openscap 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/openscap/version.rb +1 -1
- data/lib/openscap/xccdf/benchmark.rb +10 -10
- data/lib/openscap/xccdf/fix.rb +7 -14
- data/lib/openscap/xccdf/fixtext.rb +19 -0
- data/lib/openscap/xccdf/group.rb +6 -12
- data/lib/openscap/xccdf/ident.rb +4 -10
- data/lib/openscap/xccdf/item.rb +6 -6
- data/lib/openscap/xccdf/item_common.rb +1 -1
- data/lib/openscap/xccdf/policy.rb +3 -4
- data/lib/openscap/xccdf/policy_model.rb +6 -14
- data/lib/openscap/xccdf/profile.rb +2 -2
- data/lib/openscap/xccdf/reference.rb +5 -21
- data/lib/openscap/xccdf/rule.rb +32 -8
- data/lib/openscap/xccdf/ruleresult.rb +5 -7
- data/lib/openscap/xccdf/session.rb +11 -11
- data/lib/openscap/xccdf/status.rb +1 -2
- data/lib/openscap/xccdf/tailoring.rb +6 -12
- data/lib/openscap/xccdf/testresult.rb +12 -16
- data/lib/openscap/xccdf/value.rb +1 -2
- metadata +5 -27
- data/test/common/testcase.rb +0 -38
- data/test/data/arf.xml +0 -275156
- data/test/data/invalid.xml +0 -20
- data/test/data/sds-complex.xml +0 -132
- data/test/data/tailoring.xml +0 -31
- data/test/data/testresult.xml +0 -225
- data/test/data/xccdf.xml +0 -3047
- data/test/ds/arf_test.rb +0 -96
- data/test/ds/sds_test.rb +0 -89
- data/test/integration/arf_waiver_test.rb +0 -91
- data/test/openscap_test.rb +0 -21
- data/test/source_test.rb +0 -78
- data/test/text_test.rb +0 -19
- data/test/xccdf/arf_test.rb +0 -43
- data/test/xccdf/benchmark_test.rb +0 -201
- data/test/xccdf/item_test.rb +0 -82
- data/test/xccdf/policy_test.rb +0 -48
- data/test/xccdf/profile_test.rb +0 -62
- data/test/xccdf/session_ds_test.rb +0 -116
- data/test/xccdf/session_test.rb +0 -33
- data/test/xccdf/tailoring_test.rb +0 -30
- data/test/xccdf/testresult_test.rb +0 -99
- data/test/xccdf/value_test.rb +0 -67
data/test/ds/arf_test.rb
DELETED
@@ -1,96 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'openscap'
|
4
|
-
require 'openscap/ds/arf'
|
5
|
-
require 'common/testcase'
|
6
|
-
|
7
|
-
class TestArf < OpenSCAP::TestCase
|
8
|
-
REPORT = 'report.rds.xml'
|
9
|
-
|
10
|
-
def test_arf_new_nil
|
11
|
-
msg = nil
|
12
|
-
begin
|
13
|
-
OpenSCAP::DS::Arf.new(nil)
|
14
|
-
assert false
|
15
|
-
rescue OpenSCAP::OpenSCAPError => e
|
16
|
-
msg = e.to_s
|
17
|
-
end
|
18
|
-
assert msg.start_with?("Cannot initialize OpenSCAP::DS::Arf with ''"), "Message was: #{msg}"
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_arf_new_wrong_format
|
22
|
-
msg = nil
|
23
|
-
begin
|
24
|
-
OpenSCAP::DS::Arf.new('../data/xccdf.xml')
|
25
|
-
assert false
|
26
|
-
rescue OpenSCAP::OpenSCAPError => e
|
27
|
-
msg = e.to_s
|
28
|
-
end
|
29
|
-
assert msg.include?('Could not create Result DataStream session: File is not Result DataStream.'),
|
30
|
-
"Message was: #{msg}"
|
31
|
-
end
|
32
|
-
|
33
|
-
def test_create_arf_and_get_html
|
34
|
-
arf = new_arf
|
35
|
-
html = arf.html
|
36
|
-
arf.destroy
|
37
|
-
assert html.start_with?('<!DOCTYPE html><html'), 'DOCTYPE missing.'
