openscap 0.4.9 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,82 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'openscap'
4
+ require 'openscap/xccdf/benchmark'
5
+ require 'common/testcase'
6
+
7
+ class ItemTest < OpenSCAP::TestCase
8
+ def test_description_html
9
+ expected_markup = "\n" \
10
+ "Most of the actions listed in this document are written with the\n" \
11
+ "assumption that they will be executed by the root user running the\n" \
12
+ "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">/bin/bash</xhtml:code> shell. Commands preceded with a hash mark (#)\n" \
13
+ "assume that the administrator will execute the commands as root, i.e.\n" \
14
+ "apply the command via <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> whenever possible, or use\n" \
15
+ "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">su</xhtml:code> to gain root privileges if <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> cannot be\n" \
16
+ "used. Commands which can be executed as a non-root user are are preceded\n" \
17
+ "by a dollar sign ($) prompt.\n"
18
+ with_item 'xccdf_org.ssgproject.content_group_intro-root-shell-assumed' do |item|
19
+ assert_equal item.description(markup: true), expected_markup
20
+ end
21
+ end
22
+
23
+ def test_rationale_html
24
+ expected_markup = "\n" \
25
+ "For AIDE to be effective, an initial database of <i xmlns=\"http://www.w3.org/1999/xhtml\">\"known-good\"</i> information about files\n" \
26
+ "must be captured and it should be able to be verified against the installed files.\n"
27
+ with_item 'xccdf_org.ssgproject.content_rule_aide_build_database' do |item|
28
+ assert_equal item.rationale(markup: true), expected_markup
29
+ end
30
+ end
31
+
32
+ def test_missing_rationale
33
+ with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_rationale|
34
+ assert_equal item_sans_rationale.rationale(markup: true), nil
35
+ end
36
+ end
37
+
38
+ def test_version
39
+ with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_version|
40
+ assert_nil item_sans_version.version
41
+ end
42
+ end
43
+
44
+ def test_references
45
+ with_item 'xccdf_org.ssgproject.content_rule_disable_prelink' do |item|
46
+ item.references.tap do |refs|
47
+ assert_equal refs.length, 4
48
+ assert_equal refs.collect(&:title), ['CM-6(d)', 'CM-6(3)', 'SC-28', 'SI-7']
49
+ assert_equal refs.collect(&:href).uniq, ['http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf']
50
+ end
51
+ end
52
+ end
53
+
54
+ def test_warnings
55
+ expected_text = 'If verbose logging to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code> is done, sparse logging of downloads to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">/var/log/xferlog</xhtml:code> will not also occur. However, the information about what files were downloaded is included in the information logged to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code>'
56
+ with_item 'xccdf_org.ssgproject.content_rule_ftp_log_transactions' do |item|
57
+ warns = item.warnings
58
+ assert_equal warns.length, 1
59
+ warning = warns[0]
60
+ assert warning.instance_of?(Hash)
61
+ assert warning.keys.length == 2
62
+ assert warning[:category] == :general
63
+ assert warning[:text].text == expected_text
64
+ end
65
+ end
66
+
67
+ private
68
+
69
+ def with_item(id, &)
70
+ with_benchmark do |b|
71
+ item = b.items[id]
72
+ refute_nil item
73
+ yield item
74
+ end
75
+ end
76
+
77
+ def with_benchmark(&)
78
+ OpenSCAP::Source.new '../data/xccdf.xml' do |source|
79
+ OpenSCAP::Xccdf::Benchmark.new(source, &)
80
+ end
81
+ end
82
+ end
@@ -9,12 +9,40 @@ require 'openscap/xccdf/policy_model'
9
9
 
