Fix another part of #48, allow for flexible loading of sources - in s…

…uch a way that you can combine sources etc
twtiger · Aug 18, 2016 · bc7e6b7 · bc7e6b7
1 parent 0f0fcce
commit bc7e6b7
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 17 deletions.
diff --git a/parser/file.go b/parser/file.go
@@ -2,8 +2,6 @@ package parser
 
 import (
 	"fmt"
-	"io/ioutil"
-	"strings"
 
 	"github.com/twtiger/gosecco/tree"
 )
@@ -48,15 +46,18 @@ func parseLines(path string, lines []string) (tree.RawPolicy, error) {
 }
 
 // ParseFile will parse the given file and return a raw parse tree or the error generated
+// This function is deprecated and shouldn't be used in new code
 func ParseFile(path string) (tree.RawPolicy, error) {
-	file, err := ioutil.ReadFile(path)
-	if err != nil {
-		return tree.RawPolicy{}, err
-	}
-	return parseLines(path, strings.Split(string(file), "\n"))
+	return Parse(&FileSource{path})
 }
 
 // ParseString will parse the given string and return a raw parse tree or the error generated
+// This function is deprecated and shouldn't be used in new code
 func ParseString(str string) (tree.RawPolicy, error) {
-	return parseLines("<string>", strings.Split(string(str), "\n"))
+	return Parse(&StringSource{"<string>", str})
+}
+
+// Parse will parse the given Source and return a raw parse tree or the error generated
+func Parse(s Source) (tree.RawPolicy, error) {
+	return s.parse()
 }
diff --git a/parser/file_test.go b/parser/file_test.go
@@ -79,6 +79,38 @@ func (s *FileSuite) Test_ParseString(c *C) {
 		}})
 }
 
+func (s *FileSuite) Test_Parse_fromCombinedSource(c *C) {
+	source1 := &FileSource{getActualTestFolder() + "/simple_test_policy"}
+	source2 := &StringSource{"<tmp1>", "write: 43"}
+
+	rp, _ := Parse(CombineSources(source1, source2))
+	c.Assert(rp, DeepEquals, tree.RawPolicy{
+		RuleOrMacros: []interface{}{
+			tree.Macro{
+				Name:          "DEFAULT_POSITIVE",
+				ArgumentNames: nil,
+				Body:          tree.Variable{Name: "kill"}},
+			tree.Macro{
+				Name:          "something",
+				ArgumentNames: []string{"a"},
+				Body:          tree.Arithmetic{Op: 0, Left: tree.NumericLiteral{Value: 0x1}, Right: tree.Variable{Name: "a"}}},
+			tree.Macro{
+				Name:          "VAL",
+				ArgumentNames: nil,
+				Body:          tree.NumericLiteral{Value: 0x2a}},
+			tree.Rule{
+				Name:           "read",
+				PositiveAction: "",
+				NegativeAction: "",
+				Body:           tree.NumericLiteral{Value: 0x2a}},
+			tree.Rule{
+				Name:           "write",
+				PositiveAction: "",
+				NegativeAction: "",
+				Body:           tree.NumericLiteral{Value: 0x2b}},
+		}})
+}
+
 func (s *FileSuite) Test_ParseFile_failing(c *C) {
 	rp, ee := ParseFile(getActualTestFolder() + "/failing_test_policy")
 	c.Assert(rp.RuleOrMacros, IsNil)

diff --git a/seccomp.go b/seccomp.go
@@ -44,6 +44,7 @@ type SeccompSettings struct {
 	// up.
 	// If the path starts with the special marker InlineMarker, the rest of the string will
 	// be interpreted as an inline definition, not a path.
+	// ExtraDefinitions is softly deprecated - you should probably use parser.CombinedSources instead
 	ExtraDefinitions []string
 	// DefaultPositiveAction is the action to take when a syscall is matched, and the expression returns a positive result - and the rule
 	// doesn't have any specified custom actions.  It can be specified as one of "trap", "kill", "allow" or "trace". It can also be a number
@@ -69,11 +70,9 @@ type SeccompSettings struct {
 // specify it should be parsed as an inline string, not a path.
 const InlineMarker = "{inline}"
 
-// Prepare will take the given path and settings, parse and compile the given
+// PrepareSource will take the given source and settings, parse and compile the given
 // data, combined with the settings - and returns the bytecode
-// If path starts with the special marker InlineMarker, the rest of the string will
-// be interpreted as an inline definition, not a path.
-func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) {
+func PrepareSource(source parser.Source, s SeccompSettings) ([]unix.SockFilter, error) {
 	var e error
 	var rp tree.RawPolicy
 
@@ -96,11 +95,7 @@ func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) {
 	}
 
 	// Parsing
-	if strings.HasPrefix(path, InlineMarker) {
-		rp, e = parser.ParseString(strings.TrimPrefix(path, InlineMarker))
-	} else {
-		rp, e = parser.ParseFile(path)
-	}
+	rp, e = parser.Parse(source)
 	if e != nil {
 		return nil, e
 	}
@@ -130,6 +125,15 @@ func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) {
 	return compiler.Compile(pol)
 }
 
+// Prepare will take the given path and settings, parse and compile the given
+// data, combined with the settings - and returns the bytecode
+// If path starts with the special marker InlineMarker, the rest of the string will
+// be interpreted as an inline definition, not a path.
+// Prepare is now deprecated, and PrepareSource should be used instead
+func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) {
+	return PrepareSource(&parser.FileSource{path}, s)
+}
+
 // Compile provides the compatibility interface for gosecco - it has the same signature as
 // Compile from the go-seccomp package and should provide the same behavior.
 // However, the modern interface is through the Prepare function