openscap 0.4.9 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -18
- data/Rakefile +2 -2
- data/lib/openscap/all.rb +1 -1
- data/lib/openscap/ds/arf.rb +3 -3
- data/lib/openscap/ds/sds.rb +8 -2
- data/lib/openscap/openscap.rb +9 -0
- data/lib/openscap/source.rb +10 -4
- data/lib/openscap/text.rb +34 -5
- data/lib/openscap/version.rb +1 -1
- data/lib/openscap/xccdf/benchmark.rb +67 -15
- data/lib/openscap/xccdf/fix.rb +7 -14
- data/lib/openscap/xccdf/fixtext.rb +19 -0
- data/lib/openscap/xccdf/group.rb +27 -1
- data/lib/openscap/xccdf/ident.rb +4 -10
- data/lib/openscap/xccdf/item.rb +37 -65
- data/lib/openscap/xccdf/item_common.rb +40 -0
- data/lib/openscap/xccdf/policy.rb +12 -3
- data/lib/openscap/xccdf/policy_model.rb +16 -15
- data/lib/openscap/xccdf/profile.rb +10 -10
- data/lib/openscap/xccdf/reference.rb +5 -21
- data/lib/openscap/xccdf/rule.rb +40 -20
- data/lib/openscap/xccdf/ruleresult.rb +5 -7
- data/lib/openscap/xccdf/session.rb +28 -30
- data/lib/openscap/xccdf/status.rb +34 -0
- data/lib/openscap/xccdf/tailoring.rb +7 -16
- data/lib/openscap/xccdf/testresult.rb +18 -28
- data/lib/openscap/xccdf/value.rb +1 -2
- data/lib/openscap/xccdf.rb +1 -1
- metadata +15 -48
- data/test/common/testcase.rb +0 -38
- data/test/data/arf.xml +0 -275156
- data/test/data/invalid.xml +0 -20
- data/test/data/sds-complex.xml +0 -132
- data/test/data/tailoring.xml +0 -31
- data/test/data/testresult.xml +0 -225
- data/test/data/xccdf.xml +0 -3046
- data/test/ds/arf_test.rb +0 -96
- data/test/ds/sds_test.rb +0 -71
- data/test/integration/arf_waiver_test.rb +0 -91
- data/test/openscap_test.rb +0 -21
- data/test/source_test.rb +0 -78
- data/test/text_test.rb +0 -19
- data/test/xccdf/arf_test.rb +0 -44
- data/test/xccdf/benchmark_test.rb +0 -115
- data/test/xccdf/policy_test.rb +0 -20
- data/test/xccdf/profile_test.rb +0 -20
- data/test/xccdf/session_ds_test.rb +0 -116
- data/test/xccdf/session_test.rb +0 -33
- data/test/xccdf/tailoring_test.rb +0 -30
- data/test/xccdf/testresult_test.rb +0 -99
data/test/ds/arf_test.rb
DELETED
|
@@ -1,96 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'openscap'
|
|
4
|
-
require 'openscap/ds/arf'
|
|
5
|
-
require 'common/testcase'
|
|
6
|
-
|
|
7
|
-
class TestArf < OpenSCAP::TestCase
|
|
8
|
-
REPORT = 'report.rds.xml'
|
|
9
|
-
|
|
10
|
-
def test_arf_new_nil
|
|
11
|
-
msg = nil
|
|
12
|
-
begin
|
|
13
|
-
OpenSCAP::DS::Arf.new(nil)
|
|
14
|
-
assert false
|
|
15
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
16
|
-
msg = e.to_s
|
|
17
|
-
end
|
|
18
|
-
assert msg.start_with?("Cannot initialize OpenSCAP::DS::Arf with ''"), 'Message was: ' + msg
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def test_arf_new_wrong_format
|
|
22
|
-
msg = nil
|
|
23
|
-
begin
|
|
24
|
-
OpenSCAP::DS::Arf.new('../data/xccdf.xml')
|
|
25
|
-
assert false
|
|
26
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
27
|
-
msg = e.to_s
|
|
28
|
-
end
|
|
29
|
-
assert msg.include?('Could not create Result DataStream session: File is not Result DataStream.'),
|
|
30
|
-
'Message was: ' + msg
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def test_create_arf_and_get_html
|
|
34
|
-
arf = new_arf
|
|
35
|
-
html = arf.html
|
|
36
|
-
arf.destroy
|
|
37
|
-
assert html.start_with?('<!DOCTYPE html><html'), 'DOCTYPE missing.'
