[libvirt] [PATCH v5 17/23] tests: rewrite file access checker in Python

Daniel P. Berrangé posted 23 patches 5 years ago
There is a newer version of this series
[libvirt] [PATCH v5 17/23] tests: rewrite file access checker in Python
Posted by Daniel P. Berrangé 5 years ago
As part of an goal to eliminate Perl from libvirt build tools,
rewrite the check-file-access.pl tool in Python.

This was a straight conversion, manually going line-by-line to
change the syntax from Perl to Python. Thus the overall structure
of the file and approach is the same.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 Makefile.am                     |   1 +
 scripts/check-file-access.py    | 123 +++++++++++++++++++++++++++++++
 tests/Makefile.am               |   3 +-
 tests/check-file-access.pl      | 126 --------------------------------
 tests/file_access_whitelist.txt |   2 +-
 5 files changed, 126 insertions(+), 129 deletions(-)
 create mode 100755 scripts/check-file-access.py
 delete mode 100755 tests/check-file-access.pl

diff --git a/Makefile.am b/Makefile.am
index 769cd4ce64..19114069e3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -50,6 +50,7 @@ EXTRA_DIST = \
   scripts/check-aclrules.py \
   scripts/check-drivername.py \
   scripts/check-driverimpls.py \
+  scripts/check-file-access.py \
   scripts/check-remote-protocol.py \
   scripts/check-spacing.py \
   scripts/check-symfile.py \
diff --git a/scripts/check-file-access.py b/scripts/check-file-access.py
new file mode 100755
index 0000000000..cdcbf2666f
--- /dev/null
+++ b/scripts/check-file-access.py
@@ -0,0 +1,123 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2016-2019 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
+#
+# This script is supposed to check test_file_access.txt file and
+# warn about file accesses outside our working tree.
+#
+#
+
+from __future__ import print_function
+
+import re
+import sys
+
+access_file = "test_file_access.txt"
+whitelist_file = "file_access_whitelist.txt"
+
+known_actions = ["open", "fopen", "access", "stat", "lstat", "connect"]
+
+files = []
+whitelist = []
+
+with open(access_file, "r") as fh:
+    for line in fh:
+        line = line.rstrip("\n")
+
+        m = re.search(r'''^(\S*):\s*(\S*):\s*(\S*)(\s*:\s*(.*))?$''', line)
+        if m is not None:
+            rec = {
+                "path": m.group(1),
+                "action": m.group(2),
+                "progname": m.group(3),
+                "testname": m.group(5),
+            }
+            files.append(rec)
+        else:
+            raise Exception("Malformed line %s" % line)
+
+with open(whitelist_file, "r") as fh:
+    for line in fh:
+        line = line.rstrip("\n")
+
+        if re.search(r'''^\s*#.*$''', line):
+            continue  # comment
+        if line == "":
+            continue
+
+        m = re.search(r'''^(\S*):\s*(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
+        if m is not None and m.group(2) in known_actions:
+            # $path: $action: $progname: $testname
+            rec = {
+                "path": m.group(1),
+                "action": m.group(3),
+                "progname": m.group(4),
+                "testname": m.group(6),
+            }
+            whitelist.append(rec)
+        else:
+            m = re.search(r'''^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line)
+            if m is not None:
+                # $path: $progname: $testname
+                rec = {
+                    "path": m.group(1),
+                    "action": None,
+                    "progname": m.group(3),
+                    "testname": m.group(5),
+                }
+                whitelist.append(rec)
+            else:
+                raise Exception("Malformed line %s" % line)
+
+
+# Now we should check if %traces is included in $whitelist. For
+# now checking just keys is sufficient
+err = False
+for file in files:
+    match = False
+
+    for rule in whitelist:
+        if not re.search("^" + rule["path"], file["path"]):
+            continue
+
+        if (rule["action"] is not None and
+            not re.search("^" + rule["action"], file["action"])):
+            continue
+
+        if (rule["progname"] is not None and
+            not re.search("^" + rule["progname"], file["progname"])):
+            continue
+
+        if (rule["testname"] is not None and
+            file["testname"] is not None and
+            not re.search("^" + rule["testname"], file["testname"])):
+            continue
+
+        match = True
+
+    if not match:
+        err = True
+        print("%s: %s: %s" %
+              (file["path"], file["action"], file["progname"]),
+              file=sys.stderr, end="")
+        if file["testname"] is not None:
+            print(": %s" % file["testname"], file=sys.stderr, end="")
+        print("", file=sys.stderr)
+
+if err:
+    sys.exit(1)
+sys.exit(0)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9d9c582e42..c3bca26019 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -453,14 +453,13 @@ EXTRA_DIST += $(test_scripts)
 if WITH_LINUX
 check-access: file-access-clean
 	VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check
-	$(PERL) check-file-access.pl | sort -u
+	$(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-file-access.py | sort -u
 
