openscap 0.5.0 → 0.5.1

data/test/ds/arf_test.rb

@@ -1,96 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/ds/arf'
-require 'common/testcase'
-
-class TestArf < OpenSCAP::TestCase
-  REPORT = 'report.rds.xml'
-
-  def test_arf_new_nil
-    msg = nil
-    begin
-      OpenSCAP::DS::Arf.new(nil)
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?("Cannot initialize OpenSCAP::DS::Arf with ''"), "Message was: #{msg}"
-  end
-
-  def test_arf_new_wrong_format
-    msg = nil
-    begin
-      OpenSCAP::DS::Arf.new('../data/xccdf.xml')
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.include?('Could not create Result DataStream session: File is not Result DataStream.'),
-           "Message was: #{msg}"
-  end
-
-  def test_create_arf_and_get_html
-    arf = new_arf
-    html = arf.html
-    arf.destroy
-    assert html.start_with?('<!DOCTYPE html><html'), 'DOCTYPE missing.'
-    assert html.include?('OpenSCAP')
-    assert html.include?('Compliance and Scoring')
-  end
-
-  def test_create_arf_and_get_profile
-    arf = new_arf
-    tr = arf.test_result
-    assert tr.profile == 'xccdf_moc.elpmaxe.www_profile_1',
-           "TestResult.profile was '#{tr.profile}'"
-    tr.destroy
-    arf.destroy
-  end
-
-  def test_new_memory
-    create_arf
-    raw_data = File.read(REPORT)
-    refute raw_data.empty?
-    arf = OpenSCAP::DS::Arf.new content: raw_data, path: REPORT
-    arf.destroy
-  end
-
-  def test_new_bz_memory
-    bziped_file = new_arf_bz
-    raw_data = File.binread(bziped_file)
-    assert !raw_data.empty?
-    len = File.size(bziped_file)
-    FileUtils.rm bziped_file
-    arf = OpenSCAP::DS::Arf.new content: raw_data, path: bziped_file, length: len
-    arf.destroy
-  end
-
-  def test_new_bz_file
-    bziped_file = new_arf_bz
-    arf = OpenSCAP::DS::Arf.new(bziped_file)
-    arf.destroy
-    FileUtils.rm bziped_file
-  end
-
-  private
-
-  def new_arf_bz
-    create_arf
-    system("/usr/bin/bzip2 #{REPORT}")
-    "#{REPORT}.bz2"
-  end
-
-  def new_arf
-    create_arf
-    OpenSCAP::DS::Arf.new(REPORT)
-  end
-
-  def create_arf
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
-    @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
-    @s.evaluate
-    @s.export_results(rds_file: 'report.rds.xml')
-  end
-end