|
38
|
-
assert html.include?('OpenSCAP')
|
39
|
-
assert html.include?('Compliance and Scoring')
|
40
|
-
end
|
41
|
-
|
42
|
-
def test_create_arf_and_get_profile
|
43
|
-
arf = new_arf
|
44
|
-
tr = arf.test_result
|
45
|
-
assert tr.profile == 'xccdf_moc.elpmaxe.www_profile_1',
|
46
|
-
"TestResult.profile was '#{tr.profile}'"
|
47
|
-
tr.destroy
|
48
|
-
arf.destroy
|
49
|
-
end
|
50
|
-
|
51
|
-
def test_new_memory
|
52
|
-
create_arf
|
53
|
-
raw_data = File.read(REPORT)
|
54
|
-
refute raw_data.empty?
|
55
|
-
arf = OpenSCAP::DS::Arf.new content: raw_data, path: REPORT
|
56
|
-
arf.destroy
|
57
|
-
end
|
58
|
-
|
59
|
-
def test_new_bz_memory
|
60
|
-
bziped_file = new_arf_bz
|
61
|
-
raw_data = File.binread(bziped_file)
|
62
|
-
assert !raw_data.empty?
|
63
|
-
len = File.size(bziped_file)
|
64
|
-
FileUtils.rm bziped_file
|
65
|
-
arf = OpenSCAP::DS::Arf.new content: raw_data, path: bziped_file, length: len
|
66
|
-
arf.destroy
|
67
|
-
end
|
68
|
-
|
69
|
-
def test_new_bz_file
|
70
|
-
bziped_file = new_arf_bz
|
71
|
-
arf = OpenSCAP::DS::Arf.new(bziped_file)
|
72
|
-
arf.destroy
|
73
|
-
FileUtils.rm bziped_file
|
74
|
-
end
|
75
|
-
|
76
|
-
private
|
77
|
-
|
78
|
-
def new_arf_bz
|
79
|
-
create_arf
|
80
|
-
system("/usr/bin/bzip2 #{REPORT}")
|
81
|
-
"#{REPORT}.bz2"
|
82
|
-
end
|
83
|
-
|
84
|
-
def new_arf
|
85
|
-
create_arf
|
86
|
-
OpenSCAP::DS::Arf.new(REPORT)
|
87
|
-
end
|
88
|
-
|
89
|
-
def create_arf
|
90
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
91
|
-
@s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
|
92
|
-
@s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
|
93
|
-
@s.evaluate
|
94
|
-
@s.export_results(rds_file: 'report.rds.xml')
|
95
|
-
end
|
96
|
-
end
|
data/test/ds/sds_test.rb
DELETED
@@ -1,89 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'openscap'
|
4
|
-
require 'openscap/source'
|
5
|
-
require 'openscap/ds/sds'
|
6
|
-
require 'common/testcase'
|
7
|
-
|
8
|
-
class TestSds < OpenSCAP::TestCase
|
9
|
-
DS_FILE = '../data/sds-complex.xml'
|
10
|
-
|
11
|
-
def test_new
|
12
|
-
new_sds.destroy
|
13
|
-
end
|
14
|
-
|
15
|
-
def test_new_non_sds
|
16
|
-
filename = '../data/xccdf.xml'
|
17
|
-
@s = OpenSCAP::Source.new filename
|
18
|
-
assert !@s.nil?
|
19
|
-
msg = nil
|
20
|
-
begin
|
21
|
-
OpenSCAP::DS::Sds.new source: @s
|
22
|
-
assert false
|
23
|
-
rescue OpenSCAP::OpenSCAPError => e
|
24
|
-
msg = e.to_s
|
25
|
-
end
|
26
|
-
assert msg.start_with?('Could not create Source DataStream session: File is not Source DataStream.'), msg
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_select_checklist
|
30
|
-
sds = new_sds
|
31
|
-
benchmark = sds.select_checklist!