 file-access-clean:
 	> test_file_access.txt
 endif WITH_LINUX
 
 EXTRA_DIST += \
-	check-file-access.pl \
 	file_access_whitelist.txt
 
 if WITH_TESTS
diff --git a/tests/check-file-access.pl b/tests/check-file-access.pl
deleted file mode 100755
index ea0b7a18a2..0000000000
--- a/tests/check-file-access.pl
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2016 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# This script is supposed to check test_file_access.txt file and
-# warn about file accesses outside our working tree.
-#
-#
-
-use strict;
-use warnings;
-
-my $access_file = "test_file_access.txt";
-my $whitelist_file = "file_access_whitelist.txt";
-
-my @known_actions = ("open", "fopen", "access", "stat", "lstat", "connect");
-
-my @files;
-my @whitelist;
-
-open FILE, "<", $access_file or die "Unable to open $access_file: $!";
-while (<FILE>) {
-    chomp;
-    if (/^(\S*):\s*(\S*):\s*(\S*)(\s*:\s*(.*))?$/) {
-        my %rec;
-        ${rec}{path} = $1;
-        ${rec}{action} = $2;
-        ${rec}{progname} = $3;
-        if (defined $5) {
-            ${rec}{testname} = $5;
-        }
-        push (@files, \%rec);
-    } else {
-        die "Malformed line $_";
-    }
-}
-close FILE;
-
-open FILE, "<", $whitelist_file or die "Unable to open $whitelist_file: $!";
-while (<FILE>) {
-    chomp;
-    if (/^\s*#.*$/) {
-        # comment
-    } elsif (/^(\S*):\s*(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/ and
-            grep /^$2$/, @known_actions) {
-        # $path: $action: $progname: $testname
-        my %rec;
-        ${rec}{path} = $1;
-        ${rec}{action} = $3;
-        if (defined $4) {
-            ${rec}{progname} = $4;
-        }
-        if (defined $6) {
-            ${rec}{testname} = $6;
-        }
-        push (@whitelist, \%rec);
-    } elsif (/^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$/) {
-        # $path: $progname: $testname
-        my %rec;
-        ${rec}{path} = $1;
-        if (defined $3) {
-            ${rec}{progname} = $3;
-        }
-        if (defined $5) {
-            ${rec}{testname} = $5;
-        }
-        push (@whitelist, \%rec);
-    } else {
-        die "Malformed line $_";
-    }
-}
-close FILE;
-
-# Now we should check if %traces is included in $whitelist. For
-# now checking just keys is sufficient
-my $error = 0;
-for my $file (@files) {
-    my $match = 0;
-
-    for my $rule (@whitelist) {
-        if (not %${file}{path} =~ m/^$rule->{path}$/) {
-            next;
-        }
-
-        if (defined %${rule}{action} and
-            not %${file}{action} =~ m/^$rule->{action}$/) {
-            next;
-        }
-
-        if (defined %${rule}{progname} and
-            not %${file}{progname} =~ m/^$rule->{progname}$/) {
-            next;
-        }
-
-        if (defined %${rule}{testname} and
-            defined %${file}{testname} and
-            not %${file}{testname} =~ m/^$rule->{testname}$/) {
-            next;
-        }
-
-        $match = 1;
-    }
-
-    if (not $match) {
-        $error = 1;
-        print "$file->{path}: $file->{action}: $file->{progname}";
-        print ": $file->{testname}" if defined %${file}{testname};
-        print "\n";
-    }
-}
-
-exit $error;
diff --git a/tests/file_access_whitelist.txt b/tests/file_access_whitelist.txt
index 3fb318cbab..5ec7ee63bb 100644
--- a/tests/file_access_whitelist.txt
+++ b/tests/file_access_whitelist.txt
@@ -5,7 +5,7 @@
 #  $path: $progname: $testname
 #  $path: $action: $progname: $testname
 #
-# All these variables are evaluated as perl RE. So to allow
+# All these variables are evaluated as python RE. So to allow
 # /dev/sda and /dev/sdb, you can just '/dev/sd[a-b]', or to allow
 # /proc/$pid/status you can '/proc/\d+/status' and so on.
 # Moreover, $action, $progname and $testname can be empty, in which
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v5 17/23] tests: rewrite file access checker in Python
Posted by Cole Robinson 5 years ago
On 11/11/19 9:38 AM, Daniel P. Berrangé wrote:
> As part of an goal to eliminate Perl from libvirt build tools,
> rewrite the check-file-access.pl tool in Python.
> 
> This was a straight conversion, manually going line-by-line to
> change the syntax from Perl to Python. Thus the overall structure
> of the file and approach is the same.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  Makefile.am                     |   1 +
>  scripts/check-file-access.py    | 123 +++++++++++++++++++++++++++++++
>  tests/Makefile.am               |   3 +-
>  tests/check-file-access.pl      | 126 --------------------------------
>  tests/file_access_whitelist.txt |   2 +-
>  5 files changed, 126 insertions(+), 129 deletions(-)
>  create mode 100755 scripts/check-file-access.py
>  delete mode 100755 tests/check-file-access.pl
> 