data/test/ds/sds_test.rb

@@ -1,89 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/source'
-require 'openscap/ds/sds'
-require 'common/testcase'
-
-class TestSds < OpenSCAP::TestCase
-  DS_FILE = '../data/sds-complex.xml'
-
-  def test_new
-    new_sds.destroy
-  end
-
-  def test_new_non_sds
-    filename = '../data/xccdf.xml'
-    @s = OpenSCAP::Source.new filename
-    assert !@s.nil?
-    msg = nil
-    begin
-      OpenSCAP::DS::Sds.new source: @s
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?('Could not create Source DataStream session: File is not Source DataStream.'), msg
-  end
-
-  def test_select_checklist
-    sds = new_sds
-    benchmark = sds.select_checklist!
-    assert !benchmark.nil?
-    sds.destroy
-  end
-
-  def test_show_guides
-    sds = new_sds
-    benchmark_source = sds.select_checklist!
-    benchmark = OpenSCAP::Xccdf::Benchmark.new benchmark_source
-    benchmark.profiles.each_key do |id|
-      guide = sds.html_guide id
-      assert !guide.nil?
-      assert guide.include?(id)
-    end
-    benchmark.destroy
-    sds.destroy
-  end
-
-  def tests_select_checklist_wrong
-    sds = new_sds
-    msg = nil
-    begin
-      benchmark = sds.select_checklist! datastream_id: 'wrong'
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?('Failed to locate a datastream with ID matching'), msg
-    assert benchmark.nil?
-    sds.destroy
-  end
-
-  def tests_use_through_yields
-    OpenSCAP::Source.new DS_FILE do |source|
-      assert_equal 'SCAP Source Datastream', source.type
-      OpenSCAP::DS::Sds.new source: do |sds|
-        benchmark_source = sds.select_checklist!
-        html = sds.html_guide
-        assert_include html, 'bootstrap'
-
-        OpenSCAP::Xccdf::Benchmark.new benchmark_source do |benchmark|
-          assert_empty benchmark.profiles
-          assert benchmark.items.length == 1
-          assert benchmark.items.keys.first == 'xccdf_moc.elpmaxe.www_rule_first'
-        end
-      end
-    end
-  end
-
-  private
-
-  def new_sds
-    @s = OpenSCAP::Source.new DS_FILE
-    assert !@s.nil?
-    sds = OpenSCAP::DS::Sds.new source: @s
-    assert !sds.nil?
-    sds
-  end
-end

data/test/integration/arf_waiver_test.rb

@@ -1,91 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/xccdf/benchmark'
-require 'openscap/xccdf/ruleresult'
-require 'openscap/xccdf/session'
-require 'openscap/xccdf/testresult'
-require 'openscap/ds/arf'
-require 'openscap/ds/sds'
-require 'common/testcase'
-
-class TestArfWaiver < OpenSCAP::TestCase
-  def test_waiver_and_score
-    assert_default_score tr.score, -1, 1
-    assert_default_score tr.score!(benchmark), -1, 1
-
-    rr.override!(new_result: :pass,
-                 time: 'yesterday',
-                 authority: 'John Hacker',
-                 raw_text: 'This should have passed')
-    assert rr.result == 'pass'
-
-    assert_default_score tr.score, -1, 1
-    assert_default_score tr.score!(benchmark), 99, 101
-
-    # create updated DOM (that includes the override element and new score)
-    arf.test_result = tr
-    arf.source.save('modified.rds.xml')
-    tr.destroy
-    arf.destroy
-
-    arf2 = OpenSCAP::DS::Arf.new('modified.rds.xml')
-    tr2 = arf2.test_result('xccdf1')
-    assert_default_score tr.score, 99, 101
-    rr2 = tr2.rr['xccdf_moc.elpmaxe.www_rule_first']
-    assert rr2.result == 'pass'
-    tr2.destroy
-    arf2.destroy
-  end
-
-  private
-
-  def benchmark
-    @benchmark ||= benchmark_init
-  end
-
-  def benchmark_init
-    sds = arf.report_request
-    bench_source = sds.select_checklist!
-    bench = OpenSCAP::Xccdf::Benchmark.new bench_source
-    sds.destroy
-    bench
-  end
-
-  def rr
-    @rr ||= rr_init
-  end
-
-  def rr_init
-    assert tr.rr.size == 1
-    rr = tr.rr['xccdf_moc.elpmaxe.www_rule_first']
-    assert rr.result == 'fail'
-    rr
-  end
-
-  def tr
-    @tr ||= tr_init
-  end
-
-  def tr_init
-    tr = arf.test_result
-    assert tr.score.size == 1
-    score = tr.score['urn:xccdf:scoring:default']
-    assert score[:system] == 'urn:xccdf:scoring:default'
-    assert score[:max] == 100.0
-    assert score[:value] == 0.0
-    tr
-  end
-
-  def arf
-    @arf ||= arf_init
-  end
-
-  def arf_init
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load
-    @s.evaluate
-    @s.export_results(rds_file: 'report.rds.xml')
-    OpenSCAP::DS::Arf.new('report.rds.xml')
-  end
-end

