foreman_openscap 4.1.3 → 4.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/stylesheets/foreman_openscap/policy.css +5 -0
- data/app/controllers/api/v2/compliance/oval_contents_controller.rb +72 -0
- data/app/controllers/api/v2/compliance/oval_policies_controller.rb +111 -0
- data/app/controllers/api/v2/compliance/oval_reports_controller.rb +47 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb +22 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb +22 -0
- data/app/controllers/concerns/foreman_openscap/hosts_controller_extensions.rb +1 -1
- data/app/graphql/types/cve.rb +17 -0
- data/app/graphql/types/oval_content.rb +17 -0
- data/app/graphql/types/oval_policy.rb +21 -0
- data/app/helpers/arf_reports_helper.rb +7 -24
- data/app/helpers/policies_helper.rb +4 -17
- data/app/mailers/foreman_openscap/policy_mailer.rb +2 -2
- data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb +1 -1
- data/app/models/concerns/foreman_openscap/data_stream_content.rb +0 -17
- data/app/models/concerns/foreman_openscap/host_extensions.rb +11 -11
- data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb +3 -5
- data/app/models/concerns/foreman_openscap/inherited_policies.rb +11 -0
- data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb +38 -0
- data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb +15 -0
- data/app/models/concerns/foreman_openscap/policy_common.rb +75 -0
- data/app/models/concerns/foreman_openscap/scap_file_content.rb +24 -0
- data/app/models/foreman_openscap/arf_report.rb +2 -2
- data/app/models/foreman_openscap/cve.rb +23 -0
- data/app/models/foreman_openscap/host/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/host_cve.rb +7 -0
- data/app/models/foreman_openscap/hostgroup/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_content.rb +26 -0
- data/app/models/foreman_openscap/oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_policy.rb +54 -0
- data/app/models/foreman_openscap/oval_status.rb +45 -0
- data/app/models/foreman_openscap/policy.rb +10 -73
- data/app/models/foreman_openscap/scap_content.rb +1 -0
- data/app/models/foreman_openscap/tailoring_file.rb +1 -0
- data/app/services/foreman_openscap/client_config/ansible.rb +39 -6
- data/app/services/foreman_openscap/client_config/base.rb +5 -1
- data/app/services/foreman_openscap/client_config/puppet.rb +2 -1
- data/app/services/foreman_openscap/config_name_service.rb +1 -1
- data/app/services/foreman_openscap/hostgroup_overrider.rb +2 -24
- data/app/services/foreman_openscap/hostgroup_overrider_common.rb +28 -0
- data/app/services/foreman_openscap/lookup_key_overrider.rb +30 -62
- data/app/services/foreman_openscap/lookup_key_overrides_common.rb +63 -0
- data/app/services/foreman_openscap/oval/check_collection.rb +45 -0
- data/app/services/foreman_openscap/oval/configure.rb +80 -0
- data/app/services/foreman_openscap/oval/cves.rb +41 -0
- data/app/services/foreman_openscap/oval/setup.rb +93 -0
- data/app/services/foreman_openscap/oval/setup_check.rb +55 -0
- data/app/services/foreman_openscap/oval/sync_oval_contents.rb +42 -0
- data/app/views/api/v2/compliance/oval_contents/base.json.rabl +6 -0
- data/app/views/api/v2/compliance/oval_contents/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/destroy.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl +11 -0
- data/app/views/api/v2/compliance/oval_contents/update.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/main.json.rabl +15 -0
- data/app/views/api/v2/compliance/oval_policies/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/policies/base.json.rabl +2 -2
