From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH v2 iptables-nft 3/3] xlate-test: avoid shell entanglements
Date: Tue, 29 Nov 2022 15:05:42 +0100 [thread overview]
Message-ID: <20221129140542.28311-4-fw@strlen.de> (raw)
In-Reply-To: <20221129140542.28311-1-fw@strlen.de>
Feed the nft expected output found in the .txlate test files to
nft -f via pipe/stdin directly without the shell mangling it.
The shell step isn't needed anymore because xtables-translate no longer
escapes quotes.
We only need to remove the "nft '" and trailing "'" because nft doesn't
expect those.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
new in v2.
xlate-test.py | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/xlate-test.py b/xlate-test.py
index f3fcd797af90..b93bf0547213 100755
--- a/xlate-test.py
+++ b/xlate-test.py
@@ -7,11 +7,11 @@ import shlex
import argparse
from subprocess import Popen, PIPE
-def run_proc(args, shell = False):
+def run_proc(args, shell = False, input = None):
"""A simple wrapper around Popen, returning (rc, stdout, stderr)"""
process = Popen(args, text = True, shell = shell,
- stdout = PIPE, stderr = PIPE)
- output, error = process.communicate()
+ stdin = PIPE, stdout = PIPE, stderr = PIPE)
+ output, error = process.communicate(input)
return (process.returncode, output, error)
keywords = ("iptables-translate", "ip6tables-translate", "ebtables-translate")
@@ -100,15 +100,15 @@ def test_one_replay(name, sourceline, expected, result):
fam = "ip6 "
elif srccmd.startswith("ebt"):
fam = "bridge "
+
+ expected = expected.removeprefix("nft '").removesuffix("'")
nft_input = [
"flush ruleset",
"add table " + fam + table_name,
- "add chain " + fam + table_name + " " + chain_name
- ] + [ l.removeprefix("nft ") for l in expected.split("\n") ]
+ "add chain " + fam + table_name + " " + chain_name,
+ ] + [ expected ]
- # feed input via the pipe to make sure the shell "does its thing"
- cmd = "echo \"" + "\n".join(nft_input) + "\" | " + args.nft + " -f -"
- rc, output, error = run_proc(cmd, shell = True)
+ rc, output, error = run_proc([args.nft, "-f", "-"], shell = False, input = "\n".join(nft_input))
if rc != 0:
result.append(name + ": " + red("Fail"))
result.append(args.nft + " call failed: " + error.rstrip('\n'))
--
2.37.4
next prev parent reply other threads:[~2022-11-29 14:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-29 14:05 [PATCH v2 iptables-nft 0/3] remove escape_quotes support Florian Westphal
2022-11-29 14:05 ` [PATCH v2 iptables-nft 1/3] xlate: get rid of escape_quotes Florian Westphal
2022-11-29 15:37 ` Phil Sutter
2022-11-30 7:47 ` Florian Westphal
2022-11-30 9:34 ` Phil Sutter
2022-11-29 14:05 ` [PATCH v2 iptables-nft 2/3] extensions: change expected output for new format Florian Westphal
2022-11-29 15:46 ` Phil Sutter
2022-11-30 8:00 ` Florian Westphal
2022-11-30 9:28 ` Phil Sutter
2022-11-29 14:05 ` Florian Westphal [this message]
2022-11-29 15:50 ` [PATCH v2 iptables-nft 3/3] xlate-test: avoid shell entanglements Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221129140542.28311-4-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.