data/test/openscap_test.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-require 'common/testcase'
-require 'openscap'
-
-class TestOscapVersion < OpenSCAP::TestCase
-  def test_oscap_version
-    OpenSCAP.oscap_init
-    version = OpenSCAP.oscap_get_version
-    OpenSCAP.oscap_cleanup
-    assert version.include?('.')
-  end
-
-  def test_double_read_error
-    assert !OpenSCAP.error?
-    msg = OpenSCAP.full_error
-    assert msg.nil?
-    msg = OpenSCAP.full_error
-    assert msg.nil?
-  end
-end

data/test/source_test.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/source'
-require 'common/testcase'
-
-class TestSource < OpenSCAP::TestCase
-  def test_source_new_nil
-    msg = nil
-    begin
-      OpenSCAP::Source.new(nil)
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?('No filename specified!'), "Message was: #{msg}"
-  end
-
-  def test_source_new_ok
-    s = OpenSCAP::Source.new('../data/xccdf.xml')
-    s.destroy
-  end
-
-  def test_source_new_memory
-    raw_data = File.read('../data/xccdf.xml')
-    refute raw_data.empty?
-    s = OpenSCAP::Source.new(content: raw_data, path: '/mytestpath')
-    s.destroy
-  end
-
-  def test_type_xccdf
-    OpenSCAP::Source.new('../data/xccdf.xml') do |s|
-      assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
-      s.validate!
-    end
-  end
-
-  def test_type_sds
-    OpenSCAP::Source.new('../data/sds-complex.xml') do |s|
-      assert s.type == 'SCAP Source Datastream', "Type was #{s.type}"
-      s.validate!
-    end
-  end
-
-  def test_type_test_result
-    s = OpenSCAP::Source.new('../data/testresult.xml')
-    assert s.type == 'XCCDF Checklist', "Type was #{s.type}"
-    s.validate!
-    s.destroy
-  end
-
-  def test_validate_invalid
-    s = OpenSCAP::Source.new('../data/invalid.xml')
-    msg = nil
-    begin
-      s.validate!
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?('Invalid XCCDF Checklist (1.2) content in ../data/invalid.xml.'),
-           "Message was: #{msg}"
-    assert msg.include?("../data/invalid.xml:3: Element '{http"),
-           "Message was: #{msg}"
-    assert msg.include?('This element is not expected. Expected is'),
-           "Message was: #{msg}"
-    s.destroy
-  end
-
-  def test_save
-    s = OpenSCAP::Source.new('../data/testresult.xml')
-    filename = './newly_created.xml'
-    assert !File.exist?(filename)
-    s.save(filename)
-    assert File.exist?(filename)
-    FileUtils.rm_rf filename
-  end
-end

data/test/text_test.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/text'
-require 'common/testcase'
-
-class TestText < OpenSCAP::TestCase
-  def test_text_new
-    t = OpenSCAP::Text.new
-    t.destroy
-  end
-
-  def test_text_set_text
-    t = OpenSCAP::Text.new
-    t.text = 'blah'
-    assert t.text == 'blah', "Text was: #{t.text}"
-    t.destroy
-  end
-end

data/test/xccdf/arf_test.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require 'common/testcase'
-require 'openscap'
-require 'openscap/ds/sds'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-
-class TestArf < OpenSCAP::TestCase
-  def test_new_from_file
-    b = benchmark_from_arf_file
-    b.destroy
-  end
-
-  def test_idents
-    b = benchmark_from_arf_file
-    item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140675']
-    idents = item.idents
-    assert idents.size == 25
-  end
-
-  def test_ident_title_url
-    b = benchmark_from_arf_file
-    item = b.items['xccdf_com.redhat.rhsa_rule_oval-com.redhat.rhsa-def-20140678']
-    idents = item.idents
-    assert idents.size == 2
-    ident = idents[0]
-    expected_id = 'RHSA-2014-0678'
-    expected_system = 'https://rhn.redhat.com/errata'
-    assert_equal(expected_id, ident.id)
-    assert_equal(expected_system, ident.system)
-  end
-
-  private
-
-  def benchmark_from_arf_file
-    arf = OpenSCAP::DS::Arf.new('../data/arf.xml')
-    _test_results = arf.test_result
-    source_datastream = arf.report_request
-    bench_source = source_datastream.select_checklist!
-    OpenSCAP::Xccdf::Benchmark.new(bench_source)
-  end
-end