- data/app/views/api/v2/compliance/policies_common/_attrs.json.rabl +2 -0
- data/app/views/arf_reports/_output.html.erb +9 -1
- data/app/views/arf_reports/show.html.erb +1 -1
- data/app/views/arf_reports/show_html.html.erb +1 -0
- data/app/views/compliance_hosts/show.html.erb +1 -8
- data/app/views/job_templates/run_oval_scans.erb +24 -0
- data/app/views/policies/edit.html.erb +3 -2
- data/app/views/policies/show.html.erb +3 -1
- data/app/views/policies/steps/_deployment_options_form.html.erb +2 -2
- data/app/views/scap_contents/edit.html.erb +2 -12
- data/app/views/tailoring_files/edit.html.erb +2 -10
- data/config/initializers/inflections.rb +12 -0
- data/config/routes.rb +19 -0
- data/db/migrate/20201019074925_create_oval_policy.rb +13 -0
- data/db/migrate/20201020113801_create_oval_facet.rb +14 -0
- data/db/migrate/20201021084109_create_hostgroup_oval_facet.rb +14 -0
- data/db/migrate/20201106080924_create_oval_content.rb +12 -0
- data/db/migrate/20201116110256_add_oval_content_to_oval_policy.rb +5 -0
- data/db/migrate/20201120080329_create_cves.rb +13 -0
- data/db/migrate/20201217130800_add_has_errata_to_cve.rb +8 -0
- data/db/migrate/20201217161511_add_url_to_oval_content.rb +5 -0
- data/db/migrate/20210409095625_add_oval_policy_reference_to_cve.rb +7 -0
- data/db/seeds.d/75-job_templates.rb +3 -2
- data/lib/foreman_openscap/bulk_upload.rb +2 -2
- data/lib/foreman_openscap/engine.rb +67 -9
- data/lib/foreman_openscap/version.rb +1 -1
- data/lib/tasks/foreman_openscap_tasks.rake +14 -9
- data/locale/de/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/de/foreman_openscap.edit.po +0 -0
- data/locale/de/foreman_openscap.po +215 -17
- data/locale/en_GB/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/en_GB/foreman_openscap.edit.po +0 -0
- data/locale/en_GB/foreman_openscap.po +213 -15
- data/locale/es/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/es/foreman_openscap.edit.po +0 -0
- data/locale/es/foreman_openscap.po +239 -41
- data/locale/foreman_openscap.pot +395 -112
- data/locale/fr/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/fr/foreman_openscap.edit.po +0 -0
- data/locale/fr/foreman_openscap.po +243 -45
- data/locale/gl/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/gl/foreman_openscap.edit.po +0 -0
- data/locale/gl/foreman_openscap.po +213 -15
- data/locale/it/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/it/foreman_openscap.edit.po +0 -0
- data/locale/it/foreman_openscap.po +213 -15
- data/locale/ja/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ja/foreman_openscap.edit.po +0 -0
- data/locale/ja/foreman_openscap.po +262 -66
- data/locale/ko/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ko/foreman_openscap.edit.po +0 -0
- data/locale/ko/foreman_openscap.po +214 -16
- data/locale/pt_BR/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/pt_BR/foreman_openscap.edit.po +0 -0
- data/locale/pt_BR/foreman_openscap.po +252 -54
- data/locale/ru/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ru/foreman_openscap.edit.po +0 -0
- data/locale/ru/foreman_openscap.po +214 -16
- data/locale/sv_SE/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/sv_SE/foreman_openscap.edit.po +0 -0
- data/locale/sv_SE/foreman_openscap.po +213 -15
- data/locale/zh_CN/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_CN/foreman_openscap.edit.po +0 -0
- data/locale/zh_CN/foreman_openscap.po +369 -169
- data/locale/zh_TW/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_TW/foreman_openscap.edit.po +0 -0
