foreman_openscap 4.1.3 → 4.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/stylesheets/foreman_openscap/policy.css +5 -0
- data/app/controllers/api/v2/compliance/oval_contents_controller.rb +72 -0
- data/app/controllers/api/v2/compliance/oval_policies_controller.rb +111 -0
- data/app/controllers/api/v2/compliance/oval_reports_controller.rb +47 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb +22 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb +22 -0
- data/app/controllers/concerns/foreman_openscap/hosts_controller_extensions.rb +1 -1
- data/app/graphql/types/cve.rb +17 -0
- data/app/graphql/types/oval_content.rb +17 -0
- data/app/graphql/types/oval_policy.rb +21 -0
- data/app/helpers/arf_reports_helper.rb +7 -24
- data/app/helpers/policies_helper.rb +4 -17
- data/app/mailers/foreman_openscap/policy_mailer.rb +2 -2
- data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb +1 -1
- data/app/models/concerns/foreman_openscap/data_stream_content.rb +0 -17
- data/app/models/concerns/foreman_openscap/host_extensions.rb +11 -11
- data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb +3 -5
- data/app/models/concerns/foreman_openscap/inherited_policies.rb +11 -0
- data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb +38 -0
- data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb +15 -0
- data/app/models/concerns/foreman_openscap/policy_common.rb +75 -0
- data/app/models/concerns/foreman_openscap/scap_file_content.rb +24 -0
- data/app/models/foreman_openscap/arf_report.rb +2 -2
- data/app/models/foreman_openscap/cve.rb +23 -0
- data/app/models/foreman_openscap/host/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/host_cve.rb +7 -0
- data/app/models/foreman_openscap/hostgroup/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_content.rb +26 -0
- data/app/models/foreman_openscap/oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_policy.rb +54 -0
- data/app/models/foreman_openscap/oval_status.rb +45 -0
- data/app/models/foreman_openscap/policy.rb +10 -73
- data/app/models/foreman_openscap/scap_content.rb +1 -0
- data/app/models/foreman_openscap/tailoring_file.rb +1 -0
- data/app/services/foreman_openscap/client_config/ansible.rb +39 -6
- data/app/services/foreman_openscap/client_config/base.rb +5 -1
- data/app/services/foreman_openscap/client_config/puppet.rb +2 -1
- data/app/services/foreman_openscap/config_name_service.rb +1 -1
- data/app/services/foreman_openscap/hostgroup_overrider.rb +2 -24
- data/app/services/foreman_openscap/hostgroup_overrider_common.rb +28 -0
- data/app/services/foreman_openscap/lookup_key_overrider.rb +30 -62
- data/app/services/foreman_openscap/lookup_key_overrides_common.rb +63 -0
- data/app/services/foreman_openscap/oval/check_collection.rb +45 -0
- data/app/services/foreman_openscap/oval/configure.rb +80 -0
- data/app/services/foreman_openscap/oval/cves.rb +41 -0
- data/app/services/foreman_openscap/oval/setup.rb +93 -0
- data/app/services/foreman_openscap/oval/setup_check.rb +55 -0
- data/app/services/foreman_openscap/oval/sync_oval_contents.rb +42 -0
- data/app/views/api/v2/compliance/oval_contents/base.json.rabl +6 -0
- data/app/views/api/v2/compliance/oval_contents/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/destroy.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl +11 -0
- data/app/views/api/v2/compliance/oval_contents/update.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/main.json.rabl +15 -0
- data/app/views/api/v2/compliance/oval_policies/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/policies/base.json.rabl +2 -2
- data/app/views/api/v2/compliance/policies_common/_attrs.json.rabl +2 -0
- data/app/views/arf_reports/_output.html.erb +9 -1
- data/app/views/arf_reports/show.html.erb +1 -1
- data/app/views/arf_reports/show_html.html.erb +1 -0