|
|
38
|
-
assert html.include?('OpenSCAP')
|
|
39
|
-
assert html.include?('Compliance and Scoring')
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def test_create_arf_and_get_profile
|
|
43
|
-
arf = new_arf
|
|
44
|
-
tr = arf.test_result
|
|
45
|
-
assert tr.profile == 'xccdf_moc.elpmaxe.www_profile_1',
|
|
46
|
-
"TestResult.profile was '#{tr.profile}'"
|
|
47
|
-
tr.destroy
|
|
48
|
-
arf.destroy
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
def test_new_memory
|
|
52
|
-
create_arf
|
|
53
|
-
raw_data = File.read(REPORT)
|
|
54
|
-
refute raw_data.empty?
|
|
55
|
-
arf = OpenSCAP::DS::Arf.new :content => raw_data, :path => REPORT
|
|
56
|
-
arf.destroy
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def test_new_bz_memory
|
|
60
|
-
bziped_file = new_arf_bz
|
|
61
|
-
raw_data = File.open(bziped_file, 'rb').read
|
|
62
|
-
assert !raw_data.empty?
|
|
63
|
-
len = File.size(bziped_file)
|
|
64
|
-
FileUtils.rm bziped_file
|
|
65
|
-
arf = OpenSCAP::DS::Arf.new :content => raw_data, :path => bziped_file, :length => len
|
|
66
|
-
arf.destroy
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
def test_new_bz_file
|
|
70
|
-
bziped_file = new_arf_bz
|
|
71
|
-
arf = OpenSCAP::DS::Arf.new(bziped_file)
|
|
72
|
-
arf.destroy
|
|
73
|
-
FileUtils.rm bziped_file
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
private
|
|
77
|
-
|
|
78
|
-
def new_arf_bz
|
|
79
|
-
create_arf
|
|
80
|
-
system('/usr/bin/bzip2 ' + REPORT)
|
|
81
|
-
REPORT + '.bz2'
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
def new_arf
|
|
85
|
-
create_arf
|
|
86
|
-
OpenSCAP::DS::Arf.new(REPORT)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
def create_arf
|
|
90
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
91
|
-
@s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
|
|
92
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
|
93
|
-
@s.evaluate
|
|
94
|
-
@s.export_results(:rds_file => 'report.rds.xml')
|
|
95
|
-
end
|
|
96
|
-
end
|
data/test/ds/sds_test.rb
DELETED
|
@@ -1,71 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'openscap'
|
|
4
|
-
require 'openscap/source'
|
|
5
|
-
require 'openscap/ds/sds'
|
|
6
|
-
require 'common/testcase'
|
|
7
|
-
|
|
8
|
-
class TestSds < OpenSCAP::TestCase
|
|
9
|
-
def test_new
|
|
10
|
-
new_sds.destroy
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def test_new_non_sds
|
|
14
|
-
filename = '../data/xccdf.xml'
|
|
15
|
-
@s = OpenSCAP::Source.new filename
|
|
16
|
-
assert !@s.nil?
|
|
17
|
-
msg = nil
|
|
18
|
-
begin
|
|
19
|
-
OpenSCAP::DS::Sds.new :source => @s
|
|
20
|
-
assert false
|
|
21
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
22
|
-
msg = e.to_s
|
|
23
|
-
end
|
|
24
|
-
assert msg.start_with?('Could not create Source DataStream session: File is not Source DataStream.'), msg
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def test_select_checklist
|
|
28
|
-
sds = new_sds
|
|
29
|
-
benchmark = sds.select_checklist!
|
|
30
|
-
assert !benchmark.nil?