- data/locale/zh_TW/foreman_openscap.po +214 -16
- data/package.json +48 -0
- data/test/factories/compliance_host_factory.rb +12 -0
- data/test/factories/oval_content_factory.rb +7 -0
- data/test/factories/oval_policy_factory.rb +9 -0
- data/test/files/oval_contents/ansible-2.9.oval.xml.bz2 +0 -0
- data/test/fixtures/cve_fixtures.rb +104 -0
- data/test/functional/api/v2/compliance/oval_contents_controller_test.rb +39 -0
- data/test/functional/api/v2/compliance/oval_policies_controller_test.rb +141 -0
- data/test/functional/api/v2/compliance/oval_reports_controller_test.rb +32 -0
- data/test/graphql/queries/oval_contents_query_test.rb +35 -0
- data/test/graphql/queries/oval_policies_query_test.rb +35 -0
- data/test/test_plugin_helper.rb +4 -0
- data/test/unit/oval_host_test.rb +45 -0
- data/test/unit/oval_policy_test.rb +133 -0
- data/test/unit/oval_status_test.rb +47 -0
- data/test/unit/services/oval/cves_test.rb +81 -0
- data/test/unit/services/oval/setup_test.rb +87 -0
- data/webpack/components/EmptyState.js +67 -0
- data/webpack/components/IndexLayout.js +35 -0
- data/webpack/components/IndexLayout.scss +3 -0
- data/webpack/components/IndexTable/IndexTableHelper.js +9 -0
- data/webpack/components/IndexTable/index.js +65 -0
- data/webpack/components/RuleSeverity/RuleSeverity.scss +3 -0
- data/webpack/components/RuleSeverity/RuleSeverity.test.js +13 -0
- data/webpack/components/RuleSeverity/__snapshots__/RuleSeverity.test.js.snap +41 -0
- data/webpack/components/RuleSeverity/i_severity-critical.svg +61 -0
- data/webpack/components/RuleSeverity/i_severity-high.svg +61 -0
- data/webpack/components/RuleSeverity/i_severity-low.svg +62 -0
- data/webpack/components/RuleSeverity/i_severity-med.svg +62 -0
- data/webpack/components/RuleSeverity/i_unknown.svg +33 -0
- data/webpack/components/RuleSeverity/index.js +33 -0
- data/webpack/components/withLoading.js +68 -0
- data/webpack/global_index.js +5 -0
- data/webpack/graphql/queries/cves.gql +18 -0
- data/webpack/graphql/queries/ovalContents.gql +11 -0
- data/webpack/graphql/queries/ovalPolicies.gql +12 -0
- data/webpack/graphql/queries/ovalPolicy.gql +21 -0
- data/webpack/helpers/commonHelper.js +1 -0
- data/webpack/helpers/globalIdHelper.js +13 -0
- data/webpack/helpers/pageParamsHelper.js +31 -0
- data/webpack/helpers/pathsHelper.js +22 -0
- data/webpack/helpers/tableHelper.js +9 -0
- data/webpack/index.js +8 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsIndex.js +45 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsTable.js +38 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.fixtures.js +106 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.test.js +75 -0
- data/webpack/routes/OvalContents/OvalContentsIndex/index.js +7 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesIndex.js +46 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesTable.js +44 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.fixtures.js +61 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.test.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/index.js +7 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTab.js +48 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTable.js +63 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShow.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShowHelper.js +39 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.fixtures.js +78 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.test.js +112 -0