10
10
  class TestPolicy < OpenSCAP::TestCase
11
11
  def test_new_policy_model
12
- @s = OpenSCAP::Source.new '../data/xccdf.xml'
13
- b = OpenSCAP::Xccdf::Benchmark.new @s
14
- pm = OpenSCAP::Xccdf::PolicyModel.new b
15
- assert !b.nil?
16
- assert pm.policies.size == 1, pm.policies.to_s
17
- assert pm.policies['xccdf_org.ssgproject.content_profile_common']
18
- pm.destroy
12
+ with_policy_model do |pm|
13
+ assert pm.policies.size == 1, pm.policies.to_s
14
+ assert pm.policies['xccdf_org.ssgproject.content_profile_common']
15
+ end
16
+ end
17
+
18
+ def test_profile_getter
19
+ with_policy do |policy|
20
+ profile = policy.profile
21
+ assert_equal profile.id, 'xccdf_org.ssgproject.content_profile_common'
22
+ end
23
+ end
24
+
25
+ def test_selects_item
26
+ with_policy do |policy|
27
+ assert policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_prelink')
28
+ refute policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_vsftpd')
29
+ end
30
+ end
31
+
32
+ private
33
+
34
+ def with_policy(&)
35
+ with_policy_model do |pm|
36
+ yield pm.policies['xccdf_org.ssgproject.content_profile_common']
37
+ end
38
+ end
39
+
40
+ def with_policy_model(&)
41
+ OpenSCAP::Source.new '../data/xccdf.xml' do |source|
42
+ OpenSCAP::Xccdf::Benchmark.new source do |bench|
43
+ assert !bench.nil?
44
+ yield bench.policy_model
45
+ end
46
+ end
19
47
  end
20
48
  end
@@ -8,13 +8,55 @@ require 'openscap/xccdf/profile'
8
8
 
9
9
  class TestProfile < OpenSCAP::TestCase
10
10
  def test_new_from_file
11
- @s = OpenSCAP::Source.new '../data/xccdf.xml'
12
- b = OpenSCAP::Xccdf::Benchmark.new @s
13
- assert !b.nil?
14
- assert b.profiles.size == 1, b.profiles.to_s
15
- profile1 = b.profiles['xccdf_org.ssgproject.content_profile_common']
16
- assert profile1
17
- assert profile1.title == 'Common Profile for General-Purpose Fedora Systems'
18
- b.destroy
11
+ with_profile do |p|
12
+ assert p.title == 'Common Profile for General-Purpose Fedora Systems'
13
+ end
14
+ end
15
+
16
+ def test_description_html
17
+ with_profile do |p|
18
+ assert_equal p.description, 'This profile contains items common to general-purpose Fedora installations.'
19
+ end
20
+ end
21
+
22
+ def test_status
23
+ with_profile do |p|
24
+ assert_nil p.status_current&.status
25
+ end
26
+ end
27
+
28
+ def test_version
29
+ with_profile do |p|
30
+ assert_equal p.version, '3.2.1'
31
+ end
32
+ end
33
+
34
+ def test_references
35
+ with_profile do |p|
36
+ assert_equal p.references, []
37
+ end
38
+ end
39
+
40
+ def test_abstract
41
+ with_profile do |p|
42
+ assert_false p.abstract?
43
+ end
44
+ end
45
+
46
+ private
47
+
48
+ def with_profile(&)
49
+ benchmark do |b|
50
+ assert b.profiles.size == 1, b.profiles.to_s
51
+ profile = b.profiles['xccdf_org.ssgproject.content_profile_common']
52
+ assert profile
53
+ yield profile
54
+ end
55
+ end
56
+
57
+ def benchmark(&)
58
+ OpenSCAP::Source.new '../data/xccdf.xml' do |source|
59
+ OpenSCAP::Xccdf::Benchmark.new(source, &)
60
+ end
19
61
  end
20
62
  end
@@ -17,7 +17,7 @@ class TestSessionDS < OpenSCAP::TestCase
17
17
 
18
18
  def test_session_load_ds_comp
19
19
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
20
- @s.load(:datastream_id => 'scap_org.open-scap_datastream_tst2', :component_id => 'scap_org.open-scap_cref_second-xccdf.xml2')
20
+ @s.load(datastream_id: 'scap_org.open-scap_datastream_tst2', component_id: 'scap_org.open-scap_cref_second-xccdf.xml2')
21
21
  @s.evaluate
22
22
  end
23
23
 