|
|
31
|
-
sds.destroy
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def test_show_guides
|
|
35
|
-
sds = new_sds
|
|
36
|
-
benchmark_source = sds.select_checklist!
|
|
37
|
-
benchmark = OpenSCAP::Xccdf::Benchmark.new benchmark_source
|
|
38
|
-
benchmark.profiles.each_key do |id|
|
|
39
|
-
guide = sds.html_guide id
|
|
40
|
-
assert !guide.nil?
|
|
41
|
-
assert guide.include?(id)
|
|
42
|
-
end
|
|
43
|
-
benchmark.destroy
|
|
44
|
-
sds.destroy
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
def tests_select_checklist_wrong
|
|
48
|
-
sds = new_sds
|
|
49
|
-
msg = nil
|
|
50
|
-
begin
|
|
51
|
-
benchmark = sds.select_checklist! :datastream_id => 'wrong'
|
|
52
|
-
assert false
|
|
53
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
54
|
-
msg = e.to_s
|
|
55
|
-
end
|
|
56
|
-
assert msg.start_with?('Failed to locate a datastream with ID matching'), msg
|
|
57
|
-
assert benchmark.nil?
|
|
58
|
-
sds.destroy
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
private
|
|
62
|
-
|
|
63
|
-
def new_sds
|
|
64
|
-
filename = '../data/sds-complex.xml'
|
|
65
|
-
@s = OpenSCAP::Source.new filename
|
|
66
|
-
assert !@s.nil?
|
|
67
|
-
sds = OpenSCAP::DS::Sds.new :source => @s
|
|
68
|
-
assert !sds.nil?
|
|
69
|
-
sds
|
|
70
|
-
end
|
|
71
|
-
end
|
|
@@ -1,91 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'openscap'
|
|
4
|
-
require 'openscap/xccdf/benchmark'
|
|
5
|
-
require 'openscap/xccdf/ruleresult'
|
|
6
|
-
require 'openscap/xccdf/session'
|
|
7
|
-
require 'openscap/xccdf/testresult'
|
|
8
|
-
require 'openscap/ds/arf'
|
|
9
|
-
require 'openscap/ds/sds'
|
|
10
|
-
require 'common/testcase'
|
|
11
|
-
|
|
12
|
-
class TestArfWaiver < OpenSCAP::TestCase
|
|
13
|
-
def test_waiver_and_score
|
|
14
|
-
assert_default_score tr.score, -1, 1
|
|
15
|
-
assert_default_score tr.score!(benchmark), -1, 1
|
|
16
|
-
|
|
17
|
-
rr.override!(:new_result => :pass,
|
|
18
|
-
:time => 'yesterday',
|
|
19
|
-
:authority => 'John Hacker',
|
|
20
|
-
:raw_text => 'This should have passed')
|
|
21
|
-
assert rr.result == 'pass'
|
|
22
|
-
|
|
23
|
-
assert_default_score tr.score, -1, 1
|
|
24
|
-
assert_default_score tr.score!(benchmark), 99, 101
|
|
25
|
-
|
|
26
|
-
# create updated DOM (that includes the override element and new score)
|
|
27
|
-
arf.test_result = tr
|
|
28
|
-
arf.source.save('modified.rds.xml')
|
|
29
|
-
tr.destroy
|
|
30
|
-
arf.destroy
|
|
31
|
-
|
|
32
|
-
arf2 = OpenSCAP::DS::Arf.new('modified.rds.xml')
|
|
33
|
-
tr2 = arf2.test_result('xccdf1')
|
|
34
|
-
assert_default_score tr.score, 99, 101
|
|
35
|
-
rr2 = tr2.rr['xccdf_moc.elpmaxe.www_rule_first']
|
|
36
|
-
assert rr2.result == 'pass'
|
|
37
|
-
tr2.destroy
|
|
38
|
-
arf2.destroy
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
private
|
|
42
|
-
|
|
43
|
-
def benchmark
|
|
44
|
-
@benchmark ||= benchmark_init
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
def benchmark_init
|
|
48
|
-
sds = arf.report_request
|
|
49
|
-
bench_source = sds.select_checklist!
