diff options
| author | Florian Westphal <fw@strlen.de> | 2022-11-30 10:31:54 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2022-11-30 20:26:32 +0100 |
| commit | fb421f13ff411fa83467bae5283194a0a583cf38 (patch) | |
| tree | bb652056eff2d08c4142627e9de475aafa994647 | |
| parent | 09d63e818ae0d9a09b3f665b14668beef85c47e9 (diff) | |
xlate-test: avoid shell entanglements
Feed the nft expected output found in the .txlate test files to
nft -f via pipe/stdin directly without the shell mangling it.
The shell step isn't needed anymore because xtables-translate no longer
escapes quotes.
We only need to remove the "nft '" and trailing "'" because nft doesn't
expect those.
v3: handle multi-line expectations such as libxt_connlimmit.txlate (Phil Sutter)
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
| -rwxr-xr-x | xlate-test.py | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/xlate-test.py b/xlate-test.py index f3fcd797..6513b314 100755 --- a/xlate-test.py +++ b/xlate-test.py @@ -7,11 +7,11 @@ import shlex import argparse from subprocess import Popen, PIPE -def run_proc(args, shell = False): +def run_proc(args, shell = False, input = None): """A simple wrapper around Popen, returning (rc, stdout, stderr)""" process = Popen(args, text = True, shell = shell, - stdout = PIPE, stderr = PIPE) - output, error = process.communicate() + stdin = PIPE, stdout = PIPE, stderr = PIPE) + output, error = process.communicate(input) return (process.returncode, output, error) keywords = ("iptables-translate", "ip6tables-translate", "ebtables-translate") @@ -100,15 +100,15 @@ def test_one_replay(name, sourceline, expected, result): fam = "ip6 " elif srccmd.startswith("ebt"): fam = "bridge " + + expected = [ l.removeprefix("nft ").strip(" '") for l in expected.split("\n") ] nft_input = [ "flush ruleset", "add table " + fam + table_name, - "add chain " + fam + table_name + " " + chain_name - ] + [ l.removeprefix("nft ") for l in expected.split("\n") ] + "add chain " + fam + table_name + " " + chain_name, + ] + expected - # feed input via the pipe to make sure the shell "does its thing" - cmd = "echo \"" + "\n".join(nft_input) + "\" | " + args.nft + " -f -" - rc, output, error = run_proc(cmd, shell = True) + rc, output, error = run_proc([args.nft, "-f", "-"], shell = False, input = "\n".join(nft_input)) if rc != 0: result.append(name + ": " + red("Fail")) result.append(args.nft + " call failed: " + error.rstrip('\n')) @@ -130,7 +130,7 @@ def test_one_replay(name, sourceline, expected, result): output = l break result.append(name + ": " + red("Replay fail")) - result.append(magenta("src: '") + expected + "'") + result.append(magenta("src: '") + str(expected) + "'") result.append(magenta("exp: '") + searchline + "'") for l in output.split('\n'): result.append(magenta("res: ") + l) |