data/test/xccdf/benchmark_test.rb

@@ -1,201 +0,0 @@
-# frozen_string_literal: true
-
-require 'common/testcase'
-require 'openscap'
-require 'openscap/ds/sds'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-
-class TestBenchmark < OpenSCAP::TestCase
-  def test_new_from_file
-    b = benchmark_from_file
-    b.destroy
-  end
-
-  def test_new_from_sds
-    @s = OpenSCAP::Source.new '../data/sds-complex.xml'
-    sds = OpenSCAP::DS::Sds.new @s
-    bench_source = sds.select_checklist!
-    assert !bench_source.nil?
-    b = OpenSCAP::Xccdf::Benchmark.new bench_source
-    assert !b.nil?
-    b.destroy
-    sds.destroy
-  end
-
-  def test_new_from_wrong
-    @s = OpenSCAP::Source.new '../data/testresult.xml'
-    msg = nil
-    begin
-      OpenSCAP::Xccdf::Benchmark.new @s
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?("Find element 'TestResult' while expecting element: 'Benchmark'"), msg
-  end
-
-  def test_items_in_benchmark
-    b = benchmark_from_file
-    assert b.items.size == 138
-    rules_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Rule) }
-    groups_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Group) }
-    assert rules_count == 76, "Got #{rules_count} rules"
-    assert groups_count == 62, "Got #{groups_count} groups"
-    b.destroy
-  end
-
-  def test_items_title
-    b = benchmark_from_file
-    prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
-    assert prelink_rule.title == 'Prelinking Disabled', prelink_rule.title
-    b.destroy
-  end
-
-  def test_items_description
-    b = benchmark_from_file
-    install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
-    expected_result = "\nThe Red Hat platform includes a sophisticated auditing system\nand SELinux, which provide host-based intrusion detection capabilities.\n"
-    assert install_hids_rule.description == expected_result, install_hids_rule.description
-    b.destroy
-  end
-
-  def test_items_rationale
-    b = benchmark_from_file
-    aide_rule = b.items['xccdf_org.ssgproject.content_rule_package_aide_installed']
-    expected_rationale = "\nThe AIDE package must be installed if it is to be available for integrity checking.\n"
-    assert aide_rule.rationale == expected_rationale, aide_rule.rationale
-    b.destroy
-  end
-
-  def test_items_severity
-    b = benchmark_from_file
-    prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
-    assert prelink_rule.severity == 'Low', prelink_rule.severity
-    b.destroy
-  end
-
-  def test_items_references
-    b = benchmark_from_file
-    install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
-    expected_references = [{ title: 'SC-7',
-                             href: 'http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf',
-                             html_link: "<a href='http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf'>SC-7</a>" },
-                           { title: '1263',
-                             href: 'http://iase.disa.mil/cci/index.html',
-                             html_link: "<a href='http://iase.disa.mil/cci/index.html'>1263</a>" }]
-    assert_equal(expected_references, install_hids_rule.references.map(&:to_hash), 'Install hids references should be equal')
-    b.destroy
-  end
-
-  def test_items_fixes
-    b = benchmark_from_file
-    login_defs_rule = b.items['xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs']
-    expected_content = ["var_accounts_minimum_age_login_defs=\"<sub xmlns=\"http://checklists.nist.gov/xccdf/1.2\" idref=\"xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs\" use=\"legacy\"/>\"\ngrep -q ^PASS_MIN_DAYS /etc/login.defs &amp;&amp; \\\nsed -i \"s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs/g\" /etc/login.defs\nif ! [ $? -eq 0 ]\nthen\n  echo -e \"PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs\" &gt;&gt; /etc/login.defs\nfi\n"]