`make -C builddir check-access` fails like:

LC_ALL= LANG=C LC_CTYPE=en_US.UTF-8 /usr/bin/python3
/home/crobinso/src/libvirt/scripts/check-file-access.py | sort -u
Traceback (most recent call last):
  File "/home/crobinso/src/libvirt/scripts/check-file-access.py", line
53, in <module>
    with open(whitelist_file, "r") as fh:
FileNotFoundError: [Errno 2] No such file or directory:
'file_access_whitelist.txt'
make[1]: Leaving directory '/home/crobinso/src/libvirt/builddir/tests'
make: Leaving directory '/home/crobinso/src/libvirt/builddir'

- Cole

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v5 17/23] tests: rewrite file access checker in Python
Posted by Daniel P. Berrangé 4 years, 11 months ago
On Mon, Nov 18, 2019 at 02:11:33PM -0500, Cole Robinson wrote:
> On 11/11/19 9:38 AM, Daniel P. Berrangé wrote:
> > As part of an goal to eliminate Perl from libvirt build tools,
> > rewrite the check-file-access.pl tool in Python.
> > 
> > This was a straight conversion, manually going line-by-line to
> > change the syntax from Perl to Python. Thus the overall structure
> > of the file and approach is the same.
> > 
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> >  Makefile.am                     |   1 +
> >  scripts/check-file-access.py    | 123 +++++++++++++++++++++++++++++++
> >  tests/Makefile.am               |   3 +-
> >  tests/check-file-access.pl      | 126 --------------------------------
> >  tests/file_access_whitelist.txt |   2 +-
> >  5 files changed, 126 insertions(+), 129 deletions(-)
> >  create mode 100755 scripts/check-file-access.py
> >  delete mode 100755 tests/check-file-access.pl
> > 
> 
> `make -C builddir check-access` fails like:
> 
> LC_ALL= LANG=C LC_CTYPE=en_US.UTF-8 /usr/bin/python3
> /home/crobinso/src/libvirt/scripts/check-file-access.py | sort -u
> Traceback (most recent call last):
>   File "/home/crobinso/src/libvirt/scripts/check-file-access.py", line
> 53, in <module>
>     with open(whitelist_file, "r") as fh:
> FileNotFoundError: [Errno 2] No such file or directory:
> 'file_access_whitelist.txt'
> make[1]: Leaving directory '/home/crobinso/src/libvirt/builddir/tests'
> make: Leaving directory '/home/crobinso/src/libvirt/builddir'

Looks like this is unrelated to this patch - the original script
has the same flaw wrt VPATH builds, and indeed even the Makefile.am
is currently broken.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v5 17/23] tests: rewrite file access checker in Python
Posted by Michal Privoznik 4 years, 11 months ago
On 12/4/19 2:19 PM, Daniel P. Berrangé wrote:
> On Mon, Nov 18, 2019 at 02:11:33PM -0500, Cole Robinson wrote:
>> On 11/11/19 9:38 AM, Daniel P. Berrangé wrote:
>>> As part of an goal to eliminate Perl from libvirt build tools,
>>> rewrite the check-file-access.pl tool in Python.
>>>
>>> This was a straight conversion, manually going line-by-line to
>>> change the syntax from Perl to Python. Thus the overall structure
>>> of the file and approach is the same.
>>>
>>> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>>> ---
>>>   Makefile.am                     |   1 +
>>>   scripts/check-file-access.py    | 123 +++++++++++++++++++++++++++++++
>>>   tests/Makefile.am               |   3 +-
>>>   tests/check-file-access.pl      | 126 --------------------------------
>>>   tests/file_access_whitelist.txt |   2 +-
>>>   5 files changed, 126 insertions(+), 129 deletions(-)
>>>   create mode 100755 scripts/check-file-access.py
>>>   delete mode 100755 tests/check-file-access.pl
>>>
>>
>> `make -C builddir check-access` fails like:
>>
>> LC_ALL= LANG=C LC_CTYPE=en_US.UTF-8 /usr/bin/python3
>> /home/crobinso/src/libvirt/scripts/check-file-access.py | sort -u
>> Traceback (most recent call last):
>>    File "/home/crobinso/src/libvirt/scripts/check-file-access.py", line
>> 53, in <module>
>>      with open(whitelist_file, "r") as fh:
>> FileNotFoundError: [Errno 2] No such file or directory:
>> 'file_access_whitelist.txt'
>> make[1]: Leaving directory '/home/crobinso/src/libvirt/builddir/tests'
>> make: Leaving directory '/home/crobinso/src/libvirt/builddir'
> 
> Looks like this is unrelated to this patch - the original script
> has the same flaw wrt VPATH builds, and indeed even the Makefile.am
> is currently broken.

Yes, I guess it never worked with VPATH. Anyway, patch proposed here:

https://www.redhat.com/archives/libvir-list/2019-December/msg00204.html

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list