@@ -25,7 +25,7 @@ class TestSessionDS < OpenSCAP::TestCase
25
25
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
26
26
  msg = nil
27
27
  begin
28
- @s.load(:datastream_id => 'nonexistent')
28
+ @s.load(datastream_id: 'nonexistent')
29
29
  assert false
30
30
  rescue OpenSCAP::OpenSCAPError => e
31
31
  msg = e.to_s
@@ -37,7 +37,7 @@ class TestSessionDS < OpenSCAP::TestCase
37
37
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
38
38
  msg = nil
39
39
  begin
40
- @s.load(:component_id => 'nonexistent')
40
+ @s.load(component_id: 'nonexistent')
41
41
  assert false
42
42
  rescue OpenSCAP::OpenSCAPError => e
43
43
  msg = e.to_s
@@ -47,7 +47,7 @@ class TestSessionDS < OpenSCAP::TestCase
47
47
 
48
48
  def test_session_set_profile
49
49
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
50
- @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
50
+ @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
51
51
  @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
52
52
  @s.evaluate
53
53
  end
@@ -69,40 +69,40 @@ class TestSessionDS < OpenSCAP::TestCase
69
69
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
70
70
  @s.load
71
71
  @s.evaluate
72
- @s.export_results(:rds_file => 'report.rds.xml')
72
+ @s.export_results(rds_file: 'report.rds.xml')
73
73
  assert_exported ['report.rds.xml']
74
74
  end
75
75
 
76
76
  def test_session_export_xccdf_results
77
77
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
78
- @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
78
+ @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
79
79
  @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
80
80
  @s.evaluate
81
- @s.export_results(:xccdf_file => 'result.xccdf.xml')
81
+ @s.export_results(xccdf_file: 'result.xccdf.xml')
82
82
  assert_exported ['result.xccdf.xml']
83
83
  end
84
84
 
85
85
  def test_session_export_html_report
86
86
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
87
- @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
87
+ @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
88
88
  @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
89
89
  @s.evaluate
90
- @s.export_results(:report_file => 'report.html', :xccdf_file => 'result.xccdf.xml')
90
+ @s.export_results(report_file: 'report.html', xccdf_file: 'result.xccdf.xml')
91
91
  assert_exported ['report.html', 'result.xccdf.xml']
92
92
  end
93
93
 
94
94
  def test_session_export_oval_variables
95
95
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
96
- @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
96
+ @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
97
97
  @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
98
98
  @s.evaluate
99
- @s.export_results(:oval_variables => true)
99
+ @s.export_results(oval_variables: true)
100
100
  assert_exported []
101
101
  end
102
102
 
103
103
  def test_remediate
104
104
  @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
105
- @s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
105
+ @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
106
106
  @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
107
107
  @s.evaluate
108
108
  @s.remediate
@@ -111,6 +111,6 @@ class TestSessionDS < OpenSCAP::TestCase
111
111
  def assert_exported(files)
112
112
  # libopenscap compiled with --enable-debug creates debug files
113
113
  FileUtils.rm_rf(Dir.glob('oscap_debug.log.*'))
114
- assert files.sort == Dir.glob('*').sort
114
+ assert files.sort == Dir.glob('*')
115
115
  end
116
116
  end
@@ -12,7 +12,7 @@ class TestSession < OpenSCAP::TestCase
12
12
  rescue OpenSCAP::OpenSCAPError => e
13
13
  msg = e.to_s
14
14
  end
15
- assert msg.start_with?("Unable to open file: ''"), 'Message was: ' + msg
15
+ assert msg.start_with?("Unable to open file: ''"), "Message was: #{msg}"
16
16
  end
17
17
 
18
18
  def test_session_new_nil
@@ -23,7 +23,7 @@ class TestSession < OpenSCAP::TestCase
23
23
  rescue OpenSCAP::OpenSCAPError => e
24
24
  msg = e.to_s
25
25
  end
26
- assert msg.start_with?('No filename specified!'), 'Message was: ' + msg
26
+ assert msg.start_with?('No filename specified!'), "Message was: #{msg}"
27
27
  end
28
28
 
