Clarify unknown part message on rule parse (#845)

Clarifies the unknown subject|object messages from the parser. Closes #802
ctc-oss · Apr 10, 2023 · c9eb33d · c9eb33d
1 parent 13b170b
commit c9eb33d
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 4 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/rules/Cargo.toml b/crates/rules/Cargo.toml
@@ -2,14 +2,15 @@
 name = "fapolicy-rules"
 description = "Rule support for fapolicyd"
 license = "MPL-2.0"
-version = "0.4.3"
+version = "0.4.4"
 edition = "2018"
 
 [lib]
 path = "src/lib.rs"
 
 [dev-dependencies]
 tempfile = "3.3"
+assert_matches = "1.5"
 
 [dependencies]
 nom = "7.1"

diff --git a/crates/rules/src/parser/error.rs b/crates/rules/src/parser/error.rs
@@ -66,7 +66,8 @@ impl Display for RuleParseError<Trace<&str>> {
             MissingSubject(_) => f.write_str("Missing Subject"),
             MissingObject(_) => f.write_str("Expected Object"),
             MissingBothSubjObj(_) => f.write_str("Missing Subject and Object"),
-            UnknownSubjectPart(_) | UnknownObjectPart(_) => f.write_str("Expected one of ....."),
+            UnknownSubjectPart(_) => f.write_str("Unrecognized Subject keyword"),
+            UnknownObjectPart(_) => f.write_str("Unrecognized Object keyword"),
             SubjectPartExpected(_) => f.write_str("Expected a Subject part"),
             ObjectPartExpected(_) => f.write_str("Expected an Object part"),
             ExpectedInt(_) => f.write_str("Expected integer value"),

diff --git a/crates/rules/src/parser/object.rs b/crates/rules/src/parser/object.rs
@@ -73,6 +73,7 @@ pub(crate) fn parse(i: StrTrace) -> TraceResult<Object> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use assert_matches::assert_matches;
 
     #[test]
     fn parse_obj_part() {
@@ -97,4 +98,16 @@ mod tests {
             parse("trust=1 all".into()).ok().unwrap().1
         );
     }
+
+    #[test]
+    fn unknown_part() {
+        assert_matches!(
+            obj_part("dir=/tmp".into()).ok().map(|f| f.1),
+            Some(ObjPart::Dir(_))
+        );
+        assert_matches!(
+            obj_part("foo=/tmp".into()).err(),
+            Some(nom::Err::Error(UnknownObjectPart(_)))
+        );
+    }
 }
diff --git a/crates/rules/src/parser/subject.rs b/crates/rules/src/parser/subject.rs
@@ -81,6 +81,7 @@ pub(crate) fn parse(i: StrTrace) -> TraceResult<Subject> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use assert_matches::assert_matches;
 
     #[test]
     fn parse_subj_part() {
@@ -91,4 +92,16 @@ mod tests {
         );
         assert_eq!(SubjPart::Gid(0), subj_part("gid=0".into()).ok().unwrap().1);
     }
+
+    #[test]
+    fn unknown_part() {
+        assert_matches!(
+            subj_part("uid=1".into()).ok().map(|f| f.1),
+            Some(SubjPart::Uid(_))
+        );
+        assert_matches!(
+            subj_part("foo=bar".into()).err(),
+            Some(nom::Err::Error(UnknownSubjectPart(_)))
+        );
+    }
 }
diff --git a/crates/rules/tests/write.rs b/crates/rules/tests/write.rs
@@ -21,8 +21,8 @@ fn test_file() -> Result<(), Box<dyn Error>> {
     let db = read::deserialize_rules_db(expected)?;
     let file = NamedTempFile::new()?;
 
-    write::db(&db, &file.path().to_path_buf())?;
-    let actual = read_string(&file.path().to_path_buf())?;
+    write::db(&db, file.path())?;
+    let actual = read_string(file.path())?;
     assert_eq!(expected, actual.trim());
 
     Ok(())

diff --git a/fapolicy-analyzer.spec b/fapolicy-analyzer.spec
@@ -22,6 +22,7 @@ BuildRequires: desktop-file-utils
 BuildRequires: rust-packaging
 BuildRequires: python3dist(setuptools-rust)
 
+BuildRequires: rust-assert_matches-devel
 BuildRequires: rust-autocfg-devel
 BuildRequires: rust-bitflags-devel
 BuildRequires: rust-bumpalo-devel