diff --git a/parser/file.go b/parser/file.go index 0856bed..0918a68 100644 --- a/parser/file.go +++ b/parser/file.go @@ -2,8 +2,6 @@ package parser import ( "fmt" - "io/ioutil" - "strings" "github.com/twtiger/gosecco/tree" ) @@ -48,15 +46,18 @@ func parseLines(path string, lines []string) (tree.RawPolicy, error) { } // ParseFile will parse the given file and return a raw parse tree or the error generated +// This function is deprecated and shouldn't be used in new code func ParseFile(path string) (tree.RawPolicy, error) { - file, err := ioutil.ReadFile(path) - if err != nil { - return tree.RawPolicy{}, err - } - return parseLines(path, strings.Split(string(file), "\n")) + return Parse(&FileSource{path}) } // ParseString will parse the given string and return a raw parse tree or the error generated +// This function is deprecated and shouldn't be used in new code func ParseString(str string) (tree.RawPolicy, error) { - return parseLines("", strings.Split(string(str), "\n")) + return Parse(&StringSource{"", str}) +} + +// Parse will parse the given Source and return a raw parse tree or the error generated +func Parse(s Source) (tree.RawPolicy, error) { + return s.parse() } diff --git a/parser/file_test.go b/parser/file_test.go index eee7161..809678a 100644 --- a/parser/file_test.go +++ b/parser/file_test.go @@ -79,6 +79,38 @@ func (s *FileSuite) Test_ParseString(c *C) { }}) } +func (s *FileSuite) Test_Parse_fromCombinedSource(c *C) { + source1 := &FileSource{getActualTestFolder() + "/simple_test_policy"} + source2 := &StringSource{"", "write: 43"} + + rp, _ := Parse(CombineSources(source1, source2)) + c.Assert(rp, DeepEquals, tree.RawPolicy{ + RuleOrMacros: []interface{}{ + tree.Macro{ + Name: "DEFAULT_POSITIVE", + ArgumentNames: nil, + Body: tree.Variable{Name: "kill"}}, + tree.Macro{ + Name: "something", + ArgumentNames: []string{"a"}, + Body: tree.Arithmetic{Op: 0, Left: tree.NumericLiteral{Value: 0x1}, Right: tree.Variable{Name: "a"}}}, + tree.Macro{ + Name: "VAL", + ArgumentNames: nil, + Body: tree.NumericLiteral{Value: 0x2a}}, + tree.Rule{ + Name: "read", + PositiveAction: "", + NegativeAction: "", + Body: tree.NumericLiteral{Value: 0x2a}}, + tree.Rule{ + Name: "write", + PositiveAction: "", + NegativeAction: "", + Body: tree.NumericLiteral{Value: 0x2b}}, + }}) +} + func (s *FileSuite) Test_ParseFile_failing(c *C) { rp, ee := ParseFile(getActualTestFolder() + "/failing_test_policy") c.Assert(rp.RuleOrMacros, IsNil) diff --git a/seccomp.go b/seccomp.go index ce7c82b..bd81f6b 100644 --- a/seccomp.go +++ b/seccomp.go @@ -44,6 +44,7 @@ type SeccompSettings struct { // up. // If the path starts with the special marker InlineMarker, the rest of the string will // be interpreted as an inline definition, not a path. + // ExtraDefinitions is softly deprecated - you should probably use parser.CombinedSources instead ExtraDefinitions []string // DefaultPositiveAction is the action to take when a syscall is matched, and the expression returns a positive result - and the rule // doesn't have any specified custom actions. It can be specified as one of "trap", "kill", "allow" or "trace". It can also be a number @@ -69,11 +70,9 @@ type SeccompSettings struct { // specify it should be parsed as an inline string, not a path. const InlineMarker = "{inline}" -// Prepare will take the given path and settings, parse and compile the given +// PrepareSource will take the given source and settings, parse and compile the given // data, combined with the settings - and returns the bytecode -// If path starts with the special marker InlineMarker, the rest of the string will -// be interpreted as an inline definition, not a path. -func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) { +func PrepareSource(source parser.Source, s SeccompSettings) ([]unix.SockFilter, error) { var e error var rp tree.RawPolicy @@ -96,11 +95,7 @@ func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) { } // Parsing - if strings.HasPrefix(path, InlineMarker) { - rp, e = parser.ParseString(strings.TrimPrefix(path, InlineMarker)) - } else { - rp, e = parser.ParseFile(path) - } + rp, e = parser.Parse(source) if e != nil { return nil, e } @@ -130,6 +125,15 @@ func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) { return compiler.Compile(pol) } +// Prepare will take the given path and settings, parse and compile the given +// data, combined with the settings - and returns the bytecode +// If path starts with the special marker InlineMarker, the rest of the string will +// be interpreted as an inline definition, not a path. +// Prepare is now deprecated, and PrepareSource should be used instead +func Prepare(path string, s SeccompSettings) ([]unix.SockFilter, error) { + return PrepareSource(&parser.FileSource{path}, s) +} + // Compile provides the compatibility interface for gosecco - it has the same signature as // Compile from the go-seccomp package and should provide the same behavior. // However, the modern interface is through the Prepare function