|
32
|
-
assert !benchmark.nil?
|
33
|
-
sds.destroy
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_show_guides
|
37
|
-
sds = new_sds
|
38
|
-
benchmark_source = sds.select_checklist!
|
39
|
-
benchmark = OpenSCAP::Xccdf::Benchmark.new benchmark_source
|
40
|
-
benchmark.profiles.each_key do |id|
|
41
|
-
guide = sds.html_guide id
|
42
|
-
assert !guide.nil?
|
43
|
-
assert guide.include?(id)
|
44
|
-
end
|
45
|
-
benchmark.destroy
|
46
|
-
sds.destroy
|
47
|
-
end
|
48
|
-
|
49
|
-
def tests_select_checklist_wrong
|
50
|
-
sds = new_sds
|
51
|
-
msg = nil
|
52
|
-
begin
|
53
|
-
benchmark = sds.select_checklist! datastream_id: 'wrong'
|
54
|
-
assert false
|
55
|
-
rescue OpenSCAP::OpenSCAPError => e
|
56
|
-
msg = e.to_s
|
57
|
-
end
|
58
|
-
assert msg.start_with?('Failed to locate a datastream with ID matching'), msg
|
59
|
-
assert benchmark.nil?
|
60
|
-
sds.destroy
|
61
|
-
end
|
62
|
-
|
63
|
-
def tests_use_through_yields
|
64
|
-
OpenSCAP::Source.new DS_FILE do |source|
|
65
|
-
assert_equal 'SCAP Source Datastream', source.type
|
66
|
-
OpenSCAP::DS::Sds.new source: do |sds|
|
67
|
-
benchmark_source = sds.select_checklist!
|
68
|
-
html = sds.html_guide
|
69
|
-
assert_include html, 'bootstrap'
|
70
|
-
|
71
|
-
OpenSCAP::Xccdf::Benchmark.new benchmark_source do |benchmark|
|
72
|
-
assert_empty benchmark.profiles
|
73
|
-
assert benchmark.items.length == 1
|
74
|
-
assert benchmark.items.keys.first == 'xccdf_moc.elpmaxe.www_rule_first'
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
private
|
81
|
-
|
82
|
-
def new_sds
|
83
|
-
@s = OpenSCAP::Source.new DS_FILE
|
84
|
-
assert !@s.nil?
|
85
|
-
sds = OpenSCAP::DS::Sds.new source: @s
|
86
|
-
assert !sds.nil?
|
87
|
-
sds
|
88
|
-
end
|
89
|
-
end
|
@@ -1,91 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'openscap'
|
4
|
-
require 'openscap/xccdf/benchmark'
|
5
|
-
require 'openscap/xccdf/ruleresult'
|
6
|
-
require 'openscap/xccdf/session'
|
7
|
-
require 'openscap/xccdf/testresult'
|
8
|
-
require 'openscap/ds/arf'
|
9
|
-
require 'openscap/ds/sds'
|
10
|
-
require 'common/testcase'
|
11
|
-
|
12
|
-
class TestArfWaiver < OpenSCAP::TestCase
|
13
|
-
def test_waiver_and_score
|
14
|
-
assert_default_score tr.score, -1, 1
|
15
|
-
assert_default_score tr.score!(benchmark), -1, 1
|
16
|
-
|
17
|
-
rr.override!(new_result: :pass,
|
18
|
-
time: 'yesterday',
|
19
|
-
authority: 'John Hacker',
|
20
|
-
raw_text: 'This should have passed')
|
21
|
-
assert rr.result == 'pass'
|
22
|
-
|
23
|
-
assert_default_score tr.score, -1, 1
|
24
|
-
assert_default_score tr.score!(benchmark), 99, 101
|
25
|
-
|
26
|
-
# create updated DOM (that includes the override element and new score)
|
27
|
-
arf.test_result = tr
|
28
|
-
arf.source.save('modified.rds.xml')
|
29
|
-
tr.destroy
|
30
|
-
arf.destroy
|
31
|
-
|
32
|
-
arf2 = OpenSCAP::DS::Arf.new('modified.rds.xml')
|
33
|
-
tr2 = arf2.test_result('xccdf1')
|
34
|
-
assert_default_score tr.score, 99, 101
|
35
|
-
rr2 = tr2.rr['xccdf_moc.elpmaxe.www_rule_first']
|
36
|
-
assert rr2.result == 'pass'
|
37
|
-
tr2.destroy
|
38
|
-
arf2.destroy
|
39
|
-
end
|
40
|
-
|
41
|
-
private
|
42
|
-
|
43
|
-
def benchmark
|
44
|
-
@benchmark ||= benchmark_init
|
45
|
-
end
|
46
|
-
|
47
|
-
def benchmark_init
|
48
|
-
sds = arf.report_request
|
49
|
-
bench_source = sds.select_checklist!
