RubyGems - foreman_openscap - Versions diffs - 4.1.2 → 4.3.2 - Mend

foreman_openscap 4.1.2 → 4.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

data/package.json ADDED Viewed

@@ -0,0 +1,48 @@
+{
+  "name": "foreman_openscap",
+  "version": "0.1.0",
+  "description": "Foreman plug-in for managing security compliance reports",
+  "main": "index.js",
+  "scripts": {
+    "lint": "tfm-lint --plugin -d /webpack",
+    "test": "tfm-test --plugin --config jest.config.js",
+    "test:watch": "tfm-test --plugin --watchAll --config jest.config.js",
+    "test:current": "tfm-test --plugin --watch --config jest.config.js",
+    "publish-coverage": "tfm-publish-coverage",
+    "stories": "tfm-stories --plugin",
+    "stories:build": "tfm-build-stories --plugin",
+    "create-react-component": "yo react-domain"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/theforeman/foreman_openscap.git"
+  },
+  "bugs": {
+    "url": "https://projects.theforeman.org/projects/foreman_openscap/issues"
+  },
+  "peerDependencies": {
+    "@theforeman/vendor": ">= 4.13.2"
+  },
+  "devDependencies": {
+    "@apollo/react-testing": "^4.0.0",
+    "@babel/core": "^7.7.0",
+    "@testing-library/dom": "^7.30.4",
+    "@testing-library/jest-dom": "^5.11.9",
+    "@testing-library/react": "^11.2.5",
+    "@testing-library/user-event": "^13.1.2",
+    "@theforeman/builder": "^8.4.1",
+    "@theforeman/eslint-plugin-foreman": "8.4.1",
+    "@theforeman/find-foreman": "^8.4.1",
+    "@theforeman/stories": "^8.4.1",
+    "@theforeman/test": "^8.4.1",
+    "@theforeman/vendor-dev": "^8.4.1",
+    "babel-eslint": "^10.0.3",
+    "eslint": "^6.7.2",
+    "jed": "^1.1.1",
+    "jest-svg-transformer": "^1.0.0",
+    "jest-transform-graphql": "^2.1.0",
+    "prettier": "^1.13.5",
+    "stylelint": "^9.3.0",
+    "stylelint-config-standard": "^18.0.0"
+  }
+}

data/test/factories/compliance_host_factory.rb CHANGED Viewed

@@ -16,4 +16,16 @@ FactoryBot.define do
     openscap_proxy { SmartProxy.unscoped.with_features('Openscap').first || FactoryBot.create(:openscap_proxy) }
     policies { [] }
   end
+  factory :oval_facet, :class => ForemanOpenscap::Host::OvalFacet
+  factory :oval_host, :class => Host::Managed do
+    sequence(:name) { |n| "host#{n}" }
+  end
+  factory :cve, :class => ForemanOpenscap::Cve do
+    sequence(:ref_id) { |n| "CVE-#{n}" }
+    sequence(:ref_url) { |n| "https://access.redhat.com/security/cve/CVE-#{n}" }
+    sequence(:definition_id) { |n| "oval:com.redhat.rhsa:def:202015#{n}" }
+  end
 end

data/test/factories/oval_content_factory.rb ADDED Viewed

@@ -0,0 +1,7 @@
+FactoryBot.define do
+  factory :oval_content, :class => ::ForemanOpenscap::OvalContent do |f|
+    f.sequence(:name) { |n| "oval_content_#{n}" }
+    f.original_filename { 'test-oval.xml' }
+    f.scap_file { '<xml>foo</xml>' }
+  end
+end

data/test/factories/oval_policy_factory.rb ADDED Viewed

@@ -0,0 +1,9 @@
+FactoryBot.define do
+  factory :oval_policy, :class => ::ForemanOpenscap::OvalPolicy do
+    sequence(:name) { |n| "policy#{n}" }
+    period { 'weekly' }
+    weekday { 'monday' }
+    day_of_month { nil }
+    cron_line { nil }
+  end
+end

