mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 17:34:18 +03:00
scripts: remove use of the term 'whitelist' from build helpers
The term "permitted list" is a better choice for the filtering logic applied. Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
d66181c84e
commit
d3475e71bc
@ -35,7 +35,7 @@
|
||||
import re
|
||||
import sys
|
||||
|
||||
whitelist = {
|
||||
permitted = {
|
||||
"connectClose": True,
|
||||
"connectIsEncrypted": True,
|
||||
"connectIsSecure": True,
|
||||
@ -58,7 +58,7 @@ whitelist = {
|
||||
# XXX this vzDomainMigrateConfirm3Params looks
|
||||
# bogus - determine why it doesn't have a valid
|
||||
# ACL check.
|
||||
implwhitelist = {
|
||||
implpermitted = {
|
||||
"vzDomainMigrateConfirm3Params": True,
|
||||
}
|
||||
|
||||
@ -230,8 +230,8 @@ def process_file(filename):
|
||||
api not in ["no", "name"] and
|
||||
table != "virStateDriver"):
|
||||
if (impl not in acls and
|
||||
api not in whitelist and
|
||||
impl not in implwhitelist):
|
||||
api not in permitted and
|
||||
impl not in implpermitted):
|
||||
print(("%s:%d Missing ACL check in " +
|
||||
"function '%s' for '%s'") %
|
||||
(filename, lineno, impl, api),
|
||||
|
@ -25,16 +25,16 @@ import re
|
||||
import sys
|
||||
|
||||
if len(sys.argv) != 3:
|
||||
print("syntax: %s ACCESS-FILE ACCESS-WHITELIST")
|
||||
print("syntax: %s ACCESS-FILE PERMITTED-ACCESS-FILE")
|
||||
sys.exit(1)
|
||||
|
||||
access_file = sys.argv[1]
|
||||
whitelist_file = sys.argv[2]
|
||||
permitted_file = sys.argv[2]
|
||||
|
||||
known_actions = ["open", "fopen", "access", "stat", "lstat", "connect"]
|
||||
|
||||
files = []
|
||||
whitelist = []
|
||||
permitted = []
|
||||
|
||||
with open(access_file, "r") as fh:
|
||||
for line in fh:
|
||||
@ -52,7 +52,7 @@ with open(access_file, "r") as fh:
|
||||
else:
|
||||
raise Exception("Malformed line %s" % line)
|
||||
|
||||
with open(whitelist_file, "r") as fh:
|
||||
with open(permitted_file, "r") as fh:
|
||||
for line in fh:
|
||||
line = line.rstrip("\n")
|
||||
|
||||
@ -70,7 +70,7 @@ with open(whitelist_file, "r") as fh:
|
||||
"progname": m.group(4),
|
||||
"testname": m.group(6),
|
||||
}
|
||||
whitelist.append(rec)
|
||||
permitted.append(rec)
|
||||
else:
|
||||
m = re.search(r'''^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
|
||||
if m is not None:
|
||||
@ -81,18 +81,18 @@ with open(whitelist_file, "r") as fh:
|
||||
"progname": m.group(3),
|
||||
"testname": m.group(5),
|
||||
}
|
||||
whitelist.append(rec)
|
||||
permitted.append(rec)
|
||||
else:
|
||||
raise Exception("Malformed line %s" % line)
|
||||
|
||||
|
||||
# Now we should check if %traces is included in $whitelist. For
|
||||
# Now we should check if %traces is included in $permitted. For
|
||||
# now checking just keys is sufficient
|
||||
err = False
|
||||
for file in files:
|
||||
match = False
|
||||
|
||||
for rule in whitelist:
|
||||
for rule in permitted:
|
||||
if not re.match("^" + rule["path"] + "$", file["path"]):
|
||||
continue
|
||||
|
||||
|
@ -23,7 +23,6 @@ noninlined = {}
|
||||
mocked = {}
|
||||
|
||||
# Functions in public header don't get the noinline annotation
|
||||
# so whitelist them here
|
||||
noninlined["virEventAddTimeout"] = True
|
||||
# This one confuses the script as its defined in the mock file
|
||||
# but is actually just a local helper
|
||||
|
@ -458,14 +458,14 @@ check-access: file-access-clean
|
||||
VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
|
||||
$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-file-access.py \
|
||||
$(abs_builddir)/test_file_access.txt \
|
||||
$(abs_srcdir)/file_access_whitelist.txt | sort -u
|
||||
$(abs_srcdir)/permitted_file_access.txt | sort -u
|
||||
|
||||
file-access-clean:
|
||||
> test_file_access.txt
|
||||
endif WITH_LINUX
|
||||
|
||||
EXTRA_DIST += \
|
||||
file_access_whitelist.txt
|
||||
permitted_file_access.txt
|
||||
|
||||
if WITH_TESTS
|
||||
noinst_PROGRAMS = $(test_programs) $(test_helpers)
|
||||
|
@ -1,6 +1,6 @@
|
||||
# This is a whitelist that allows accesses to files not in our
|
||||
# build directory nor source directory. The records are in the
|
||||
# following formats:
|
||||
# This is a list of files not in our build directory nor source
|
||||
# directory which are permitted to be accessed by tests. The
|
||||
# records are in the following formats:
|
||||
#
|
||||
# $path: $progname: $testname
|
||||
# $path: $action: $progname: $testname
|
Loading…
Reference in New Issue
Block a user