|
50
|
-
bench = OpenSCAP::Xccdf::Benchmark.new bench_source
|
51
|
-
sds.destroy
|
52
|
-
bench
|
53
|
-
end
|
54
|
-
|
55
|
-
def rr
|
56
|
-
@rr ||= rr_init
|
57
|
-
end
|
58
|
-
|
59
|
-
def rr_init
|
60
|
-
assert tr.rr.size == 1
|
61
|
-
rr = tr.rr['xccdf_moc.elpmaxe.www_rule_first']
|
62
|
-
assert rr.result == 'fail'
|
63
|
-
rr
|
64
|
-
end
|
65
|
-
|
66
|
-
def tr
|
67
|
-
@tr ||= tr_init
|
68
|
-
end
|
69
|
-
|
70
|
-
def tr_init
|
71
|
-
tr = arf.test_result
|
72
|
-
assert tr.score.size == 1
|
73
|
-
score = tr.score['urn:xccdf:scoring:default']
|
74
|
-
assert score[:system] == 'urn:xccdf:scoring:default'
|
75
|
-
assert score[:max] == 100.0
|
76
|
-
assert score[:value] == 0.0
|
77
|
-
tr
|
78
|
-
end
|
79
|
-
|
80
|
-
def arf
|
81
|
-
@arf ||= arf_init
|
82
|
-
end
|
83
|
-
|
84
|
-
def arf_init
|
85
|
-
@s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
|
86
|
-
@s.load
|
87
|
-
@s.evaluate
|
88
|
-
@s.export_results(rds_file: 'report.rds.xml')
|
89
|
-
OpenSCAP::DS::Arf.new('report.rds.xml')
|
90
|
-
end
|
91
|
-
end
|
data/test/openscap_test.rb
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'common/testcase'
|
4
|
-
require 'openscap'
|
5
|
-
|
6
|
-
class TestOscapVersion < OpenSCAP::TestCase
|
7
|
-
def test_oscap_version
|
8
|
-
OpenSCAP.oscap_init
|
9
|
-
version = OpenSCAP.oscap_get_version
|
10
|
-
OpenSCAP.oscap_cleanup
|
11
|
-
assert version.include?('.')
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_double_read_error
|
15
|
-
assert !OpenSCAP.error?
|
16
|
-
msg = OpenSCAP.full_error
|
17
|
-
assert msg.nil?
|
18
|
-
msg = OpenSCAP.full_error
|
19
|
-
assert msg.nil?