|
|
50
|
-
bench = OpenSCAP::Xccdf::Benchmark.new bench_source
|
|
51
|
-
sds.destroy
|
|
52
|
-
bench
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
def rr
|
|
56
|
-
@rr ||= rr_init
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def rr_init
|
|
60
|
-
assert tr.rr.size == 1
|
|
61
|
-
rr = tr.rr['xccdf_moc.elpmaxe.www_rule_first']
|
|
62
|
-
assert rr.result == 'fail'
|
|
63
|
-
rr
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
def tr
|
|
67
|
-
@tr ||= tr_init
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
def tr_init
|
|
71
|
-
tr = arf.test_result
|
|
72
|
-
assert tr.score.size == 1
|
|
73
|
-
score = tr.score['urn:xccdf:scoring:default']
|
|
74
|
-
assert score[:system] == 'urn:xccdf:scoring:default'
|
|
75
|
-
assert score[:max] == 100.0
|
|
76
|
-
assert score[:value] == 0.0
|
|
77
|
-
tr
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
def arf
|
|
81
|
-
@arf ||= arf_init
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
def arf_init
|
|
85
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
86
|
-
@s.load
|
|
87
|
-
@s.evaluate
|
|
88
|
-
@s.export_results(:rds_file => 'report.rds.xml')
|
|
89
|
-
OpenSCAP::DS::Arf.new('report.rds.xml')
|
|
90
|
-
end
|
|
91
|
-
end
|
data/test/openscap_test.rb
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'common/testcase'
|
|
4
|
-
require 'openscap'
|
|
5
|
-
|
|
6
|
-
class TestOscapVersion < OpenSCAP::TestCase
|
|
7
|
-
def test_oscap_version
|
|
8
|
-
OpenSCAP.oscap_init
|
|
9
|
-
version = OpenSCAP.oscap_get_version
|
|
10
|
-
OpenSCAP.oscap_cleanup
|
|
11
|
-
assert version.include?('.')
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def test_double_read_error
|
|
15
|
-
assert !OpenSCAP.error?
|
|
16
|
-
msg = OpenSCAP.full_error
|
|
17
|
-
assert msg.nil?
|
|
18
|
-
msg = OpenSCAP.full_error
|
|
19
|
-
assert msg.nil?
|
|
20
|
-
end
|
|
21
|
-
end
|
data/test/source_test.rb
DELETED
|
@@ -1,78 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'openscap'
|
|
4
|
-
require 'openscap/source'
|
|
5
|
-
require 'common/testcase'
|
|
6
|
-
|
|
7
|
-
class TestSource < OpenSCAP::TestCase
|
|
8
|
-
def test_source_new_nil
|
|
9
|
-
msg = nil
|
|
10
|
-
begin
|
|
11
|
-
OpenSCAP::Source.new(nil)
|
|
12
|
-
assert false
|
|
13
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
14
|
-
msg = e.to_s
|
|
15
|
-
end
|
|
16
|
-
assert msg.start_with?('No filename specified!'), 'Message was: ' + msg
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def test_source_new_ok
|
|
20
|
-
s = OpenSCAP::Source.new('../data/xccdf.xml')
|
|
21
|
-
s.destroy
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def test_source_new_memory
|
|
25
|
-
raw_data = File.read('../data/xccdf.xml')
|
|
26
|
-
refute raw_data.empty?
|
|
27
|
-
s = OpenSCAP::Source.new(:content => raw_data, :path => '/mytestpath')
|
|
28
|
-
s.destroy
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def test_type_xccdf
|
|
32
|
-
s = OpenSCAP::Source.new('../data/xccdf.xml')
|
|
33
|
-
assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
|
|
34
|
-
s.validate!
|
|
35
|
-
s.destroy
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def test_type_sds
|
|
39
|
-
s = OpenSCAP::Source.new('../data/sds-complex.xml')
|
|
40
|
-
assert s.type == 'SCAP Source Datastream', "Type was #{s.type}"
|
|
41
|
-
s.validate!