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/index.js +35 -0
- data/webpack/routes/routes.js +28 -0
- data/webpack/testHelper.js +64 -0
- metadata +144 -3
@@ -0,0 +1,35 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
module Queries
|
4
|
+
class OvalPoliciesQueryTest < GraphQLQueryTestCase
|
5
|
+
let(:query) do
|
6
|
+
<<-GRAPHQL
|
7
|
+
query {
|
8
|
+
ovalPolicies {
|
9
|
+
totalCount
|
10
|
+
nodes {
|
11
|
+
id
|
12
|
+
name
|
13
|
+
}
|
14
|
+
}
|
15
|
+
}
|
16
|
+
GRAPHQL
|
17
|
+
end
|
18
|
+
|
19
|
+
let(:data) { result['data']['ovalPolicies'] }
|
20
|
+
|
21
|
+
setup do
|
22
|
+
FactoryBot.create_list(:oval_policy, 2, :oval_content => FactoryBot.create(:oval_content))
|
23
|
+
end
|
24
|
+
|
25
|
+
test 'should fetch oval policies' do
|
26
|
+
assert_empty result['errors']
|
27
|
+
|
28
|
+
expected_count = ForemanOpenscap::OvalPolicy.count
|
29
|
+
|
30
|
+
assert_not_equal 0, expected_count
|
31
|
+
assert_equal expected_count, data['totalCount']
|
32
|
+
assert_equal expected_count, data['nodes'].count
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
data/test/test_plugin_helper.rb
CHANGED
@@ -3,8 +3,12 @@ require 'test_helper'
|
|
3
3
|
|
4
4
|
# Add plugin to FactoryBot's paths
|
5
5
|
FactoryBot.definition_file_paths << File.join(File.dirname(__FILE__), 'factories')
|
6
|
+
# Add factories from foreman_ansible
|
7
|
+
FactoryBot.definition_file_paths << File.join(ForemanAnsible::Engine.root, '/test/factories')
|
6
8
|
FactoryBot.reload
|
7
9
|
|
10
|
+
require "#{ForemanOpenscap::Engine.root}/test/fixtures/cve_fixtures"
|
11
|
+
|
8
12
|
module ScapClientPuppetclass
|
9
13
|
def setup_puppet_class
|
10
14
|
puppet_config = ::ForemanOpenscap::ClientConfig::Puppet.new
|
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class OvalHostTest < ActiveSupport::TestCase
|
4
|
+
test 'should show oval policies in enc' do
|
5
|
+
setup_ansible
|
6
|
+
|
7
|
+
content = FactoryBot.create(:oval_content)
|
8
|
+
policy = FactoryBot.create(:oval_policy, :oval_content => content)
|
9
|
+
proxy = FactoryBot.create(:openscap_proxy)
|
10
|
+
host = FactoryBot.create(:oval_host, :ansible_roles => [@ansible_role], :openscap_proxy => proxy)
|
11
|
+
facet = FactoryBot.create(:oval_facet, :host => host, :oval_policies => [policy])
|
12
|
+
|
13
|
+
host_params = host.info["parameters"]
|
14
|
+
policies = JSON.parse(host_params[@config.policies_param])
|
15
|
+
assert_equal 1, policies.length
|
16
|
+
assert_equal policies.first["id"], policy.id
|
17
|
+
|
18
|
+
assert_equal host_params[@config.port_param], proxy.port.to_s
|
19
|
+
assert_equal host_params[@config.server_param], proxy.hostname
|
20
|
+
end
|
21
|
+
|
22
|
+
def setup_ansible
|
23
|
+
@config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
|
24
|
+
@ansible_role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
|
25
|
+
@port_key = FactoryBot.create(
|
26
|
+
:ansible_variable,
|
27
|
+
:key => @config.port_param,
|
28
|
+
:ansible_role => @ansible_role,
|
29
|
+
:override => true
|
30
|
+
)
|
31
|
+
@server_key = FactoryBot.create(
|
32
|
+
:ansible_variable,
|
33
|
+
:key => @config.server_param,
|
34
|
+
:ansible_role => @ansible_role,
|
35
|
+
:override => true
|
36
|
+
)
|
37
|
+
@policies_param = FactoryBot.create(
|
38
|
+
:ansible_variable,
|
39
|
+
:key => @config.policies_param,
|
40
|
+
:ansible_role => @ansible_role,
|
41
|
+
:override => true,
|
42
|
+
:default_value => @config.policies_param_default_value
|
43
|
+
)