|
20
|
-
end
|
21
|
-
end
|
data/test/source_test.rb
DELETED
@@ -1,78 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'openscap'
|
4
|
-
require 'openscap/source'
|
5
|
-
require 'common/testcase'
|
6
|
-
|
7
|
-
class TestSource < OpenSCAP::TestCase
|
8
|
-
def test_source_new_nil
|
9
|
-
msg = nil
|
10
|
-
begin
|
11
|
-
OpenSCAP::Source.new(nil)
|
12
|
-
assert false
|
13
|
-
rescue OpenSCAP::OpenSCAPError => e
|
14
|
-
msg = e.to_s
|
15
|
-
end
|
16
|
-
assert msg.start_with?('No filename specified!'), "Message was: #{msg}"
|
17
|
-
end
|
18
|
-
|
19
|
-
def test_source_new_ok
|
20
|
-
s = OpenSCAP::Source.new('../data/xccdf.xml')
|
21
|
-
s.destroy
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_source_new_memory
|
25
|
-
raw_data = File.read('../data/xccdf.xml')
|
26
|
-
refute raw_data.empty?
|
27
|
-
s = OpenSCAP::Source.new(content: raw_data, path: '/mytestpath')
|
28
|
-
s.destroy
|
29
|
-
end
|
30
|
-
|
31
|
-
def test_type_xccdf
|
32
|
-
OpenSCAP::Source.new('../data/xccdf.xml') do |s|
|
33
|
-
assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
|
34
|
-
s.validate!
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
def test_type_sds
|
39
|
-
OpenSCAP::Source.new('../data/sds-complex.xml') do |s|
|
40
|
-
assert s.type == 'SCAP Source Datastream', "Type was #{s.type}"
|
41
|
-
s.validate!
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
def test_type_test_result
|
46
|
-
s = OpenSCAP::Source.new('../data/testresult.xml')
|
47
|
-
assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
|
48
|
-
s.validate!
|
49
|
-
s.destroy
|
50
|
-
end
|
51
|
-
|
52
|
-
def test_validate_invalid
|
53
|
-
s = OpenSCAP::Source.new('../data/invalid.xml')
|
54
|
-
msg = nil
|
55
|
-
begin
|
56
|
-
s.validate!
|
57
|
-
assert false
|
58
|
-
rescue OpenSCAP::OpenSCAPError => e
|
59
|
-
msg = e.to_s
|
60
|
-
end
|
61
|
-
assert msg.start_with?('Invalid XCCDF Checklist (1.2) content in ../data/invalid.xml.'),
|
62
|
-
"Message was: #{msg}"
|
63
|
-
assert msg.include?("../data/invalid.xml:3: Element '{http"),
|
64
|
-
"Message was: #{msg}"
|
65
|
-
assert msg.include?('This element is not expected. Expected is'),
|
66
|
-
"Message was: #{msg}"
|
67
|
-
s.destroy
|
68
|
-
end
|
69
|
-
|
70
|
-
def test_save
|
71
|
-
s = OpenSCAP::Source.new('../data/testresult.xml')
|
72
|
-
filename = './newly_created.xml'
|
73
|
-
assert !File.exist?(filename)
|
74
|
-
s.save(filename)
|
75
|
-
assert File.exist?(filename)
|
76
|
-
FileUtils.rm_rf filename
|
77
|
-
end
|
78
|
-
end
|
data/test/text_test.rb
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'openscap'
|
4
|
-
require 'openscap/text'
|
5
|
-
require 'common/testcase'
|
6
|
-
|
7
|
-
class TestText < OpenSCAP::TestCase
|
8
|
-
def test_text_new
|
9
|
-
t = OpenSCAP::Text.new
|
10
|
-
t.destroy
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_text_set_text
|
14
|
-
t = OpenSCAP::Text.new
|
15
|
-
t.text = 'blah'
|
16
|
-
assert t.text == 'blah', "Text was: #{t.text}"
|
17
|
-
t.destroy
|
18
|
-
end
|
19
|
-
end
|
data/test/xccdf/arf_test.rb
DELETED
@@ -1,43 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'common/testcase'
|
4
|
-
require 'openscap'
|
5
|
-
require 'openscap/ds/sds'
|
6
|
-
require 'openscap/source'
|
7
|
-
require 'openscap/xccdf/benchmark'
|
8
|
-
|
9
|
-
class TestArf < OpenSCAP::TestCase
|
10
|
-
def test_new_from_file
|
11
|
-
b = benchmark_from_arf_file
|
12
|
-
b.destroy
|
13
|
-
end
|