|
|
42
|
-
s.destroy
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
def test_type_test_result
|
|
46
|
-
s = OpenSCAP::Source.new('../data/testresult.xml')
|
|
47
|
-
assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
|
|
48
|
-
s.validate!
|
|
49
|
-
s.destroy
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
def test_validate_invalid
|
|
53
|
-
s = OpenSCAP::Source.new('../data/invalid.xml')
|
|
54
|
-
msg = nil
|
|
55
|
-
begin
|
|
56
|
-
s.validate!
|
|
57
|
-
assert false
|
|
58
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
59
|
-
msg = e.to_s
|
|
60
|
-
end
|
|
61
|
-
assert msg.start_with?('Invalid XCCDF Checklist (1.2) content in ../data/invalid.xml.'),
|
|
62
|
-
'Message was: ' + msg
|
|
63
|
-
assert msg.include?("../data/invalid.xml:3: Element '{http"),
|
|
64
|
-
'Message was: ' + msg
|
|
65
|
-
assert msg.include?('This element is not expected. Expected is'),
|
|
66
|
-
'Message was: ' + msg
|
|
67
|
-
s.destroy
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
def test_save
|
|
71
|
-
s = OpenSCAP::Source.new('../data/testresult.xml')
|
|
72
|
-
filename = './newly_created.xml'
|
|
73
|
-
assert !File.exist?(filename)
|
|
74
|
-
s.save(filename)
|
|
75
|
-
assert File.exist?(filename)
|
|
76
|
-
FileUtils.rm_rf filename
|
|
77
|
-
end
|
|
78
|
-
end
|
data/test/text_test.rb
DELETED
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'openscap'
|
|
4
|
-
require 'openscap/text'
|
|
5
|
-
require 'common/testcase'
|
|
6
|
-
|
|
7
|
-
class TestText < OpenSCAP::TestCase
|
|
8
|
-
def test_text_new
|
|
9
|
-
t = OpenSCAP::Text.new
|
|
10
|
-
t.destroy
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def test_text_set_text
|
|
14
|
-
t = OpenSCAP::Text.new
|
|
15
|
-
t.text = 'blah'
|
|
16
|
-
assert t.text == 'blah', "Text was: #{t.text}"
|
|
17
|
-
t.destroy
|
|
18
|
-
end
|
|
19
|
-
end
|
data/test/xccdf/arf_test.rb
DELETED
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'common/testcase'
|
|
4
|
-
require 'openscap'
|
|
5
|
-
require 'openscap/ds/sds'
|
|
6
|
-
require 'openscap/source'
|
|
7
|
-
require 'openscap/xccdf/benchmark'
|
|
8
|
-
|
|
9
|
-
class TestArf < OpenSCAP::TestCase
|
|
10
|
-
def test_new_from_file
|
|
11
|
-
b = benchmark_from_arf_file
|
|
12
|
-
b.destroy
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
def test_idents
|
|
16
|
-
b = benchmark_from_arf_file
|
|
17
|
-
item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140675']
|
|
18
|
-
idents = item.idents
|
|
19
|
-
assert idents.size == 25
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def test_ident_title_url
|
|
23
|
-
b = benchmark_from_arf_file
|
|
24
|
-
item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140678']
|
|
25
|
-
idents = item.idents
|
|
26
|
-
assert idents.size == 2
|
|
27
|
-
ident = idents[0]
|
|
28
|
-
expected_id = 'RHSA-2014-0678'
|
|
29
|
-
expected_system = 'https://rhn.redhat.com/errata'
|
|
30
|
-
assert_equal(expected_id, ident.id)
|
|
31
|
-
assert_equal(expected_system, ident.system)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
private
|
|
35
|
-
|
|
36
|
-
def benchmark_from_arf_file
|
|
37
|
-
arf = OpenSCAP::DS::Arf.new('../data/arf.xml')
|
|
38
|
-
_test_results = arf.test_result
|
|
39
|
-
source_datastream = arf.report_request
|
|
40
|
-
bench_source = source_datastream.select_checklist!
