclrules.py to accomodate this scenario. The helpers
that have ACL checks are stored beforehand in aclFuncHelpers, allowing other
files to use them to recognize a stub situation. In case the current file
being analyzed is domain_driver.c itself, we'll do a manual check using
aclFuncHelpers to verify that these functions indeed have ACL checks.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-02 23:44:34 +03:00
aclHelperFileCheck = False
acls = aclFuncHelpers
if aclFuncHelperFile in filename :
acls = { }
aclHelperFileCheck = True
2019-08-30 15:22:54 +03:00
aclfilters = { }
errs = False
with open ( filename , " r " ) as fh :
lineno = 0
for line in fh :
lineno = lineno + 1
if brace == 0 :
# Looks for anything which appears to be a function
# body name. Doesn't matter if we pick up bogus stuff
# here, as long as we don't miss valid stuff
2019-11-20 21:13:29 +03:00
m = None
if " ( " in line :
m = re . search ( r ''' \ b( \ w+) \ ( ''' , line )
2019-08-30 15:22:54 +03:00
if m is not None :
maybefunc = m . group ( 1 )
elif brace > 0 :
2019-11-20 21:13:29 +03:00
ensureacl = None
checkacl = None
stub = None
if " EnsureACL " in line :
ensureacl = re . search ( r ''' ( \ w+)EnsureACL ''' , line )
if " CheckACL " in line :
checkacl = re . search ( r ''' ( \ w+)CheckACL ''' , line )
if " ( " in line :
stub = re . search ( r ''' \ b( \ w+) \ ( ''' , line )
2019-08-30 15:22:54 +03:00
if ensureacl is not None :
# Record the fact that maybefunc contains an
# ACL call, and make sure it is the right call!
func = ensureacl . group ( 1 )
if func . startswith ( " vir " ) :
func = func [ 3 : ]
if maybefunc is None :
print ( " %s : %d Unexpected check ' %s ' outside function " %
( filename , lineno , func ) , file = sys . stderr )
errs = True
else :
if not maybefunc . lower ( ) . endswith ( func . lower ( ) ) :
print ( ( " %s : %d Mismatch check ' vir %s EnsureACL ' " +
" for function ' %s ' " ) %
( filename , lineno , func , maybefunc ) ,
file = sys . stderr )
errs = True
acls [ maybefunc ] = True
elif checkacl :
# Record the fact that maybefunc contains an
# ACL filter call, and make sure it is the right call!
func = checkacl . group ( 1 )
if func . startswith ( " vir " ) :
func = func [ 3 : ]
if maybefunc is None :
print ( " %s : %d Unexpected check ' %s ' outside function " %
( filename , lineno , func ) , file = sys . stderr )
errs = True
else :
if not maybefunc . lower ( ) . endswith ( func . lower ( ) ) :
print ( ( " %s : %d Mismatch check ' vir %s CheckACL ' " +
" for function ' %s ' " ) %
( filename , lineno , func , maybefunc ) ,
file = sys . stderr )
errs = True
aclfilters [ maybefunc ] = True
elif stub :
# Handles case where we replaced an API with a new
# one which adds new parameters, and we're left with
# a simple stub calling the new API.
callfunc = stub . group ( 1 )
if callfunc in acls :
acls [ maybefunc ] = True
if callfunc in aclfilters :
aclfilters [ maybefunc ] = True
# Pass the vir*DriverPtr tables and make sure that
# every func listed there, has an impl which calls
# an ACL function
if intable :
2019-11-20 21:13:29 +03:00
assign = None
if " = " in line :
assign = re . search ( r ''' \ .( \ w+) \ s*= \ s*( \ w+),? ''' , line )
2019-11-20 21:05:13 +03:00
if " } " in line :
2019-08-30 15:22:54 +03:00
intable = False
table = None
elif assign is not None :
api = assign . group ( 1 )
impl = assign . group ( 2 )
if ( impl != " NULL " and
api not in [ " no " , " name " ] and
table != " virStateDriver " ) :
if ( impl not in acls and
2020-06-16 11:39:12 +03:00
api not in permitted and
impl not in implpermitted ) :
2019-08-30 15:22:54 +03:00
print ( ( " %s : %d Missing ACL check in " +
" function ' %s ' for ' %s ' " ) %
( filename , lineno , impl , api ) ,
file = sys . stderr )
errs = True
if api in filteredmap and impl not in aclfilters :
print ( ( " %s : %d Missing ACL filter in " +
" function ' %s ' for ' %s ' " ) %
( filename , lineno , impl , api ) ,
file = sys . stderr )
errs = True
else :
2019-11-20 21:13:29 +03:00
m = None
if " Driver " in line :
m = re . search ( r ''' ^(?:static \ s+)?(vir(?: \ w+)?Driver) \ s+ ''' ,
line )
2019-08-30 15:22:54 +03:00
if m is not None :
name = m . group ( 1 )
if name not in [ " virNWFilterCallbackDriver " ,
" virNWFilterTechDriver " ,
" virDomainConfNWFilterDriver " ] :
intable = True
table = name
2019-11-20 21:05:13 +03:00
if " { " in line :
2019-08-30 15:22:54 +03:00
brace = brace + 1
2019-11-20 21:05:13 +03:00
if " } " in line :
2019-08-30 15:22:54 +03:00
brace = brace - 1
scripts/check-aclrules.py: check ACL for domain_driver.c ACL callers
This script works under two specific conditions. For each opened file,
search for all functions that has ACL calls and store them, and see
if there is a vir*DriverPtr struct declared in it. For each implementation
found, check if there is an ACL verification inside it, and error out if
none was found. The script also supports the concept of stub, where another
function takes the responsibility for the ACL call instead of the
original API.
Unfortunately this is not enough to cover the new scenario we have now,
with domain_driver.c containing helper functions that execute the ACL
calls. The script does not store state between files because, until now,
it wasn't needed to - APIs and stubs and vir*DriverPtr declarations were
always in the same file. Also, the script will not check for ACL in functions
that does not belong to a vir*DriverPtr interface. What we have now in
domain_driver.c breaks both assumptions: the functions are in a different
file, and there is no vir*DriverPtr being implemented in the file that
uses these functions.
This patch changes check-aclrules.py to accomodate this scenario. The helpers
that have ACL checks are stored beforehand in aclFuncHelpers, allowing other
files to use them to recognize a stub situation. In case the current file
being analyzed is domain_driver.c itself, we'll do a manual check using
aclFuncHelpers to verify that these functions indeed have ACL checks.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-02-02 23:44:34 +03:00
if aclHelperFileCheck :
for helper in aclFuncHelpers :
if helper not in acls :
print ( ( " %s : %d Missing ACL check in helper function ' %s ' " ) %
( filename , lineno , helper ) ,
file = sys . stderr )
errs = True
2019-08-30 15:22:54 +03:00
return errs
status = 0
for filename in sys . argv [ 2 : ] :
if process_file ( filename ) :
status = 1
sys . exit ( status )