14
|
-
|
15
|
-
def test_idents
|
16
|
-
b = benchmark_from_arf_file
|
17
|
-
item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140675']
|
18
|
-
idents = item.idents
|
19
|
-
assert idents.size == 25
|
20
|
-
end
|
21
|
-
|
22
|
-
def test_ident_title_url
|
23
|
-
b = benchmark_from_arf_file
|
24
|
-
item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140678']
|
25
|
-
idents = item.idents
|
26
|
-
assert idents.size == 2
|
27
|
-
ident = idents[0]
|
28
|
-
expected_id = 'RHSA-2014-0678'
|
29
|
-
expected_system = 'https://rhn.redhat.com/errata'
|
30
|
-
assert_equal(expected_id, ident.id)
|
31
|
-
assert_equal(expected_system, ident.system)
|
32
|
-
end
|
33
|
-
|
34
|
-
private
|
35
|
-
|
36
|
-
def benchmark_from_arf_file
|
37
|
-
arf = OpenSCAP::DS::Arf.new('../data/arf.xml')
|
38
|
-
_test_results = arf.test_result
|
39
|
-
source_datastream = arf.report_request
|
40
|
-
bench_source = source_datastream.select_checklist!
|
41
|
-
OpenSCAP::Xccdf::Benchmark.new(bench_source)
|
42
|
-
end
|
43
|
-
end
|
@@ -1,201 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'common/testcase'
|
4
|
-
require 'openscap'
|
5
|
-
require 'openscap/ds/sds'
|
6
|
-
require 'openscap/source'
|
7
|
-
require 'openscap/xccdf/benchmark'
|
8
|
-
|
9
|
-
class TestBenchmark < OpenSCAP::TestCase
|
10
|
-
def test_new_from_file
|
11
|
-
b = benchmark_from_file
|
12
|
-
b.destroy
|
13
|
-
end
|
14
|
-
|
15
|
-
def test_new_from_sds
|
16
|
-
@s = OpenSCAP::Source.new '../data/sds-complex.xml'
|
17
|
-
sds = OpenSCAP::DS::Sds.new @s
|
18
|
-
bench_source = sds.select_checklist!
|
19
|
-
assert !bench_source.nil?
|
20
|
-
b = OpenSCAP::Xccdf::Benchmark.new bench_source
|
21
|
-
assert !b.nil?
|
22
|
-
b.destroy
|
23
|
-
sds.destroy
|
24
|
-
end
|
25
|
-
|
26
|
-
def test_new_from_wrong
|
27
|
-
@s = OpenSCAP::Source.new '../data/testresult.xml'
|
28
|
-
msg = nil
|
29
|
-
begin
|
30
|
-
OpenSCAP::Xccdf::Benchmark.new @s
|
31
|
-
assert false
|
32
|
-
rescue OpenSCAP::OpenSCAPError => e
|
33
|
-
msg = e.to_s
|
34
|
-
end
|
35
|
-
assert msg.start_with?("Find element 'TestResult' while expecting element: 'Benchmark'"), msg
|
36
|
-
end
|
37
|
-
|
38
|
-
def test_items_in_benchmark
|
39
|
-
b = benchmark_from_file
|
40
|
-
assert b.items.size == 138
|
41
|
-
rules_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Rule) }
|
42
|
-
groups_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Group) }
|
43
|
-
assert rules_count == 76, "Got #{rules_count} rules"
|
44
|
-
assert groups_count == 62, "Got #{groups_count} groups"
|
45
|
-
b.destroy
|
46
|
-
end
|
47
|
-
|
48
|
-
def test_items_title
|
49
|
-
b = benchmark_from_file
|
50
|
-
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
51
|
-
assert prelink_rule.title == 'Prelinking Disabled', prelink_rule.title
|
52
|
-
b.destroy
|
53
|
-
end
|
54
|
-
|
55
|
-
def test_items_description
|
56
|
-
b = benchmark_from_file
|
57
|
-
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
58
|
-
expected_result = "\nThe Red Hat platform includes a sophisticated auditing system\nand SELinux, which provide host-based intrusion detection capabilities.\n"
|
59
|
-
assert install_hids_rule.description == expected_result, install_hids_rule.description
|
60
|
-
b.destroy
|
61
|
-
end
|
62
|
-
|
63
|
-
def test_items_rationale
|
64
|
-
b = benchmark_from_file
|
65
|
-
aide_rule = b.items['xccdf_org.ssgproject.content_rule_package_aide_installed']
|
66
|
-