- data/app/views/compliance_hosts/show.html.erb +1 -8
- data/app/views/job_templates/run_oval_scans.erb +24 -0
- data/app/views/policies/edit.html.erb +3 -2
- data/app/views/policies/show.html.erb +3 -1
- data/app/views/policies/steps/_deployment_options_form.html.erb +2 -2
- data/app/views/scap_contents/edit.html.erb +2 -12
- data/app/views/tailoring_files/edit.html.erb +2 -10
- data/config/initializers/inflections.rb +12 -0
- data/config/routes.rb +19 -0
- data/db/migrate/20201019074925_create_oval_policy.rb +13 -0
- data/db/migrate/20201020113801_create_oval_facet.rb +14 -0
- data/db/migrate/20201021084109_create_hostgroup_oval_facet.rb +14 -0
- data/db/migrate/20201106080924_create_oval_content.rb +12 -0
- data/db/migrate/20201116110256_add_oval_content_to_oval_policy.rb +5 -0
- data/db/migrate/20201120080329_create_cves.rb +13 -0
- data/db/migrate/20201217130800_add_has_errata_to_cve.rb +8 -0
- data/db/migrate/20201217161511_add_url_to_oval_content.rb +5 -0
- data/db/migrate/20210409095625_add_oval_policy_reference_to_cve.rb +7 -0
- data/db/seeds.d/75-job_templates.rb +3 -2
- data/lib/foreman_openscap/bulk_upload.rb +2 -2
- data/lib/foreman_openscap/engine.rb +67 -9
- data/lib/foreman_openscap/version.rb +1 -1
- data/lib/tasks/foreman_openscap_tasks.rake +14 -9
- data/locale/de/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/de/foreman_openscap.edit.po +0 -0
- data/locale/de/foreman_openscap.po +215 -17
- data/locale/en_GB/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/en_GB/foreman_openscap.edit.po +0 -0
- data/locale/en_GB/foreman_openscap.po +213 -15
- data/locale/es/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/es/foreman_openscap.edit.po +0 -0
- data/locale/es/foreman_openscap.po +239 -41
- data/locale/foreman_openscap.pot +395 -112
- data/locale/fr/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/fr/foreman_openscap.edit.po +0 -0
- data/locale/fr/foreman_openscap.po +243 -45
- data/locale/gl/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/gl/foreman_openscap.edit.po +0 -0
- data/locale/gl/foreman_openscap.po +213 -15
- data/locale/it/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/it/foreman_openscap.edit.po +0 -0
- data/locale/it/foreman_openscap.po +213 -15
- data/locale/ja/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ja/foreman_openscap.edit.po +0 -0
- data/locale/ja/foreman_openscap.po +262 -66
- data/locale/ko/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ko/foreman_openscap.edit.po +0 -0
- data/locale/ko/foreman_openscap.po +214 -16
- data/locale/pt_BR/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/pt_BR/foreman_openscap.edit.po +0 -0
- data/locale/pt_BR/foreman_openscap.po +252 -54
- data/locale/ru/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ru/foreman_openscap.edit.po +0 -0
- data/locale/ru/foreman_openscap.po +214 -16
- data/locale/sv_SE/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/sv_SE/foreman_openscap.edit.po +0 -0
- data/locale/sv_SE/foreman_openscap.po +213 -15
- data/locale/zh_CN/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_CN/foreman_openscap.edit.po +0 -0
- data/locale/zh_CN/foreman_openscap.po +369 -169
- data/locale/zh_TW/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_TW/foreman_openscap.edit.po +0 -0
- data/locale/zh_TW/foreman_openscap.po +214 -16
- data/package.json +48 -0
- data/test/factories/compliance_host_factory.rb +12 -0
- data/test/factories/oval_content_factory.rb +7 -0
- data/test/factories/oval_policy_factory.rb +9 -0
- data/test/files/oval_contents/ansible-2.9.oval.xml.bz2 +0 -0
- data/test/fixtures/cve_fixtures.rb +104 -0
- data/test/functional/api/v2/compliance/oval_contents_controller_test.rb +39 -0
- data/test/functional/api/v2/compliance/oval_policies_controller_test.rb +141 -0
- data/test/functional/api/v2/compliance/oval_reports_controller_test.rb +32 -0