data/test/files/oval_contents/ansible-2.9.oval.xml.bz2 ADDED Viewed

Binary file

data/test/fixtures/cve_fixtures.rb ADDED Viewed

@@ -0,0 +1,104 @@
+module ForemanOpenscap
+  class CveFixtures
+    def res_one(result_state = 'true')
+      init_result(
+        { "references" => [
+          { "ref_id" => "RHSA-2020:0215", "ref_url" => "https://access.redhat.com/errata/RHSA-2020:0215" },
+          { "ref_id" => "CVE-2019-16541", "ref_url" => "https://access.redhat.com/security/cve/CVE-2019-16541" },
+          { "ref_id" => "CVE-2020-14040", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-14040" },
+          { "ref_id" => "CVE-2020-14370", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-14370" },
+          { "ref_id" => "CVE-2020-15586", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-15586" },
+          { "ref_id" => "CVE-2020-16845", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-16845" },
+          { "ref_id" => "CVE-2020-2252", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2252" },
+          { "ref_id" => "CVE-2020-2254", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2254" },
+          { "ref_id" => "CVE-2020-2255", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2255" },
+          { "ref_id" => "CVE-2020-8564", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-8564" }
+        ] },
+        result_state,
+        "oval:com.redhat.rhsa:def:20201545"
+      )
+    end
+    def res_two(result_state = 'true')
+      init_result(
+        { "references" => [
+          { "ref_id" => "RHSA-2020:3601", "ref_url" => "https://access.redhat.com/errata/RHSA-2020:3601" },
+          { "ref_id" => "CVE-2020-2181", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2181" },
+          { "ref_id" => "CVE-2020-2182", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2182" },
+          { "ref_id" => "CVE-2020-2224", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2224" },
+          { "ref_id" => "CVE-2020-2225", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2225" },
+          { "ref_id" => "CVE-2020-2226", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2226" }
+        ] },
+        result_state,
+        "oval:com.redhat.rhsa:def:20201544"
+      )
+    end
+    def res_three(result_state = 'true')
+      init_result(
+        { "references" => [
+          { "ref_id" => "CVE-2019-17638", "ref_url" => "https://access.redhat.com/security/cve/CVE-2019-17638" },
+          { "ref_id" => "CVE-2020-2229", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2229" },
+          { "ref_id" => "CVE-2020-2230", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2230" },
+          { "ref_id" => "CVE-2020-2231", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2231" }
+        ] },
+        result_state,
+        "oval:com.redhat.rhsa:def:20201543"
+      )
+    end
+    def res_four(result_state = 'true')
+      init_result(
+        { "references" => [
+          { "ref_id" => "RHSA-2020:3601", "ref_url" => "https://access.redhat.com/errata/RHSA-2020:3601" },
+          { "ref_id" => "CVE-2019-17638", "ref_url" => "https://access.redhat.com/security/cve/CVE-2019-17638" },
+          { "ref_id" => "CVE-2020-2220", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2220" },
+          { "ref_id" => "CVE-2020-2221", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2221" },
+          { "ref_id" => "CVE-2020-2222", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2222" },
+          { "ref_id" => "CVE-2020-2223", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2223" },
+          { "ref_id" => "CVE-2020-2229", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2229" },
+          { "ref_id" => "CVE-2020-2230", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2230" },
+          { "ref_id" => "CVE-2020-2231", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2231" },
+          { "ref_id" => "CVE-2020-8557", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-8557" }
+        ] },
+        result_state,
+        "oval:com.redhat.rhsa:def:20201542"
+      )
+    end
+    def res_five(result_state = 'true')
+      init_result(
+        { "references" => [
+          { "ref_id" => "CVE-2020-2181", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2181" },
+          { "ref_id" => "CVE-2020-2182", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2182" },
+          { "ref_id" => "CVE-2020-2190", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2190" },
+          { "ref_id" => "CVE-2020-2224", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2224" },
+          { "ref_id" => "CVE-2020-2225", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2225" },
+          { "ref_id" => "CVE-2020-2226", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2226" }
+        ] },
+        result_state,
+        "oval:com.redhat.rhsa:def:20201541"
+      )
+    end
+    def one
+      [res_one, res_two, res_three, res_four, res_five]
+    end
+    def two
+      [res_one('false'), res_two, res_three('false')]
+    end
+    def ids_from(fixture)
+      fixture['references'].pluck('ref_id')
+    end
+    private
+    def init_result(data, result_state, definition_id)
+      data['result'] = result_state
+      data['definition_id'] = definition_id
+      data
+    end
+  end
+end

data/test/functional/api/v2/compliance/oval_contents_controller_test.rb ADDED Viewed