expected_rationale = "\nThe AIDE package must be installed if it is to be available for integrity checking.\n"
|
67
|
-
assert aide_rule.rationale == expected_rationale, aide_rule.rationale
|
68
|
-
b.destroy
|
69
|
-
end
|
70
|
-
|
71
|
-
def test_items_severity
|
72
|
-
b = benchmark_from_file
|
73
|
-
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
74
|
-
assert prelink_rule.severity == 'Low', prelink_rule.severity
|
75
|
-
b.destroy
|
76
|
-
end
|
77
|
-
|
78
|
-
def test_items_references
|
79
|
-
b = benchmark_from_file
|
80
|
-
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
81
|
-
expected_references = [{ title: 'SC-7',
|
82
|
-
href: 'http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf',
|
83
|
-
html_link: "<a href='http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf'>SC-7</a>" },
|
84
|
-
{ title: '1263',
|
85
|
-
href: 'http://iase.disa.mil/cci/index.html',
|
86
|
-
html_link: "<a href='http://iase.disa.mil/cci/index.html'>1263</a>" }]
|
87
|
-
assert_equal(expected_references, install_hids_rule.references.map(&:to_hash), 'Install hids references should be equal')
|
88
|
-
b.destroy
|
89
|
-
end
|
90
|
-
|
91
|
-
def test_items_fixes
|
92
|
-
b = benchmark_from_file
|
93
|
-
login_defs_rule = b.items['xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs']
|
94
|
-
expected_content = ["var_accounts_minimum_age_login_defs=\"<sub xmlns=\"http://checklists.nist.gov/xccdf/1.2\" idref=\"xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs\" use=\"legacy\"/>\"\ngrep -q ^PASS_MIN_DAYS /etc/login.defs && \\\nsed -i \"s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs/g\" /etc/login.defs\nif ! [ $? -eq 0 ]\nthen\n echo -e \"PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs\" >> /etc/login.defs\nfi\n"]
|
95
|
-
expected_hashes = [{
|
96
|
-
id: nil,
|
97
|
-
platform: nil,
|
98
|
-
content: expected_content.first,
|
99
|
-
system: 'urn:xccdf:fix:script:sh'
|
100
|
-
}]
|
101
|
-
assert_equal(expected_content, login_defs_rule.fixes.map(&:content), 'Fix content should match')
|
102
|
-
assert_equal(expected_hashes, login_defs_rule.fixes.map(&:to_hash), 'Fix hash should match')
|
103
|
-
b.destroy
|
104
|
-
end
|
105
|
-
|
106
|
-
def test_benchamrk_id
|
107
|
-
with_benchmark do |b|
|
108
|
-
assert_equal b.id, 'xccdf_org.ssgproject.content_benchmark_FEDORA'
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
def test_status_current
|
113
|
-
with_benchmark do |b|
|
114
|
-
status = b.status_current
|
115
|
-
assert_equal status.status, :draft
|
116
|
-
release_date = status.date
|
117
|
-
assert_equal release_date.year, 2014
|
118
|
-
assert_equal release_date.month, 10
|
119
|
-
assert_equal release_date.day, 2
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
|
-
def test_title
|
124
|
-
with_benchmark do |b|
|
125
|
-
assert_equal b.title, 'Guide to the Secure Configuration of Fedora'
|
126
|
-
end
|
127
|
-
end
|
128
|
-
|
129
|
-
def test_description
|
130
|
-
with_benchmark do |b|
|
131
|
-
assert_equal b.description, DESCRIPTION
|
132
|
-
end
|
133
|
-
end
|
134
|
-
|
135
|
-
def test_version
|
136
|
-
with_benchmark do |b|
|
137
|
-
assert_equal b.version, '0.0.4'
|
138
|
-
end
|
139
|
-
end
|
140
|
-
|
141
|
-
def test_references
|
142
|
-
with_benchmark do |b|
|
143
|
-
assert_equal b.references, []
|
144
|
-
end
|
145
|
-
end
|
146
|
-
|
147
|
-
def test_resolved
|
148
|
-
with_benchmark do |b|
|
149
|
-
assert b.resolved?