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,133 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class OvalPolicyTest < ActiveSupport::TestCase
|
4
|
+
setup do
|
5
|
+
@oval_content = FactoryBot.create(:oval_content)
|
6
|
+
end
|
7
|
+
|
8
|
+
test "should not create OVAL policy with custom period" do
|
9
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
10
|
+
:period => 'custom',
|
11
|
+
:cron_line => 'aaa',
|
12
|
+
:oval_content => @oval_content)
|
13
|
+
refute policy.save
|
14
|
+
assert policy.errors[:cron_line].include?("does not consist of 5 parts separated by space")
|
15
|
+
end
|
16
|
+
|
17
|
+
test "should create OVAL policy with weekly period" do
|
18
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
19
|
+
:period => 'weekly',
|
20
|
+
:weekday => 'monday',
|
21
|
+
:oval_content => @oval_content)
|
22
|
+
assert policy.save
|
23
|
+
end
|
24
|
+
|
25
|
+
test "should not create OVAL policy with weekly period" do
|
26
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
27
|
+
:period => 'weekly',
|
28
|
+
:weekday => 'someday',
|
29
|
+
:oval_content => @oval_content)
|
30
|
+
refute policy.save
|
31
|
+
assert policy.errors[:weekday].include?("is not a valid value")
|
32
|
+
end
|
33
|
+
|
34
|
+
test "should create OVAL policy with monthly period" do
|
35
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
36
|
+
:period => 'monthly',
|
37
|
+
:day_of_month => '1',
|
38
|
+
:oval_content => @oval_content)
|
39
|
+
assert policy.save
|
40
|
+
end
|
41
|
+
|
42
|
+
test "should not create OVAL policy with monthly period" do
|
43
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
44
|
+
:period => 'monthly',
|
45
|
+
:day_of_month => '0',
|
46
|
+
:oval_content => @oval_content)
|
47
|
+
refute policy.save
|
48
|
+
assert policy.errors[:day_of_month].include?("must be between 1 and 31")
|
49
|
+
end
|
50
|
+
|
51
|
+
test "should not create OVAL policy when attributes do not correspond to selected period in new record" do
|
52
|
+
policy_0 = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
53
|
+
:period => 'monthly',
|
54
|
+
:weekday => 'tuesday',
|
55
|
+
:cron_line => "0 0 0 0 0",
|
56
|
+
:oval_content => @oval_content)
|
57
|
+
policy_1 = ForemanOpenscap::OvalPolicy.new(:name => "test policy",
|
58
|
+
:period => 'custom',
|
59
|
+
:weekday => 'tuesday',
|
60
|
+
:day_of_month => "15",
|
61
|
+
:oval_content => @oval_content)
|
62
|
+
refute policy_0.save
|
63
|
+
refute policy_1.save
|
64
|
+
end
|
65
|
+
|
66
|
+
test "should update OVAL policy period" do
|
67
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
68
|
+
:period => 'monthly',
|
69
|
+
:day_of_month => '5',
|
70
|
+
:oval_content => @oval_content)
|
71
|
+
assert policy.save
|
72
|
+
policy.period = 'weekly'
|
73
|
+
policy.weekday = 'monday'
|
74
|
+
policy.day_of_month = nil
|
75
|
+
assert policy.save
|
76
|
+
end
|
77
|
+
|
78
|
+
test "should add and remove hosts for OVAL policy" do
|
79
|
+
host = FactoryBot.create(:oval_host)
|
80
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
81
|
+
:period => 'monthly',
|
82
|
+
:day_of_month => '5',
|
83
|
+
:host_ids => [host.id],
|
84
|
+
:oval_content => @oval_content)
|
85
|
+
|
86
|
+
assert policy.save
|
87
|
+
assert policy.reload.hosts.include?(host)
|
88
|
+
|
89
|
+
policy.host_ids = []
|
90
|
+
assert policy.save
|
91
|
+
refute policy.reload.hosts.include?(host)
|
92
|
+
end
|
93
|
+
|
94
|
+
test "should add and remove hostgroups for OVAL policy" do
|
95
|
+
hostgroup = FactoryBot.create(:hostgroup)
|
96
|
+
policy = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