@@ -0,0 +1,39 @@
+require 'test_plugin_helper'
+require 'tempfile'
+class Api::V2::Compliance::OvalContentsControllerTest < ActionController::TestCase
+  test "should get index" do
+    FactoryBot.create(:oval_content)
+    get :index, :session => set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['results'].any?
+    assert_response :success
+  end
+  test "should create OVAL content" do
+    post :create, :params => { :oval_content => { :name => 'OVAL test', :scap_file => content_file } }, :session => set_session_user
+    assert_response :success
+  end
+  test "should update OVAL content" do
+    new_name = 'RHEL7 OVAL'
+    oval_content = FactoryBot.create(:oval_content)
+    put :update, :params => { :id => oval_content.id, :oval_content => { :name => new_name } }, :session => set_session_user
+    assert_response :success
+    assert oval_content.name, new_name
+  end
+  test "should destory OVAL content" do
+    oval_content = FactoryBot.create(:oval_content)
+    delete :destroy, :params => { :id => oval_content.id }, :session => set_session_user
+    assert_response :ok
+    refute ForemanOpenscap::OvalContent.exists?(oval_content.id)
+  end
+  def content_file
+    file = Tempfile.new('test')
+    file.write('<xml>test</xml>')
+    file.rewind
+    Rack::Test::UploadedFile.new(file, '')
+  end
+end

data/test/functional/api/v2/compliance/oval_policies_controller_test.rb ADDED Viewed

@@ -0,0 +1,141 @@
+require 'test_plugin_helper'
+require 'base64'
+class Api::V2::Compliance::OvalPoliciesControllerTest < ActionController::TestCase
+  setup do
+    @file = Base64.encode64(read_oval_content('ansible-2.9.oval.xml.bz2'))
+    oval_content = FactoryBot.create(:oval_content, :scap_file => @file)
+    @attributes = { :oval_policy => { :name => 'my_policy', :period => 'weekly', :weekday => 'friday', :oval_content_id => oval_content.id } }
+    @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
+    @policy = FactoryBot.create(:oval_policy, :oval_content => oval_content)
+  end
+  test "should get index of OVAL policies" do
+    get :index, :session => set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert !response['results'].empty?
+    assert_response :success
+  end
+  test "should show OVAL policy" do
+    get :show, :params => { :id => @policy.to_param }, :session => set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['name'], @policy.name
+    assert_response :success
+  end
+  test "should update OVAL policy" do
+    put :update, :params => { :id => @policy.id, :oval_policy => { :period => 'monthly', :day_of_month => 15 } }
+    updated_policy = ActiveSupport::JSON.decode(@response.body)
+    assert(updated_policy['period'], 'monthly')
+    assert_response :ok
+  end
+  test "should not update invalid OVAL policy" do
+    put :update, :params => { :id => @policy.id, :oval_policy => { :name => '' } }
+    assert_response :unprocessable_entity
+  end
+  test "should create OVAL policy" do
+    post :create, :params => @attributes, :session => set_session_user
+    assert_response :created
+  end
+  test "should not create invalid OVAL policy" do
+    post :create, :session => set_session_user
+    assert_response :unprocessable_entity
+  end
+  test "should destroy OVAL policy" do
+    delete :destroy, :params => { :id => @policy.id }, :session => set_session_user
+    assert_response :ok
+    refute ForemanOpenscap::OvalPolicy.exists?(@policy.id)
+  end
+  test "should return error when OVAL policy not found" do
+    get :show, :params => { :id => @policy.id + 1 }, :session => set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['error']
+    assert_response :missing
+  end
+  test "should assign policy to multiple hosts correctly" do
+    proxy = FactoryBot.create(:openscap_proxy)
+    host1 = FactoryBot.create(:compliance_host, :openscap_proxy => proxy)
+    host2 = FactoryBot.create(:compliance_host, :openscap_proxy => proxy)
+    setup_ansible
+    assert_empty host1.oval_policies
+    assert_empty host2.oval_policies
+    post :assign_hosts, :params => { :id => @policy.id, :host_ids => [host1, host2].pluck(:id) }, :session => set_session_user
+    assert_equal "OVAL policy successfully configured with hosts.", ActiveSupport::JSON.decode(@response.body)['message']
+    assert_equal 2, host1.lookup_values.count
+    server_value = @server_key.lookup_values.find_by :match => "fqdn=#{host1.name}"
+    port_value = @port_key.lookup_values.find_by :match => "fqdn=#{host1.name}"
+    assert_equal proxy.hostname, server_value.value
+    assert_equal proxy.port, port_value.value
+  end
+  test "should assign policy to multiple hostgroups correctly" do
+    proxy = FactoryBot.create(:openscap_proxy)
+    hg1 = FactoryBot.create(:hostgroup, :openscap_proxy => proxy)
+    hg2 = FactoryBot.create(:hostgroup, :openscap_proxy => proxy)
+    setup_ansible
+    assert_empty hg1.oval_policies
+    assert_empty hg2.oval_policies
+    post :assign_hostgroups, :params => { :id => @policy.id, :hostgroup_ids => [hg1, hg2].pluck(:id) }, :session => set_session_user
+    assert_equal "OVAL policy successfully configured with hostgroups.", ActiveSupport::JSON.decode(@response.body)['message']
+    assert_equal 2, hg1.lookup_values.count
+    server_value = @server_key.lookup_values.find_by :match => "hostgroup=#{hg1.name}"
+    port_value = @port_key.lookup_values.find_by :match => "hostgroup=#{hg1.name}"
+    assert_equal proxy.hostname, server_value.value
+    assert_equal proxy.port, port_value.value
+  end
+  test "should not assign policy to hostgroup without openscap proxy" do
+    hg = FactoryBot.create(:hostgroup)
+    setup_ansible
+    assert_empty hg.oval_policies
+    post :assign_hostgroups, :params => { :id => @policy.id, :hostgroup_ids => hg.id }, :session => set_session_user
+    res = ActiveSupport::JSON.decode(@response.body)['results'].first
+    assert_equal "Was Hostgroup configured successfully?", res['title']
+    assert_equal "fail", res['result']
+    assert_equal "Assign openscap_proxy to #{hg.name} before proceeding.", res['fail_message']
+    hg.reload
+    assert_empty hg.oval_policies
+  end
+  test "should not assign policy to hostgroup when ansible role not present" do
+    hg = FactoryBot.create(:hostgroup)
+    assert_empty hg.oval_policies
+    post :assign_hostgroups, :params => { :id => @policy.id, :hostgroup_ids => hg.id }, :session => set_session_user
+    res = ActiveSupport::JSON.decode(@response.body)['results'].first
+    assert_equal 'theforeman.foreman_scap_client Ansible Role not found, please import it before running this action again.', res['fail_message']
+    hg.reload
+    assert_empty hg.oval_policies
+  end
+  test "should show oval content" do
+    get :oval_content, :params => { :id => @policy.id }
+    assert response.body, @file
+  end
+  def setup_ansible
+    @ansible_role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
+    @port_key = FactoryBot.create(:ansible_variable, :key => @config.port_param, :ansible_role => @ansible_role)
+    @server_key = FactoryBot.create(:ansible_variable, :key => @config.server_param, :ansible_role => @ansible_role)
+    FactoryBot.create(:ansible_variable, :key => @config.policies_param, :ansible_role => @ansible_role)
+  end
+  def read_oval_content(file_name)
+    File.read "#{ForemanOpenscap::Engine.root}/test/files/oval_contents/#{file_name}"
+  end
+end