|
150
|
-
end
|
151
|
-
end
|
152
|
-
|
153
|
-
def test_policy_model
|
154
|
-
with_benchmark do |b|
|
155
|
-
assert b.policy_model.policies.keys == ['xccdf_org.ssgproject.content_profile_common']
|
156
|
-
end
|
157
|
-
end
|
158
|
-
|
159
|
-
def test_schema_version
|
160
|
-
with_benchmark do |b|
|
161
|
-
assert_equal b.schema_version, '1.2'
|
162
|
-
end
|
163
|
-
end
|
164
|
-
|
165
|
-
private
|
166
|
-
|
167
|
-
def benchmark_from_file
|
168
|
-
source = OpenSCAP::Source.new '../data/xccdf.xml'
|
169
|
-
b = OpenSCAP::Xccdf::Benchmark.new source
|
170
|
-
source.destroy
|
171
|
-
assert !b.nil?
|
172
|
-
b
|
173
|
-
end
|
174
|
-
|
175
|
-
def with_benchmark(&)
|
176
|
-
OpenSCAP::Source.new '../data/xccdf.xml' do |source|
|
177
|
-
OpenSCAP::Xccdf::Benchmark.new(source, &)
|
178
|
-
end
|
179
|
-
end
|
180
|
-
|
181
|
-
DESCRIPTION = "This guide presents a catalog of security-relevant configuration\n" \
|
182
|
-
"settings for Fedora operating system formatted in the eXtensible Configuration\n" \
|
183
|
-
"Checklist Description Format (XCCDF).\n" \
|
184
|
-
"<br xmlns=\"http://www.w3.org/1999/xhtml\"/>\n" \
|
185
|
-
"<br xmlns=\"http://www.w3.org/1999/xhtml\"/>\n" \
|
186
|
-
"Providing system administrators with such guidance informs them how to securely\n" \
|
187
|
-
"configure systems under their control in a variety of network roles. Policy\n" \
|
188
|
-
"makers and baseline creators can use this catalog of settings, with its\n" \
|
189
|
-
"associated references to higher-level security control catalogs, in order to\n" \
|
190
|
-
"assist them in security baseline creation. This guide is a <i xmlns=\"http://www.w3.org/1999/xhtml\">catalog, not a\n" \
|
191
|
-
"checklist,</i> and satisfaction of every item is not likely to be possible or\n" \
|
192
|
-
"sensible in many operational scenarios. However, the XCCDF format enables\n" \
|
193
|
-
"granular selection and adjustment of settings, and their association with OVAL\n" \
|
194
|
-
"and OCIL content provides an automated checking capability. Transformations of\n" \
|
195
|
-
"this document, and its associated automated checking content, are capable of\n" \
|
196
|
-
"providing baselines that meet a diverse set of policy objectives. Some example\n" \
|
197
|
-
"XCCDF <i xmlns=\"http://www.w3.org/1999/xhtml\">Profiles</i>, which are selections of items that form checklists and\n" \
|
198
|
-
"can be used as baselines, are available with this guide. They can be\n" \
|
199
|
-
"processed, in an automated fashion, with tools that support the Security\n" \
|
200
|
-
"Content Automation Protocol (SCAP).\n"
|
201
|
-
end
|