- data/test/graphql/queries/oval_contents_query_test.rb +35 -0
- data/test/graphql/queries/oval_policies_query_test.rb +35 -0
- data/test/test_plugin_helper.rb +4 -0
- data/test/unit/oval_host_test.rb +45 -0
- data/test/unit/oval_policy_test.rb +133 -0
- data/test/unit/oval_status_test.rb +47 -0
- data/test/unit/services/oval/cves_test.rb +81 -0
- data/test/unit/services/oval/setup_test.rb +87 -0
- data/webpack/components/EmptyState.js +67 -0
- data/webpack/components/IndexLayout.js +35 -0
- data/webpack/components/IndexLayout.scss +3 -0
- data/webpack/components/IndexTable/IndexTableHelper.js +9 -0
- data/webpack/components/IndexTable/index.js +65 -0
- data/webpack/components/RuleSeverity/RuleSeverity.scss +3 -0
- data/webpack/components/RuleSeverity/RuleSeverity.test.js +13 -0
- data/webpack/components/RuleSeverity/__snapshots__/RuleSeverity.test.js.snap +41 -0
- data/webpack/components/RuleSeverity/i_severity-critical.svg +61 -0
- data/webpack/components/RuleSeverity/i_severity-high.svg +61 -0
- data/webpack/components/RuleSeverity/i_severity-low.svg +62 -0
- data/webpack/components/RuleSeverity/i_severity-med.svg +62 -0
- data/webpack/components/RuleSeverity/i_unknown.svg +33 -0
- data/webpack/components/RuleSeverity/index.js +33 -0
- data/webpack/components/withLoading.js +68 -0
- data/webpack/global_index.js +5 -0
- data/webpack/graphql/queries/cves.gql +18 -0
- data/webpack/graphql/queries/ovalContents.gql +11 -0
- data/webpack/graphql/queries/ovalPolicies.gql +12 -0
- data/webpack/graphql/queries/ovalPolicy.gql +21 -0
- data/webpack/helpers/commonHelper.js +1 -0
- data/webpack/helpers/globalIdHelper.js +13 -0
- data/webpack/helpers/pageParamsHelper.js +31 -0
- data/webpack/helpers/pathsHelper.js +22 -0
- data/webpack/helpers/tableHelper.js +9 -0
- data/webpack/index.js +8 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsIndex.js +45 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsTable.js +38 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.fixtures.js +106 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.test.js +75 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/index.js +7 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesIndex.js +46 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesTable.js +44 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.fixtures.js +61 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.test.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/index.js +7 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTab.js +48 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTable.js +63 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShow.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShowHelper.js +39 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.fixtures.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.test.js +112 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/index.js +35 -0
- data/webpack/routes/routes.js +28 -0
- data/webpack/testHelper.js +64 -0
- metadata +144 -3
data/package.json
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
{
|
2
|
+
"name": "foreman_openscap",
|
3
|
+
"version": "0.1.0",
|
4
|
+
"description": "Foreman plug-in for managing security compliance reports",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"lint": "tfm-lint --plugin -d /webpack",
|
8
|
+
"test": "tfm-test --plugin --config jest.config.js",
|
9
|
+
"test:watch": "tfm-test --plugin --watchAll --config jest.config.js",
|
10
|
+
"test:current": "tfm-test --plugin --watch --config jest.config.js",
|
11
|
+
"publish-coverage": "tfm-publish-coverage",
|
12
|
+
"stories": "tfm-stories --plugin",
|
13
|
+
"stories:build": "tfm-build-stories --plugin",
|
14
|
+
"create-react-component": "yo react-domain"
|
15
|
+
},
|
16
|