29
29
  def test_sds_false
@@ -18,7 +18,7 @@ class TestTestResult < OpenSCAP::TestCase
18
18
  msg = e.to_s
19
19
  end
20
20
  assert msg.start_with?("Expected 'TestResult' element while found 'Benchmark'."),
21
- 'Message was: ' + msg
21
+ "Message was: #{msg}"
22
22
  end
23
23
 
24
24
  def test_result_create_and_query_properties
@@ -44,10 +44,10 @@ class TestTestResult < OpenSCAP::TestCase
44
44
  tr = new_tr
45
45
  rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
46
46
  assert rr.result == 'fail'
47
- rr.override!(:new_result => :pass,
48
- :time => 'yesterday',
49
- :authority => 'John Hacker',
50
- :raw_text => 'We are testing prelink on this machine')
47
+ rr.override!(new_result: :pass,
48
+ time: 'yesterday',
49
+ authority: 'John Hacker',
50
+ raw_text: 'We are testing prelink on this machine')
51
51
  assert rr.result == 'pass'
52
52
  tr.destroy
53
53
  end
@@ -67,10 +67,10 @@ class TestTestResult < OpenSCAP::TestCase
67
67
 
68
68
  rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
69
69
  assert rr.result == 'fail'
70
- rr.override!(:new_result => :pass,
71
- :time => 'yesterday',
72
- :authority => 'John Hacker',
73
- :raw_text => 'We are testing prelink on this machine')
70
+ rr.override!(new_result: :pass,
71
+ time: 'yesterday',
72
+ authority: 'John Hacker',
73
+ raw_text: 'We are testing prelink on this machine')
74
74
  assert rr.result == 'pass'
75
75
 
