From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH v2 iptables-nft 3/3] xlate-test: avoid shell entanglements
Date: Tue, 29 Nov 2022 15:05:42 +0100 [thread overview]
Message-ID: <20221129140542.28311-4-fw@strlen.de> (raw)
In-Reply-To: <20221129140542.28311-1-fw@strlen.de>
Feed the nft expected output found in the .txlate test files to
nft -f via pipe/stdin directly without the shell mangling it.
The shell step isn't needed anymore because xtables-translate no longer
escapes quotes.
We only need to remove the "nft '" and trailing "'" because nft doesn't
expect those.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
new in v2.
xlate-test.py | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/xlate-test.py b/xlate-test.py
index f3fcd797af90..b93bf0547213 100755
--- a/xlate-test.py
+++ b/xlate-test.py
@@ -7,11 +7,11 @@ import shlex
import argparse
from subprocess import Popen, PIPE
-def run_proc(args, shell = False):
+def run_proc(args, shell = False, input = None):
"""A simple wrapper around Popen, returning (rc, stdout, stderr)"""
process = Popen(args, text = True, shell = shell,
- stdout = PIPE, stderr = PIPE)
- output, error = process.communicate()
+ stdin = PIPE, stdout = PIPE, stderr = PIPE)
+ output, error = process.communicate(input)
return (process.returncode, output, error)
keywords = ("iptables-translate", "ip6tables-translate", "ebtables-translate")
@@ -100,15 +100,15 @@ def test_one_replay(name, sourceline, expected, result):
fam = "ip6 "
elif srccmd.startswith("ebt"):
fam = "bridge "
+
+ expected = expected.removeprefix("nft '").removesuffix("'")
nft_input = [
"flush ruleset",
"add table " + fam + table_name,
- "add chain " + fam + table_name + " " + chain_name
- ] + [ l.removeprefix("nft ") for l in expected.split("\n") ]
+ "add chain " + fam + table_name + " " + chain_name,
+ ] + [ expected ]
- # feed input via the pipe to make sure the shell "does its thing"
- cmd = "echo \"" + "\n".join(nft_input) + "\" | " + args.nft + " -f -"
- rc, output, error = run_proc(cmd, shell = True)
+ rc, output, error = run_proc([args.nft, "-f", "-"], shell = False, input = "\n".join(nft_input))
if rc != 0:
result.append(name + ": " + red("Fail"))
result.append(args.nft + " call failed: " + error.rstrip('\n'))
--
2.37.4
next prev parent reply other threads:[~2022-11-29 14:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-29 14:05 [PATCH v2 iptables-nft 0/3] remove escape_quotes support Florian Westphal
2022-11-29 14:05 ` [PATCH v2 iptables-nft 1/3] xlate: get rid of escape_quotes Florian Westphal
2022-11-29 15:37 ` Phil Sutter
2022-11-30 7:47 ` Florian Westphal
2022-11-30 9:34 ` Phil Sutter
2022-11-29 14:05 ` [PATCH v2 iptables-nft 2/3] extensions: change expected output for new format Florian Westphal
2022-11-29 15:46 ` Phil Sutter
2022-11-30 8:00 ` Florian Westphal
2022-11-30 9:28 ` Phil Sutter
2022-11-29 14:05 ` Florian Westphal [this message]
2022-11-29 15:50 ` [PATCH v2 iptables-nft 3/3] xlate-test: avoid shell entanglements Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221129140542.28311-4-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).