+
"repository": {
|
17
|
+
"type": "git",
|
18
|
+
"url": "git+https://github.com/theforeman/foreman_openscap.git"
|
19
|
+
},
|
20
|
+
"bugs": {
|
21
|
+
"url": "https://projects.theforeman.org/projects/foreman_openscap/issues"
|
22
|
+
},
|
23
|
+
"peerDependencies": {
|
24
|
+
"@theforeman/vendor": ">= 4.13.2"
|
25
|
+
},
|
26
|
+
"devDependencies": {
|
27
|
+
"@apollo/react-testing": "^4.0.0",
|
28
|
+
"@babel/core": "^7.7.0",
|
29
|
+
"@testing-library/dom": "^7.30.4",
|
30
|
+
"@testing-library/jest-dom": "^5.11.9",
|
31
|
+
"@testing-library/react": "^11.2.5",
|
32
|
+
"@testing-library/user-event": "^13.1.2",
|
33
|
+
"@theforeman/builder": "^8.4.1",
|
34
|
+
"@theforeman/eslint-plugin-foreman": "8.4.1",
|
35
|
+
"@theforeman/find-foreman": "^8.4.1",
|
36
|
+
"@theforeman/stories": "^8.4.1",
|
37
|
+
"@theforeman/test": "^8.4.1",
|
38
|
+
"@theforeman/vendor-dev": "^8.4.1",
|
39
|
+
"babel-eslint": "^10.0.3",
|
40
|
+
"eslint": "^6.7.2",
|
41
|
+
"jed": "^1.1.1",
|
42
|
+
"jest-svg-transformer": "^1.0.0",
|
43
|
+
"jest-transform-graphql": "^2.1.0",
|
44
|
+
"prettier": "^1.13.5",
|
45
|
+
"stylelint": "^9.3.0",
|
46
|
+
"stylelint-config-standard": "^18.0.0"
|
47
|
+
}
|
48
|
+
}
|
@@ -16,4 +16,16 @@ FactoryBot.define do
|
|
16
16
|
openscap_proxy { SmartProxy.unscoped.with_features('Openscap').first || FactoryBot.create(:openscap_proxy) }
|
17
17
|
policies { [] }
|
18
18
|
end
|
19
|
+
|
20
|
+
factory :oval_facet, :class => ForemanOpenscap::Host::OvalFacet
|
21
|
+
|
22
|
+
factory :oval_host, :class => Host::Managed do
|
23
|
+
sequence(:name) { |n| "host#{n}" }
|
24
|
+
end
|
25
|
+
|
26
|
+
factory :cve, :class => ForemanOpenscap::Cve do
|
27
|
+
sequence(:ref_id) { |n| "CVE-#{n}" }
|
28
|
+
sequence(:ref_url) { |n| "https://access.redhat.com/security/cve/CVE-#{n}" }
|
29
|
+
sequence(:definition_id) { |n| "oval:com.redhat.rhsa:def:202015#{n}" }
|
30
|
+
end
|
19
31
|
end
|
Binary file
|
@@ -0,0 +1,104 @@
|
|
1
|
+
module ForemanOpenscap
|
2
|
+
class CveFixtures
|
3
|
+
def res_one(result_state = 'true')
|
4
|
+
init_result(
|
5
|
+
{ "references" => [
|
6
|
+
{ "ref_id" => "RHSA-2020:0215", "ref_url" => "https://access.redhat.com/errata/RHSA-2020:0215" },
|
7
|
+
{ "ref_id" => "CVE-2019-16541", "ref_url" => "https://access.redhat.com/security/cve/CVE-2019-16541" },
|
8
|
+
{ "ref_id" => "CVE-2020-14040", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-14040" },
|
9
|
+
{ "ref_id" => "CVE-2020-14370", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-14370" },
|
10
|
+
{ "ref_id" => "CVE-2020-15586", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-15586" },
|
11
|
+
{ "ref_id" => "CVE-2020-16845", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-16845" },
|
12
|
+
{ "ref_id" => "CVE-2020-2252", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2252" },
|
13
|
+
{ "ref_id" => "CVE-2020-2254", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2254" },
|
14
|
+
{ "ref_id" => "CVE-2020-2255", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2255" },
|
15
|
+
{ "ref_id" => "CVE-2020-8564", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-8564" }
|
16
|
+
] },
|
17
|
+
result_state,
|
18
|
+
"oval:com.redhat.rhsa:def:20201545"
|
19
|
+
)
|
20
|
+
end
|
21
|
+
|
22
|
+
def res_two(result_state = 'true')
|
23
|
+
init_result(
|
24
|
+
{ "references" => [
|
25
|
+
{ "ref_id" => "RHSA-2020:3601", "ref_url" => "https://access.redhat.com/errata/RHSA-2020:3601" },
|
26
|
+
{ "ref_id" => "CVE-2020-2181", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2181" },
|
27
|
+
{ "ref_id" => "CVE-2020-2182", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2182" },
|
28
|
+
{ "ref_id" => "CVE-2020-2224", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2224" },
|
29
|
+
{ "ref_id" => "CVE-2020-2225", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2225" },