|
|
41
|
-
benchmark = OpenSCAP::Xccdf::Benchmark.new(bench_source)
|
|
42
|
-
benchmark
|
|
43
|
-
end
|
|
44
|
-
end
|
|
@@ -1,115 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'common/testcase'
|
|
4
|
-
require 'openscap'
|
|
5
|
-
require 'openscap/ds/sds'
|
|
6
|
-
require 'openscap/source'
|
|
7
|
-
require 'openscap/xccdf/benchmark'
|
|
8
|
-
|
|
9
|
-
class TestBenchmark < OpenSCAP::TestCase
|
|
10
|
-
def test_new_from_file
|
|
11
|
-
b = benchmark_from_file
|
|
12
|
-
b.destroy
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
def test_new_from_sds
|
|
16
|
-
@s = OpenSCAP::Source.new '../data/sds-complex.xml'
|
|
17
|
-
sds = OpenSCAP::DS::Sds.new @s
|
|
18
|
-
bench_source = sds.select_checklist!
|
|
19
|
-
assert !bench_source.nil?
|
|
20
|
-
b = OpenSCAP::Xccdf::Benchmark.new bench_source
|
|
21
|
-
assert !b.nil?
|
|
22
|
-
b.destroy
|
|
23
|
-
sds.destroy
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
def test_new_from_wrong
|
|
27
|
-
@s = OpenSCAP::Source.new '../data/testresult.xml'
|
|
28
|
-
msg = nil
|
|
29
|
-
begin
|
|
30
|
-
OpenSCAP::Xccdf::Benchmark.new @s
|
|
31
|
-
assert false
|
|
32
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
33
|
-
msg = e.to_s
|
|
34
|
-
end
|
|
35
|
-
assert msg.start_with?("Find element 'TestResult' while expecting element: 'Benchmark'"), msg
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def test_items_in_benchmark
|
|
39
|
-
b = benchmark_from_file
|
|
40
|
-
assert b.items.size == 138
|
|
41
|
-
rules_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Rule) }
|
|
42
|
-
groups_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Group) }
|
|
43
|
-
assert rules_count == 76, "Got #{rules_count} rules"
|
|
44
|
-
assert groups_count == 62, "Got #{groups_count} groups"
|
|
45
|
-
b.destroy
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
def test_items_title
|
|
49
|
-
b = benchmark_from_file
|
|
50
|
-
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
|
51
|
-
assert prelink_rule.title == 'Prelinking Disabled', prelink_rule.title
|
|
52
|
-
b.destroy
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
def test_items_description
|
|
56
|
-
b = benchmark_from_file
|
|
57
|
-
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
|
58
|
-
expected_result = "\nThe Red Hat platform includes a sophisticated auditing system\nand SELinux, which provide host-based intrusion detection capabilities.\n"
|
|
59
|
-
assert install_hids_rule.description == expected_result, install_hids_rule.description
|
|
60
|
-
b.destroy
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
def test_items_rationale
|
|
64
|
-
b = benchmark_from_file
|
|
65
|
-
aide_rule = b.items['xccdf_org.ssgproject.content_rule_package_aide_installed']
|
|
66
|
-
expected_rationale = "\nThe AIDE package must be installed if it is to be available for integrity checking.\n"
|
|
67
|
-
assert aide_rule.rationale == expected_rationale, aide_rule.rationale
|
|
68
|
-
b.destroy
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
def test_items_severity
|
|
72
|
-
b = benchmark_from_file
|
|
73
|
-
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
|
74
|
-
assert prelink_rule.severity == 'Low', prelink_rule.severity
|
|
75
|
-
b.destroy
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
def test_items_references
|
|
79
|
-
b = benchmark_from_file
|
|
80
|
-
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
|
81
|
-
expected_references = [{ :title => 'SC-7',
|
|
82
|
-
:href => 'http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf',
|
|
83
|
-
:html_link => "<a href='http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf'>SC-7</a>" },