97
|
+
:period => 'monthly',
|
98
|
+
:day_of_month => '5',
|
99
|
+
:hostgroup_ids => [hostgroup.id],
|
100
|
+
:oval_content => @oval_content)
|
101
|
+
assert policy.save
|
102
|
+
assert policy.reload.hostgroups.include?(hostgroup)
|
103
|
+
|
104
|
+
policy.hostgroup_ids = []
|
105
|
+
assert policy.save
|
106
|
+
refute policy.reload.hostgroups.include?(hostgroup)
|
107
|
+
end
|
108
|
+
|
109
|
+
test "should add and remove inherited OVAL policy" do
|
110
|
+
hostgroup = FactoryBot.create(:hostgroup)
|
111
|
+
host = FactoryBot.create(:oval_host, :hostgroup => hostgroup)
|
112
|
+
policy_1 = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy",
|
113
|
+
:period => 'monthly',
|
114
|
+
:day_of_month => '5',
|
115
|
+
:hostgroup_ids => [hostgroup.id],
|
116
|
+
:oval_content => @oval_content)
|
117
|
+
policy_2 = ForemanOpenscap::OvalPolicy.new(:name => "custom_policy_again",
|
118
|
+
:period => 'monthly',
|
119
|
+
:day_of_month => '6',
|
120
|
+
:host_ids => [host.id],
|
121
|
+
:oval_content => @oval_content)
|
122
|
+
assert policy_1.save
|
123
|
+
assert policy_2.save
|
124
|
+
|
125
|
+
assert host.reload.combined_oval_policies.include?(policy_1)
|
126
|
+
assert host.combined_oval_policies.include?(policy_2)
|
127
|
+
|
128
|
+
policy_1.hostgroup_ids = []
|
129
|
+
assert policy_1.save
|
130
|
+
refute host.reload.combined_oval_policies.include?(policy_1)
|
131
|
+
assert host.combined_oval_policies.include?(policy_2)
|
132
|
+
end
|
133
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class OvalStatusTest < ActiveSupport::TestCase
|
4
|
+
setup do
|
5
|
+
@policy = FactoryBot.create(:oval_policy, :oval_content => FactoryBot.create(:oval_content))
|
6
|
+
end
|
7
|
+
|
8
|
+
test 'should have no vulnerabilities' do
|
9
|
+
host = FactoryBot.create(:oval_host)
|
10
|
+
FactoryBot.create(:oval_facet, :host => host, :oval_policies => [@policy])
|
11
|
+
|
12
|
+
status = ForemanOpenscap::OvalStatus.new
|
13
|
+
status.host = host
|
14
|
+
assert_equal 0, status.to_status
|
15
|
+
assert_equal ::HostStatus::Global::OK, status.to_global
|
16
|
+
assert status.relevant?
|
17
|
+
end
|
18
|
+
|
19
|
+
test 'should have vulnerabilities with available patch' do
|
20
|
+
host = FactoryBot.create(:oval_host, :cves => [FactoryBot.create(:cve, :has_errata => false), FactoryBot.create(:cve, :has_errata => true)])
|
21
|
+
FactoryBot.create(:oval_facet, :host => host, :oval_policies => [@policy])
|
22
|
+
|
23
|
+
status = ForemanOpenscap::OvalStatus.new
|
24
|
+
status.host = host
|
25
|
+
assert_equal 2, status.to_status
|
26
|
+
assert_equal ::HostStatus::Global::ERROR, status.to_global
|
27
|
+
assert status.relevant?
|
28
|
+
end
|
29
|
+
|
30
|
+
test 'should have vulnerabilities without available patch' do
|
31
|
+
host = FactoryBot.create(:oval_host, :cves => [FactoryBot.create(:cve, :has_errata => false), FactoryBot.create(:cve, :has_errata => false)])
|
32
|
+
FactoryBot.create(:oval_facet, :host => host, :oval_policies => [@policy])
|
33
|
+
|
34
|
+
status = ForemanOpenscap::OvalStatus.new
|
35
|
+
status.host = host
|
36
|
+
assert_equal 1, status.to_status
|
37
|
+
assert_equal ::HostStatus::Global::WARN, status.to_global
|
38
|
+
assert status.relevant?
|
39
|
+
end
|
40
|
+
|
41
|
+
test 'should not be relevant without oval policy' do
|
42
|
+
host = FactoryBot.create(:oval_host, :cves => [FactoryBot.create(:cve)])
|
43
|
+
status = ForemanOpenscap::OvalStatus.new
|
44
|
+
status.host = host
|
45
|
+
refute status.relevant?