|
30
|
+
{ "ref_id" => "CVE-2020-2226", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2226" }
|
31
|
+
] },
|
32
|
+
result_state,
|
33
|
+
"oval:com.redhat.rhsa:def:20201544"
|
34
|
+
)
|
35
|
+
end
|
36
|
+
|
37
|
+
def res_three(result_state = 'true')
|
38
|
+
init_result(
|
39
|
+
{ "references" => [
|
40
|
+
{ "ref_id" => "CVE-2019-17638", "ref_url" => "https://access.redhat.com/security/cve/CVE-2019-17638" },
|
41
|
+
{ "ref_id" => "CVE-2020-2229", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2229" },
|
42
|
+
{ "ref_id" => "CVE-2020-2230", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2230" },
|
43
|
+
{ "ref_id" => "CVE-2020-2231", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2231" }
|
44
|
+
] },
|
45
|
+
result_state,
|
46
|
+
"oval:com.redhat.rhsa:def:20201543"
|
47
|
+
)
|
48
|
+
end
|
49
|
+
|
50
|
+
def res_four(result_state = 'true')
|
51
|
+
init_result(
|
52
|
+
{ "references" => [
|
53
|
+
{ "ref_id" => "RHSA-2020:3601", "ref_url" => "https://access.redhat.com/errata/RHSA-2020:3601" },
|
54
|
+
{ "ref_id" => "CVE-2019-17638", "ref_url" => "https://access.redhat.com/security/cve/CVE-2019-17638" },
|
55
|
+
{ "ref_id" => "CVE-2020-2220", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2220" },
|
56
|
+
{ "ref_id" => "CVE-2020-2221", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2221" },
|
57
|
+
{ "ref_id" => "CVE-2020-2222", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2222" },
|
58
|
+
{ "ref_id" => "CVE-2020-2223", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2223" },
|
59
|
+
{ "ref_id" => "CVE-2020-2229", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2229" },
|
60
|
+
{ "ref_id" => "CVE-2020-2230", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2230" },
|
61
|
+
{ "ref_id" => "CVE-2020-2231", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2231" },
|
62
|
+
{ "ref_id" => "CVE-2020-8557", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-8557" }
|
63
|
+
] },
|
64
|
+
result_state,
|
65
|
+
"oval:com.redhat.rhsa:def:20201542"
|
66
|
+
)
|
67
|
+
end
|
68
|
+
|
69
|
+
def res_five(result_state = 'true')
|
70
|
+
init_result(
|
71
|
+
{ "references" => [
|
72
|
+
{ "ref_id" => "CVE-2020-2181", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2181" },
|
73
|
+
{ "ref_id" => "CVE-2020-2182", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2182" },
|
74
|
+
{ "ref_id" => "CVE-2020-2190", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2190" },
|
75
|
+
{ "ref_id" => "CVE-2020-2224", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2224" },
|
76
|
+
{ "ref_id" => "CVE-2020-2225", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2225" },
|
77
|
+
{ "ref_id" => "CVE-2020-2226", "ref_url" => "https://access.redhat.com/security/cve/CVE-2020-2226" }
|
78
|
+
] },
|
79
|
+
result_state,
|
80
|
+
"oval:com.redhat.rhsa:def:20201541"
|
81
|
+
)
|
82
|
+
end
|
83
|
+
|
84
|
+
def one
|
85
|
+
[res_one, res_two, res_three, res_four, res_five]
|
86
|
+
end
|
87
|
+
|
88
|
+
def two
|
89
|
+
[res_one('false'), res_two, res_three('false')]
|
90
|
+
end
|
91
|
+
|
92
|
+
def ids_from(fixture)
|
93
|
+
fixture['references'].pluck('ref_id')
|
94
|
+
end
|
95
|
+
|
96
|
+
private
|
97
|
+
|
98
|
+
def init_result(data, result_state, definition_id)
|
99
|
+
data['result'] = result_state
|
100
|
+
data['definition_id'] = definition_id
|
101
|
+
data
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
require 'tempfile'
|
3
|
+
|
4
|
+
class Api::V2::Compliance::OvalContentsControllerTest < ActionController::TestCase
|
5
|
+
test "should get index" do
|
6
|
+
FactoryBot.create(:oval_content)
|
7
|
+
get :index, :session => set_session_user
|
8
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
9
|
+
assert response['results'].any?
