Call security context validators during action-set validation#190
Call security context validators during action-set validation#190resolvicomai wants to merge 1 commit into
Conversation
| (void)lib; | ||
| (void)bundle; | ||
| (void)action_set; | ||
| if (lib == NULL || bundle == NULL || action_set == NULL) |
There was a problem hiding this comment.
Prefer using the BSL_CHKFALSE macro, E.g. BSL_CHKFALSE(NULL != lib), etc.
| return lib != NULL && bundle != NULL && sec_oper != NULL; | ||
| } | ||
|
|
||
| bool BSLX_BCB_Validate(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper) |
There was a problem hiding this comment.
This PR did not introduce this issue, but this function should be moved to BCB_AES_GCM.c
| TEST_ASSERT_FALSE( | ||
| BSL_SecCtx_ValidatePolicyActionSet(&LocalTestCtx.bsl, &LocalTestCtx.mock_bpa_ctr.bundle_ref, &action_set)); | ||
| TEST_ASSERT_EQUAL_UINT(1, TestSecCtxValidateCallCount); | ||
| TEST_ASSERT_EQUAL_UINT64(1, TestSecCtxValidatedTarget); |
There was a problem hiding this comment.
TestSecCtxValidateResult seemingly unused / unverified after being set to false at top of the function.
| TEST_ASSERT_EQUAL(0, BSL_TestContext_Deinit(&LocalTestCtx)); | ||
| } | ||
|
|
||
| void test_SecurityContext_ValidatePolicyActionSet_UsesRegisteredValidator(void) |
There was a problem hiding this comment.
This test does properly verify changes! I think the scope of this could be increased for sec ctx execute too since such a test does not exist. As in, verify BSL_TestSecCtx_Execute with the call count & target as well.
There was a problem hiding this comment.
That case is essentially already exercised by the rest of the tests in this file, but I think an explicit simple test is still useful while we're at it with this one.
2 participants
Summary
BSL_SecCtx_ValidatePolicyActionSetCloses #184.
Validation
git diff --checkclang-format --style=file -i src/backend/SecurityContext.c src/security_context/BIB_HMAC_SHA2.c test/test_BackendSecurityContext.c./build.sh deps./build.sh prep -DBUILD_DOCS_API=OFF -DBUILD_DOCS_MAN=OFF -DBUILD_UNITTEST=ON -DBUILD_COVERAGE=OFF -DTEST_MEMCHECK=OFFcmake --build build/default --target src/CMakeFiles/bsl_dynamic.dir/backend/SecurityContext.c.ocmake --build build/default --target src/CMakeFiles/bsl_default_sc.dir/security_context/BIB_HMAC_SHA2.c.otest/test_BackendSecurityContext.cwith the generated CMake compile flagsFull local
./build.sh/test execution is blocked on macOS by existing unrelated build issues:tv_usecformat warnings promoted to errors, missing OpenSSL include path forbsl_crypto, and unresolvedbsl_frontsymbols. The modified production objects and new test source compile/syntax-check locally; CI should exercise the Linux matrix.