|
|
84
|
-
{ :title => '1263',
|
|
85
|
-
:href => 'http://iase.disa.mil/cci/index.html',
|
|
86
|
-
:html_link => "<a href='http://iase.disa.mil/cci/index.html'>1263</a>" }]
|
|
87
|
-
assert_equal(expected_references, install_hids_rule.references.map(&:to_hash), 'Install hids references should be equal')
|
|
88
|
-
b.destroy
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
def test_items_fixes
|
|
92
|
-
b = benchmark_from_file
|
|
93
|
-
login_defs_rule = b.items['xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs']
|
|
94
|
-
expected_content = ["var_accounts_minimum_age_login_defs=\"<sub xmlns=\"http://checklists.nist.gov/xccdf/1.2\" idref=\"xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs\" use=\"legacy\"/>\"\ngrep -q ^PASS_MIN_DAYS /etc/login.defs && \\\nsed -i \"s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs/g\" /etc/login.defs\nif ! [ $? -eq 0 ]\nthen\n echo -e \"PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs\" >> /etc/login.defs\nfi\n"]
|
|
95
|
-
expected_hashes = [{
|
|
96
|
-
:id => nil,
|
|
97
|
-
:platform => nil,
|
|
98
|
-
:content => expected_content.first,
|
|
99
|
-
:system => 'urn:xccdf:fix:script:sh'
|
|
100
|
-
}]
|
|
101
|
-
assert_equal(expected_content, login_defs_rule.fixes.map(&:content), 'Fix content should match')
|
|
102
|
-
assert_equal(expected_hashes, login_defs_rule.fixes.map(&:to_hash), 'Fix hash should match')
|
|
103
|
-
b.destroy
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
private
|
|
107
|
-
|
|
108
|
-
def benchmark_from_file
|
|
109
|
-
source = OpenSCAP::Source.new '../data/xccdf.xml'
|
|
110
|
-
b = OpenSCAP::Xccdf::Benchmark.new source
|
|
111
|
-
source.destroy
|
|
112
|
-
assert !b.nil?
|
|
113
|
-
b
|
|
114
|
-
end
|
|
115
|
-
end
|
data/test/xccdf/policy_test.rb
DELETED
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'common/testcase'
|
|
4
|
-
require 'openscap'
|
|
5
|
-
require 'openscap/source'
|
|
6
|
-
require 'openscap/xccdf/benchmark'
|
|
7
|
-
require 'openscap/xccdf/policy'
|
|
8
|
-
require 'openscap/xccdf/policy_model'
|
|
9
|
-
|
|
10
|
-
class TestPolicy < OpenSCAP::TestCase
|
|
11
|
-
def test_new_policy_model
|
|
12
|
-
@s = OpenSCAP::Source.new '../data/xccdf.xml'
|
|
13
|
-
b = OpenSCAP::Xccdf::Benchmark.new @s
|
|
14
|
-
pm = OpenSCAP::Xccdf::PolicyModel.new b
|
|
15
|
-
assert !b.nil?
|
|
16
|
-
assert pm.policies.size == 1, pm.policies.to_s
|
|
17
|
-
assert pm.policies['xccdf_org.ssgproject.content_profile_common']
|
|
18
|
-
pm.destroy
|
|
19
|
-
end
|
|
20
|
-
end
|
data/test/xccdf/profile_test.rb
DELETED
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'common/testcase'
|
|
4
|
-
require 'openscap'
|
|
5
|
-
require 'openscap/source'
|
|
6
|
-
require 'openscap/xccdf/benchmark'
|
|
7
|
-
require 'openscap/xccdf/profile'
|
|
8
|
-
|
|
9
|
-
class TestProfile < OpenSCAP::TestCase
|
|
10
|
-
def test_new_from_file
|
|
11
|
-
@s = OpenSCAP::Source.new '../data/xccdf.xml'
|
|
12
|
-
b = OpenSCAP::Xccdf::Benchmark.new @s
|
|
13
|
-
assert !b.nil?
|
|
14
|
-
assert b.profiles.size == 1, b.profiles.to_s
|
|
15
|
-
profile1 = b.profiles['xccdf_org.ssgproject.content_profile_common']
|
|
16
|
-
assert profile1
|
|
17
|
-
assert profile1.title == 'Common Profile for General-Purpose Fedora Systems'
|
|
18
|
-
b.destroy
|
|
19
|
-
end
|
|
20
|
-
end
|
|
@@ -1,116 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'openscap'
|
|
4
|
-
require 'common/testcase'
|
|
5
|
-
|
|
6
|
-
class TestSessionDS < OpenSCAP::TestCase
|
|
7
|
-
def test_sds_true
|
|
8
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
9
|
-
assert @s.sds?