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class ForemanOpenscap::Oval::CvesTest < ActiveSupport::TestCase
|
4
|
+
setup do
|
5
|
+
@fxs = ForemanOpenscap::CveFixtures.new
|
6
|
+
@instance = ForemanOpenscap::Oval::Cves.new
|
7
|
+
end
|
8
|
+
|
9
|
+
test "should add CVEs to host" do
|
10
|
+
oval_data = create_cve_data @fxs.one
|
11
|
+
host = FactoryBot.create(:host)
|
12
|
+
assert_empty host.cves
|
13
|
+
@instance.create host, oval_data
|
14
|
+
refute_empty host.cves
|
15
|
+
|
16
|
+
assert_equal host.cves, host.cves.distinct
|
17
|
+
end
|
18
|
+
|
19
|
+
test "should filter out CVEs that do not affect the host" do
|
20
|
+
oval_data = create_cve_data @fxs.two
|
21
|
+
host = FactoryBot.create(:host)
|
22
|
+
assert_empty host.cves
|
23
|
+
@instance.create host, oval_data
|
24
|
+
refute_empty host.cves
|
25
|
+
|
26
|
+
assert_equal host.cves, ForemanOpenscap::Cve.where(:ref_id => @fxs.ids_from(@fxs.res_two))
|
27
|
+
end
|
28
|
+
|
29
|
+
test "should update host with a new set of CVEs" do
|
30
|
+
oval_data = create_cve_data @fxs.one
|
31
|
+
host = FactoryBot.create(:host)
|
32
|
+
assert_empty host.cves
|
33
|
+
@instance.create host, oval_data
|
34
|
+
refute_empty host.cves
|
35
|
+
|
36
|
+
cve_ids_before = host.reload.cve_ids
|
37
|
+
new_oval_data = create_cve_data @fxs.two
|
38
|
+
@instance.create host, new_oval_data
|
39
|
+
|
40
|
+
refute_equal host.reload.cve_ids, cve_ids_before
|
41
|
+
assert_equal host.cves, ForemanOpenscap::Cve.where(:ref_id => @fxs.ids_from(@fxs.res_two))
|
42
|
+
|
43
|
+
@fxs.ids_from(@fxs.res_three).map do |ref_id|
|
44
|
+
refute ForemanOpenscap::Cve.find_by :ref_id => ref_id
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
test "should not delete CVEs associated to another host" do
|
49
|
+
oval_data = create_cve_data @fxs.one
|
50
|
+
host = FactoryBot.create(:host)
|
51
|
+
@instance.create host, oval_data
|
52
|
+
refute_empty host.cves
|
53
|
+
|
54
|
+
cves_before = host.reload.cves
|
55
|
+
|
56
|
+
oval_data_2 = create_cve_data @fxs.two
|
57
|
+
host_2 = FactoryBot.create(:host)
|
58
|
+
@instance.create host_2, oval_data_2
|
59
|
+
|
60
|
+
assert_equal host.reload.cves, cves_before
|
61
|
+
end
|
62
|
+
|
63
|
+
test "should not delete CVEs associated to another policy" do
|
64
|
+
oval_data = create_cve_data [@fxs.res_three]
|
65
|
+
host = FactoryBot.create(:host)
|
66
|
+
assert_empty host.cves
|
67
|
+
@instance.create host, oval_data
|
68
|
+
refute_empty host.cves
|
69
|
+
|
70
|
+
cve_ids_before = host.reload.cve_ids
|
71
|
+
new_oval_data = create_cve_data [@fxs.res_four], 2
|
72
|
+
@instance.create host, new_oval_data
|
73
|
+
|
74
|
+
refute_equal host.reload.cve_ids, cve_ids_before
|
75
|
+
assert_equal host.cves, ForemanOpenscap::Cve.where(:ref_id => @fxs.ids_from(@fxs.res_three).concat(@fxs.ids_from(@fxs.res_four)))
|
76
|
+
end
|
77
|
+
|
78
|
+
def create_cve_data(fixture, policy_id = 1)
|
79
|
+
{ 'oval_results' => fixture, 'oval_policy_id' => policy_id }
|
80
|
+
end
|
81
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class ForemanOpenscap::Oval::SetupTest < ActiveSupport::TestCase
|
4
|
+
setup do
|
5
|
+
@config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
|
6
|
+
end
|
7
|
+
|
8
|
+
test "should fail check when Ansible not available" do
|
9
|
+
ForemanOpenscap::ClientConfig::Ansible.any_instance.stubs(:available?).returns(false)
|
10
|
+
|
11
|
+
check_collection = ForemanOpenscap::Oval::Setup.new.run
|
12
|
+
assert check_collection.find_check(:foreman_ansible_present).failed?
|
13
|
+
assert check_collection.checks.reject { |res| res.id == :foreman_ansible_present }.all?(&:skipped?)
|
14
|
+
end
|
15
|
+
|
16
|
+
test "should fail check when Ansible role for client not imported" do
|
17
|
+
ForemanOpenscap::ClientConfig::Ansible.any_instance.stubs(:find_config_item).returns(nil)
|
18
|
+
|
19
|
+
check_collection = ForemanOpenscap::Oval::Setup.new.run
|
20
|
+
assert check_collection.find_check(:foreman_ansible_present).passed?