|
10
|
+
assert_response :success
|
11
|
+
end
|
12
|
+
|
13
|
+
test "should create OVAL content" do
|
14
|
+
post :create, :params => { :oval_content => { :name => 'OVAL test', :scap_file => content_file } }, :session => set_session_user
|
15
|
+
assert_response :success
|
16
|
+
end
|
17
|
+
|
18
|
+
test "should update OVAL content" do
|
19
|
+
new_name = 'RHEL7 OVAL'
|
20
|
+
oval_content = FactoryBot.create(:oval_content)
|
21
|
+
put :update, :params => { :id => oval_content.id, :oval_content => { :name => new_name } }, :session => set_session_user
|
22
|
+
assert_response :success
|
23
|
+
assert oval_content.name, new_name
|
24
|
+
end
|
25
|
+
|
26
|
+
test "should destory OVAL content" do
|
27
|
+
oval_content = FactoryBot.create(:oval_content)
|
28
|
+
delete :destroy, :params => { :id => oval_content.id }, :session => set_session_user
|
29
|
+
assert_response :ok
|
30
|
+
refute ForemanOpenscap::OvalContent.exists?(oval_content.id)
|
31
|
+
end
|
32
|
+
|
33
|
+
def content_file
|
34
|
+
file = Tempfile.new('test')
|
35
|
+
file.write('<xml>test</xml>')
|
36
|
+
file.rewind
|
37
|
+
Rack::Test::UploadedFile.new(file, '')
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,141 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
class Api::V2::Compliance::OvalPoliciesControllerTest < ActionController::TestCase
|
5
|
+
setup do
|
6
|
+
@file = Base64.encode64(read_oval_content('ansible-2.9.oval.xml.bz2'))
|
7
|
+
oval_content = FactoryBot.create(:oval_content, :scap_file => @file)
|
8
|
+
@attributes = { :oval_policy => { :name => 'my_policy', :period => 'weekly', :weekday => 'friday', :oval_content_id => oval_content.id } }
|
9
|
+
@config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
|
10
|
+
@policy = FactoryBot.create(:oval_policy, :oval_content => oval_content)
|
11
|
+
end
|
12
|
+
|
13
|
+
test "should get index of OVAL policies" do
|
14
|
+
get :index, :session => set_session_user
|
15
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
16
|
+
assert !response['results'].empty?
|
17
|
+
assert_response :success
|
18
|
+
end
|
19
|
+
|
20
|
+
test "should show OVAL policy" do
|
21
|
+
get :show, :params => { :id => @policy.to_param }, :session => set_session_user
|
22
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
23
|
+
assert response['name'], @policy.name
|
24
|
+
assert_response :success
|
25
|
+
end
|
26
|
+
|
27
|
+
test "should update OVAL policy" do
|
28
|
+
put :update, :params => { :id => @policy.id, :oval_policy => { :period => 'monthly', :day_of_month => 15 } }
|
29
|
+
updated_policy = ActiveSupport::JSON.decode(@response.body)
|
30
|
+
assert(updated_policy['period'], 'monthly')
|
31
|
+
assert_response :ok
|
32
|
+
end
|
33
|
+
|
34
|
+
test "should not update invalid OVAL policy" do
|
35
|
+
put :update, :params => { :id => @policy.id, :oval_policy => { :name => '' } }
|
36
|
+
assert_response :unprocessable_entity
|
37
|
+
end
|
38
|
+
|
39
|
+
test "should create OVAL policy" do
|
40
|
+
post :create, :params => @attributes, :session => set_session_user
|
41
|
+
assert_response :created
|
42
|
+
end
|
43
|
+
|
44
|
+
test "should not create invalid OVAL policy" do
|
45
|
+
post :create, :session => set_session_user
|
46
|
+
assert_response :unprocessable_entity
|
47
|
+
end
|
48
|
+
|
49
|
+
test "should destroy OVAL policy" do
|
50
|
+
delete :destroy, :params => { :id => @policy.id }, :session => set_session_user