data/test/functional/api/v2/compliance/oval_reports_controller_test.rb ADDED Viewed

@@ -0,0 +1,32 @@
+require 'test_plugin_helper'
+class Api::V2::Compliance::OvalReportsControllerTest < ActionController::TestCase
+  setup do
+    @params = {
+      :oval_results => ForemanOpenscap::CveFixtures.new.one,
+      :oval_policy_id => 5,
+      :date => Time.now.to_i
+    }
+  end
+  test 'should accept new CVEs for host' do
+    host = FactoryBot.create(:host)
+    post :create, :params => @params.merge(:cname => host.name), :session => set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert_equal 'ok', response['result']
+    assert_response :success
+  end
+  test 'should show host errors on CVEs upload' do
+    proxy = FactoryBot.create(:smart_proxy)
+    host = FactoryBot.create(:host, :puppet_proxy => proxy, :environment => FactoryBot.create(:environment))
+    SmartProxy.any_instance.stubs(:smart_proxy_features).returns([])
+    post :create, :params => @params.merge(:cname => host.name), :session => set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert_equal 'fail', response['result']
+    refute response['errors'].empty?
+    assert_response :unprocessable_entity
+  end
+end

data/test/graphql/queries/oval_contents_query_test.rb ADDED Viewed

@@ -0,0 +1,35 @@
+require 'test_plugin_helper'
+module Queries
+  class OvalContentsQueryTest < GraphQLQueryTestCase
+    let(:query) do
+      <<-GRAPHQL
+      query {
+        ovalContents {
+          totalCount
+          nodes {
+            id
+            name
+          }
+        }
+      }
+      GRAPHQL
+    end
+    let(:data) { result['data']['ovalContents'] }
+    setup do
+      FactoryBot.create_list(:oval_content, 2)
+    end
+    test 'should fetch oval contentes' do
+      assert_empty result['errors']
+      expected_count = ForemanOpenscap::OvalContent.count
+      assert_not_equal 0, expected_count
+      assert_equal expected_count, data['totalCount']
+      assert_equal expected_count, data['nodes'].count
+    end
+  end
+end