|
21
|
+
assert check_collection.find_check(:foreman_scap_client_role_present).failed?
|
22
|
+
|
23
|
+
assert check_collection.checks
|
24
|
+
.select { |res| res.id != :foreman_ansible_present && res.id != :foreman_scap_client_role_present }
|
25
|
+
.all?(&:skipped?)
|
26
|
+
end
|
27
|
+
|
28
|
+
test "should fail check when required Ansible variables are not imported" do
|
29
|
+
FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
|
30
|
+
check_collection = ForemanOpenscap::Oval::Setup.new.run
|
31
|
+
assert check_collection.find_check(:foreman_ansible_present).passed?
|
32
|
+
assert check_collection.find_check(:foreman_scap_client_role_present).passed?
|
33
|
+
|
34
|
+
res = check_collection.find_check(:foreman_scap_client_vars_present)
|
35
|
+
assert res.failed?
|
36
|
+
msg = "The following Ansible Variables were not found: foreman_scap_client_oval_policies, foreman_scap_client_port, foreman_scap_client_server, please import them before running this action again."
|
37
|
+
assert res.fail_msg, msg
|
38
|
+
assert override_results(check_collection.checks).all?(&:skipped?)
|
39
|
+
end
|
40
|
+
|
41
|
+
test "should fail check when fails to override a variable" do
|
42
|
+
role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
|
43
|
+
FactoryBot.create(:ansible_variable, :key => @config.port_param, :ansible_role => role)
|
44
|
+
FactoryBot.create(:ansible_variable, :key => @config.server_param, :ansible_role => role)
|
45
|
+
FactoryBot.create(:ansible_variable, :key => @config.policies_param, :ansible_role => role)
|
46
|
+
AnsibleVariable.any_instance.stubs(:save).returns(false)
|
47
|
+
AnsibleVariable.any_instance.stubs(:changed?).returns(true)
|
48
|
+
check_collection = ForemanOpenscap::Oval::Setup.new.run
|
49
|
+
assert check_collection.find_check(:foreman_ansible_present).passed?
|
50
|
+
assert check_collection.find_check(:foreman_scap_client_role_present).passed?
|
51
|
+
assert check_collection.find_check(:foreman_scap_client_vars_present).passed?
|
52
|
+
assert override_results(check_collection.checks).all?(&:failed?)
|
53
|
+
end
|
54
|
+
|
55
|
+
test "should pass all checks" do
|
56
|
+
role = FactoryBot.create(:ansible_role, :name => @config.ansible_role_name)
|
57
|
+
port_param = FactoryBot.create(:ansible_variable, :key => @config.port_param, :ansible_role => role)
|
58
|
+
server_param = FactoryBot.create(:ansible_variable, :key => @config.server_param, :ansible_role => role)
|
59
|
+
policies_param = FactoryBot.create(:ansible_variable, :key => @config.policies_param, :ansible_role => role)
|
60
|
+
check_collection = ForemanOpenscap::Oval::Setup.new.run
|
61
|
+
|
62
|
+
[policies_param, port_param, server_param].map(&:reload)
|
63
|
+
|
64
|
+
assert check_collection.all_passed?
|
65
|
+
|
66
|
+
assert @config.policies_param_default_value, policies_param.default_value
|
67
|
+
assert_equal 'array', policies_param.key_type
|
68
|
+
refute policies_param.hidden_value?
|
69
|
+
assert policies_param.override
|
70
|
+
|
71
|
+
refute port_param.value
|
72
|
+
assert_equal 'integer', port_param.key_type
|
73
|
+
assert port_param.override
|
74
|
+
|
75
|
+
refute server_param.hidden_value?
|
76
|
+
assert_equal 'string', server_param.key_type
|
77
|
+
assert server_param.override
|
78
|
+
end
|
79
|
+
|
80
|
+
def override_results(checks)
|
81
|
+
checks.select do |res|
|
82
|
+
res.id == :foreman_scap_client_server_overriden ||
|
83
|
+
res.id == :foreman_scap_client_port_overriden ||
|
84
|
+
res.id == :foreman_scap_client_policies_overriden
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|