|
51
|
+
assert_response :ok
|
52
|
+
refute ForemanOpenscap::OvalPolicy.exists?(@policy.id)
|
53
|
+
end
|
54
|
+
|
55
|
+
test "should return error when OVAL policy not found" do
|
56
|
+
get :show, :params => { :id => @policy.id + 1 }, :session => set_session_user
|
57
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
58
|
+
assert response['error']
|
59
|
+
assert_response :missing
|
60
|
+
end
|
61
|
+
|
62
|
+
test "should assign policy to multiple hosts correctly" do
|
63
|
+
proxy = FactoryBot.create(:openscap_proxy)
|
64
|
+
host1 = FactoryBot.create(:compliance_host, :openscap_proxy => proxy)
|
65
|
+
host2 = FactoryBot.create(:compliance_host, :openscap_proxy => proxy)
|
66
|
+
setup_ansible
|
67
|
+
|
68
|
+
assert_empty host1.oval_policies
|
69
|
+
assert_empty host2.oval_policies
|
70
|
+
|
71
|
+
post :assign_hosts, :params => { :id => @policy.id, :host_ids => [host1, host2].pluck(:id) }, :session => set_session_user
|
72
|
+
assert_equal "OVAL policy successfully configured with hosts.", ActiveSupport::JSON.decode(@response.body)['message']
|
73
|
+
|
74
|
+
assert_equal 2, host1.lookup_values.count
|
75
|
+
server_value = @server_key.lookup_values.find_by :match => "fqdn=#{host1.name}"
|
76
|
+
port_value = @port_key.lookup_values.find_by :match => "fqdn=#{host1.name}"
|
77
|
+
assert_equal proxy.hostname, server_value.value
|
78
|
+
assert_equal proxy.port, port_value.value
|
79
|
+
end
|
80
|
+
|
81
|
+
test "should assign policy to multiple hostgroups correctly" do
|
82
|
+
proxy = FactoryBot.create(:openscap_proxy)
|
83
|
+
hg1 = FactoryBot.create(:hostgroup, :openscap_proxy => proxy)
|
84
|
+
hg2 = FactoryBot.create(:hostgroup, :openscap_proxy => proxy)
|
85
|
+
setup_ansible
|
86
|
+
|
87
|
+
assert_empty hg1.oval_policies
|
88
|
+
assert_empty hg2.oval_policies
|
89
|
+
|
90
|
+
post :assign_hostgroups, :params => { :id => @policy.id, :hostgroup_ids => [hg1, hg2].pluck(:id) }, :session => set_session_user
|
91
|
+
assert_equal "OVAL policy successfully configured with hostgroups.", ActiveSupport::JSON.decode(@response.body)['message']
|
92
|
+
|
93
|
+
assert_equal 2, hg1.lookup_values.count
|
94
|
+
server_value = @server_key.lookup_values.find_by :match => "hostgroup=#{hg1.name}"
|
95
|
+
port_value = @port_key.lookup_values.find_by :match => "hostgroup=#{hg1.name}"
|
96
|
+
assert_equal proxy.hostname, server_value.value
|
97
|
+
assert_equal proxy.port, port_value.value
|
98
|
+
end
|
99
|
+
|
100
|
+
test "should not assign policy to hostgroup without openscap proxy" do
|
101
|
+
hg = FactoryBot.create(:hostgroup)
|
102
|
+
setup_ansible
|
103
|
+
|
104
|
+
assert_empty hg.oval_policies
|
105
|
+
|
106
|
+
post :assign_hostgroups, :params => { :id => @policy.id, :hostgroup_ids => hg.id }, :session => set_session_user
|
107
|
+
res = ActiveSupport::JSON.decode(@response.body)['results'].first
|
108
|
+
assert_equal "Was Hostgroup configured successfully?", res['title']
|
109
|
+
assert_equal "fail", res['result']
|
110
|
+
assert_equal "Assign openscap_proxy to #{hg.name} before proceeding.", res['fail_message']
|
111
|
+
hg.reload
|
112
|
+
assert_empty hg.oval_policies
|
113
|
+
end
|
114
|
+
|
115
|
+
test "should not assign policy to hostgroup when ansible role not present" do
|
116
|
+
hg = FactoryBot.create(:hostgroup)
|
117
|
+
assert_empty hg.oval_policies
|
118
|
+
|
