The term "permitted list" is a better choice for the filtering logic applied. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- scripts/check-aclrules.py | 8 ++++---- scripts/check-file-access.py | 16 ++++++++-------- scripts/mock-noinline.py | 1 - tests/Makefile.am | 4 ++-- ...s_whitelist.txt => permitted_file_access.txt} | 6 +++--- 5 files changed, 17 insertions(+), 18 deletions(-) rename tests/{file_access_whitelist.txt => permitted_file_access.txt} (82%) diff --git a/scripts/check-aclrules.py b/scripts/check-aclrules.py index a1fa473174..2335e8cfdd 100755 --- a/scripts/check-aclrules.py +++ b/scripts/check-aclrules.py @@ -35,7 +35,7 @@ import re import sys -whitelist = { +permitted = { "connectClose": True, "connectIsEncrypted": True, "connectIsSecure": True, @@ -58,7 +58,7 @@ whitelist = { # XXX this vzDomainMigrateConfirm3Params looks # bogus - determine why it doesn't have a valid # ACL check. -implwhitelist = { +implpermitted = { "vzDomainMigrateConfirm3Params": True, } @@ -230,8 +230,8 @@ def process_file(filename): api not in ["no", "name"] and table != "virStateDriver"): if (impl not in acls and - api not in whitelist and - impl not in implwhitelist): + api not in permitted and + impl not in implpermitted): print(("%s:%d Missing ACL check in " + "function '%s' for '%s'") % (filename, lineno, impl, api), diff --git a/scripts/check-file-access.py b/scripts/check-file-access.py index dd39de2d79..aa120cafac 100755 --- a/scripts/check-file-access.py +++ b/scripts/check-file-access.py @@ -25,16 +25,16 @@ import re import sys if len(sys.argv) != 3: - print("syntax: %s ACCESS-FILE ACCESS-WHITELIST") + print("syntax: %s ACCESS-FILE PERMITTED-ACCESS-FILE") sys.exit(1) access_file = sys.argv[1] -whitelist_file = sys.argv[2] +permitted_file = sys.argv[2] known_actions = ["open", "fopen", "access", "stat", "lstat", "connect"] files = [] -whitelist = [] +permitted = [] with open(access_file, "r") as fh: for line in fh: @@ -52,7 +52,7 @@ with open(access_file, "r") as fh: else: raise Exception("Malformed line %s" % line) -with open(whitelist_file, "r") as fh: +with open(permitted_file, "r") as fh: for line in fh: line = line.rstrip("\n") @@ -70,7 +70,7 @@ with open(whitelist_file, "r") as fh: "progname": m.group(4), "testname": m.group(6), } - whitelist.append(rec) + permitted.append(rec) else: m = re.search(r'''^(\S*)(:\s*(\S*)(\s*:\s*(.*))?)?$''', line) if m is not None: @@ -81,18 +81,18 @@ with open(whitelist_file, "r") as fh: "progname": m.group(3), "testname": m.group(5), } - whitelist.append(rec) + permitted.append(rec) else: raise Exception("Malformed line %s" % line) -# Now we should check if %traces is included in $whitelist. For +# Now we should check if %traces is included in $permitted. For # now checking just keys is sufficient err = False for file in files: match = False - for rule in whitelist: + for rule in permitted: if not re.match("^" + rule["path"] + "$", file["path"]): continue diff --git a/scripts/mock-noinline.py b/scripts/mock-noinline.py index 4fc60c0be3..a8b7680c11 100644 --- a/scripts/mock-noinline.py +++ b/scripts/mock-noinline.py @@ -23,7 +23,6 @@ noninlined = {} mocked = {} # Functions in public header don't get the noinline annotation -# so whitelist them here noninlined["virEventAddTimeout"] = True # This one confuses the script as its defined in the mock file # but is actually just a local helper diff --git a/tests/Makefile.am b/tests/Makefile.am index 3505c40f42..65d1ceeefd 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -458,14 +458,14 @@ check-access: file-access-clean VIR_TEST_FILE_ACCESS=1 $(MAKE) $(AM_MAKEFLAGS) check $(RUNUTF8) $(PYTHON) $(top_srcdir)/scripts/check-file-access.py \ $(abs_builddir)/test_file_access.txt \ - $(abs_srcdir)/file_access_whitelist.txt | sort -u + $(abs_srcdir)/permitted_file_access.txt | sort -u file-access-clean: > test_file_access.txt endif WITH_LINUX EXTRA_DIST += \ - file_access_whitelist.txt + permitted_file_access.txt if WITH_TESTS noinst_PROGRAMS = $(test_programs) $(test_helpers) diff --git a/tests/file_access_whitelist.txt b/tests/permitted_file_access.txt similarity index 82% rename from tests/file_access_whitelist.txt rename to tests/permitted_file_access.txt index 5ec7ee63bb..52292d56be 100644 --- a/tests/file_access_whitelist.txt +++ b/tests/permitted_file_access.txt @@ -1,6 +1,6 @@ -# This is a whitelist that allows accesses to files not in our -# build directory nor source directory. The records are in the -# following formats: +# This is a list of files not in our build directory nor source +# directory which are permitted to be accessed by tests. The +# records are in the following formats: # # $path: $progname: $testname # $path: $action: $progname: $testname -- 2.24.1