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def test_session_load
|
|
13
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
14
|
-
@s.load
|
|
15
|
-
@s.evaluate
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def test_session_load_ds_comp
|
|
19
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
20
|
-
@s.load(:datastream_id => 'scap_org.open-scap_datastream_tst2', :component_id => 'scap_org.open-scap_cref_second-xccdf.xml2')
|
|
21
|
-
@s.evaluate
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def test_session_load_bad_datastream
|
|
25
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
26
|
-
msg = nil
|
|
27
|
-
begin
|
|
28
|
-
@s.load(:datastream_id => 'nonexistent')
|
|
29
|
-
assert false
|
|
30
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
31
|
-
msg = e.to_s
|
|
32
|
-
end
|
|
33
|
-
assert msg.start_with?("Failed to locate a datastream with ID matching 'nonexistent' ID and checklist inside matching '<any>' ID.")
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
def test_session_load_bad_component
|
|
37
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
38
|
-
msg = nil
|
|
39
|
-
begin
|
|
40
|
-
@s.load(:component_id => 'nonexistent')
|
|
41
|
-
assert false
|
|
42
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
43
|
-
msg = e.to_s
|
|
44
|
-
end
|
|
45
|
-
assert msg.start_with?("Failed to locate a datastream with ID matching '<any>' ID and checklist inside matching 'nonexistent' ID.")
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
def test_session_set_profile
|
|
49
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
50
|
-
@s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
|
|
51
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
|
52
|
-
@s.evaluate
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
def test_session_set_profile_bad
|
|
56
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
57
|
-
@s.load
|
|
58
|
-
msg = nil
|
|
59
|
-
begin
|
|
60
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
|
61
|
-
assert false
|
|
62
|
-
rescue OpenSCAP::OpenSCAPError => e
|
|
63
|
-
msg = e.to_s
|
|
64
|
-
end
|
|
65
|
-
assert msg.start_with?("No profile 'xccdf_moc.elpmaxe.www_profile_1' found")
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
def test_session_export_rds
|
|
69
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
70
|
-
@s.load
|
|
71
|
-
@s.evaluate
|
|
72
|
-
@s.export_results(:rds_file => 'report.rds.xml')
|
|
73
|
-
assert_exported ['report.rds.xml']
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
def test_session_export_xccdf_results
|
|
77
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
78
|
-
@s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
|
|
79
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
|
80
|
-
@s.evaluate
|
|
81
|
-
@s.export_results(:xccdf_file => 'result.xccdf.xml')
|
|
82
|
-
assert_exported ['result.xccdf.xml']
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
def test_session_export_html_report
|
|
86
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
87
|
-
@s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
|
|
88
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
|
89
|
-
@s.evaluate
|
|
90
|
-
@s.export_results(:report_file => 'report.html', :xccdf_file => 'result.xccdf.xml')
|
|
91
|
-
assert_exported ['report.html', 'result.xccdf.xml']
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
def test_session_export_oval_variables
|
|
95
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
96
|
-
@s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
|
|
97
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
|
98
|
-
@s.evaluate
|
|
99
|
-
@s.export_results(:oval_variables => true)
|
|
100
|
-
assert_exported []
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
def test_remediate
|
|
104
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
|
105
|
-
@s.load(:component_id => 'scap_org.open-scap_cref_second-xccdf.xml')
|
|
106
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
|
107
|
-
@s.evaluate
|
|
108
|
-
@s.remediate
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
def assert_exported(files)
|
|
112
|
-
# libopenscap compiled with --enable-debug creates debug files
|
|
113
|
-
FileUtils.rm_rf(Dir.glob('oscap_debug.log.*'))
|
|
114
|
-
assert files.sort == Dir.glob('*').sort
|
|
115
|
-
end
|
|
116
|
-
end
|