119
|
+
post :assign_hostgroups, :params => { :id => @policy.id, :hostgroup_ids => hg.id }, :session => set_session_user
|
120
|
+
res = ActiveSupport::JSON.decode(@response.body)['results'].first
|
121
|
+
assert_equal 'theforeman.foreman_scap_client Ansible Role not found, please import it before running this action again.', res['fail_message']
|
122
|
+
hg.reload
|
123
|
+
assert_empty hg.oval_policies
|
124
|
+
end
|
125
|
+
|
126
|
+
test "should show oval content" do
|
127
|
+
get :oval_content, :params => { :id => @policy.id }
|
128
|
+
assert response.body, @file
|
129
|
+
end
|
130
|
+
|
131
|
+
def setup_ansible
|
132
|
+
@ansible_role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
|
133
|
+
@port_key = FactoryBot.create(:ansible_variable, :key => @config.port_param, :ansible_role => @ansible_role)
|
134
|
+
@server_key = FactoryBot.create(:ansible_variable, :key => @config.server_param, :ansible_role => @ansible_role)
|
135
|
+
FactoryBot.create(:ansible_variable, :key => @config.policies_param, :ansible_role => @ansible_role)
|
136
|
+
end
|
137
|
+
|
138
|
+
def read_oval_content(file_name)
|
139
|
+
File.read "#{ForemanOpenscap::Engine.root}/test/files/oval_contents/#{file_name}"
|
140
|
+
end
|
141
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class Api::V2::Compliance::OvalReportsControllerTest < ActionController::TestCase
|
4
|
+
setup do
|
5
|
+
@params = {
|
6
|
+
:oval_results => ForemanOpenscap::CveFixtures.new.one,
|
7
|
+
:oval_policy_id => 5,
|
8
|
+
:date => Time.now.to_i
|
9
|
+
}
|
10
|
+
end
|
11
|
+
|
12
|
+
test 'should accept new CVEs for host' do
|
13
|
+
host = FactoryBot.create(:host)
|
14
|
+
post :create, :params => @params.merge(:cname => host.name), :session => set_session_user
|
15
|
+
|
16
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
17
|
+
assert_equal 'ok', response['result']
|
18
|
+
assert_response :success
|
19
|
+
end
|
20
|
+
|
21
|
+
test 'should show host errors on CVEs upload' do
|
22
|
+
proxy = FactoryBot.create(:smart_proxy)
|
23
|
+
host = FactoryBot.create(:host, :puppet_proxy => proxy, :environment => FactoryBot.create(:environment))
|
24
|
+
SmartProxy.any_instance.stubs(:smart_proxy_features).returns([])
|
25
|
+
post :create, :params => @params.merge(:cname => host.name), :session => set_session_user
|
26
|
+
|
27
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
28
|
+
assert_equal 'fail', response['result']
|
29
|
+
refute response['errors'].empty?
|
30
|
+
assert_response :unprocessable_entity
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
module Queries
|
4
|
+
class OvalContentsQueryTest < GraphQLQueryTestCase
|
5
|
+
let(:query) do
|
6
|
+
<<-GRAPHQL
|
7
|
+
query {
|
8
|
+
ovalContents {
|
9
|
+
totalCount
|
10
|
+
nodes {
|
11
|
+
id
|
12
|
+
name
|
13
|
+
}
|
14
|
+
}
|
15
|
+
}
|
16
|
+
GRAPHQL
|
17
|
+
end
|
18
|
+
|
19
|
+
let(:data) { result['data']['ovalContents'] }
|
20
|
+
|
21
|
+
setup do
|
22
|
+
FactoryBot.create_list(:oval_content, 2)
|
23
|
+
end
|
24
|
+
|
25
|
+
test 'should fetch oval contentes' do
|
26
|
+
assert_empty result['errors']
|
27
|
+
|
28
|
+
expected_count = ForemanOpenscap::OvalContent.count
|
29
|
+
|
30
|
+
assert_not_equal 0, expected_count
|
31
|
+
assert_equal expected_count, data['totalCount']
|
32
|
+
assert_equal expected_count, data['nodes'].count
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|