76
76
  assert_default_score tr.score, 34, 35
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'common/testcase'
4
+ require 'openscap'
5
+ require 'openscap/source'
6
+ require 'openscap/xccdf/benchmark'
7
+
8
+ class TestBenchmark < OpenSCAP::TestCase
9
+ def test_benchmark_values
10
+ with_benchmark do |b|
11
+ val_ids = []
12
+ b.each_value do |val|
13
+ val_ids << val.id
14
+ end
15
+ assert_equal val_ids, ['xccdf_org.ssgproject.content_value_conditional_clause']
16
+ end
17
+ end
18
+
19
+ def test_value_props
20
+ with_value do |val|
21
+ assert_equal val.id, 'xccdf_org.ssgproject.content_value_conditional_clause'
22
+ assert_equal val.title, 'A conditional clause for check statements.'
23
+ assert_equal val.description, 'A conditional clause for check statements.'
24
+ end
25
+ end
26
+
27
+ def test_collect_all_values
28
+ with_all_values do |vals|
29
+ assert_equal vals.length, 7
30
+ assert_equal vals.to_set(&:id).length, 7
31
+ end
32
+ end
33
+
34
+ private
35
+
36
+ def with_value(&)
37
+ with_benchmark { |b| b.each_value(&) }
38
+ end
39
+
40
+ def with_all_values(&)
41
+ vals = []
42
+ with_benchmark do |b|
43
+ vals += collect_values(b)
44
+ yield vals
45
+ end
46
+ end
47
+
48
+ def with_benchmark(&)
49
+ OpenSCAP::Source.new '../data/xccdf.xml' do |source|
50
+ OpenSCAP::Xccdf::Benchmark.new(source, &)
51
+ end
52
+ end
53
+
54
+ def collect_values(item)
55
+ vals = []
56
+ if item.is_a?(OpenSCAP::Xccdf::Benchmark) || item.is_a?(OpenSCAP::Xccdf::Group)
57
+ item.each_value { |v| vals << v }
58
+
59
+ if item.is_a? OpenSCAP::Xccdf::Benchmark
60
+ item.each_item { |item| vals += collect_values(item) }
61
+ else
62
+ item.each_child { |item| vals += collect_values(item) }
63
+ end
64
+ end
65
+ vals
66
+ end
67
+ end
metadata CHANGED
@@ -1,43 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openscap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.9
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Simon Lukasik
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-02 00:00:00.000000000 Z
11
+ date: 2023-10-07 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: bundler
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - ">="
18
- - !ruby/object:Gem::Version
19
- version: 1.0.0
20
- type: :development
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - ">="
25
- - !ruby/object:Gem::Version
26
- version: 1.0.0
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: ffi
29
15
  requirement: !ruby/object:Gem::Requirement
30
16
  requirements:
31
- - - ">="
17
+ - - "~>"
32
18
  - !ruby/object:Gem::Version
33
- version: 1.0.9
19
+ version: 1.15.5
34
20
  type: :runtime
35
21
  prerelease: false
36
22
  version_requirements: !ruby/object:Gem::Requirement
37
23
  requirements:
38
- - - ">="
24
+ - - "~>"
39
25
  - !ruby/object:Gem::Version
40
- version: 1.0.9
26
+ version: 1.15.5
41
27
  description: |-
42
28
  A FFI wrapper around the OpenSCAP library.
43
29
  Currently it provides only subset of libopenscap functionality.
@@ -65,6 +51,7 @@ files:
65
51
  - lib/openscap/xccdf/group.rb
66
52
  - lib/openscap/xccdf/ident.rb
67
53
  - lib/openscap/xccdf/item.rb
54
+ - lib/openscap/xccdf/item_common.rb
68
55
  - lib/openscap/xccdf/policy.rb
69
56
  - lib/openscap/xccdf/policy_model.rb
70
57
  - lib/openscap/xccdf/profile.rb
@@ -72,6 +59,7 @@ files:
72
59
  - lib/openscap/xccdf/rule.rb
73
60
  - lib/openscap/xccdf/ruleresult.rb
74
61
  - lib/openscap/xccdf/session.rb
62
+ - lib/openscap/xccdf/status.rb
75
63
  - lib/openscap/xccdf/tailoring.rb
76
64
  - lib/openscap/xccdf/testresult.rb
77
65
  - lib/openscap/xccdf/value.rb
@@ -90,17 +78,19 @@ files:
90
78
  - test/text_test.rb
91
79
  - test/xccdf/arf_test.rb
92
80
  - test/xccdf/benchmark_test.rb
81
+ - test/xccdf/item_test.rb
93
82
  - test/xccdf/policy_test.rb
94
83
  - test/xccdf/profile_test.rb
95
84
  - test/xccdf/session_ds_test.rb
96
85
  - test/xccdf/session_test.rb
97
86
  - test/xccdf/tailoring_test.rb
98
87
  - test/xccdf/testresult_test.rb
99
- homepage: https://github.com/OpenSCAP/ruby-openscap
88
+ - test/xccdf/value_test.rb
89
+ homepage: https://github.com/isimluk/ruby-openscap
100
90
  licenses:
101
91
  - GPL-2.0
102
92
  metadata: {}
103
- post_install_message:
93
+ post_install_message:
104
94
  rdoc_options: []
105
95
  require_paths:
106
96
  - lib
@@ -108,16 +98,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
108
98
  requirements:
109
99
  - - ">="
110
100
  - !ruby/object:Gem::Version
111
- version: '0'
101
+ version: 3.2.2
112
102
  required_rubygems_version: !ruby/object:Gem::Requirement
113
103
  requirements:
114
104
  - - ">="
115
105
  - !ruby/object:Gem::Version
116
106
  version: '0'
117
107
  requirements: []
118
- rubyforge_project:
119
- rubygems_version: 2.7.6.2
120
- signing_key:
108
+ rubygems_version: 3.4.10
109
+ signing_key:
121
110
  specification_version: 4
122
111
  summary: A FFI wrapper around the OpenSCAP library
123
112
  test_files: []