-    expected_hashes = [{
-      id: nil,
-      platform: nil,
-      content: expected_content.first,
-      system: 'urn:xccdf:fix:script:sh'
-    }]
-    assert_equal(expected_content, login_defs_rule.fixes.map(&:content), 'Fix content should match')
-    assert_equal(expected_hashes, login_defs_rule.fixes.map(&:to_hash), 'Fix hash should match')
-    b.destroy
-  end
-
-  def test_benchamrk_id
-    with_benchmark do |b|
-      assert_equal b.id, 'xccdf_org.ssgproject.content_benchmark_FEDORA'
-    end
-  end
-
-  def test_status_current
-    with_benchmark do |b|
-      status = b.status_current
-      assert_equal status.status, :draft
-      release_date = status.date
-      assert_equal release_date.year, 2014
-      assert_equal release_date.month, 10
-      assert_equal release_date.day, 2
-    end
-  end
-
-  def test_title
-    with_benchmark do |b|
-      assert_equal b.title, 'Guide to the Secure Configuration of Fedora'
-    end
-  end
-
-  def test_description
-    with_benchmark do |b|
-      assert_equal b.description, DESCRIPTION
-    end
-  end
-
-  def test_version
-    with_benchmark do |b|
-      assert_equal b.version, '0.0.4'
-    end
-  end
-
-  def test_references
-    with_benchmark do |b|
-      assert_equal b.references, []
-    end
-  end
-
-  def test_resolved
-    with_benchmark do |b|
-      assert b.resolved?
-    end
-  end
-
-  def test_policy_model
-    with_benchmark do |b|
-      assert b.policy_model.policies.keys == ['xccdf_org.ssgproject.content_profile_common']
-    end
-  end
-
-  def test_schema_version
-    with_benchmark do |b|
-      assert_equal b.schema_version, '1.2'
-    end
-  end
-
-  private
-
-  def benchmark_from_file
-    source = OpenSCAP::Source.new '../data/xccdf.xml'
-    b = OpenSCAP::Xccdf::Benchmark.new source
-    source.destroy
-    assert !b.nil?
-    b
-  end
-
-  def with_benchmark(&)
-    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
-      OpenSCAP::Xccdf::Benchmark.new(source, &)
-    end
-  end
-
-  DESCRIPTION = "This guide presents a catalog of security-relevant configuration\n" \
-                "settings for Fedora operating system formatted in the eXtensible Configuration\n" \
-                "Checklist Description Format (XCCDF).\n" \
-                "<br xmlns=\"http://www.w3.org/1999/xhtml\"/>\n" \
-                "<br xmlns=\"http://www.w3.org/1999/xhtml\"/>\n" \
-                "Providing system administrators with such guidance informs them how to securely\n" \
-                "configure systems under their control in a variety of network roles.  Policy\n" \
-                "makers and baseline creators can use this catalog of settings, with its\n" \
-                "associated references to higher-level security control catalogs, in order to\n" \
-                "assist them in security baseline creation.  This guide is a <i xmlns=\"http://www.w3.org/1999/xhtml\">catalog, not a\n" \
-                "checklist,</i> and satisfaction of every item is not likely to be possible or\n" \
-                "sensible in many operational scenarios.  However, the XCCDF format enables\n" \
-                "granular selection and adjustment of settings, and their association with OVAL\n" \
-                "and OCIL content provides an automated checking capability.  Transformations of\n" \
-                "this document, and its associated automated checking content, are capable of\n" \
-                "providing baselines that meet a diverse set of policy objectives.  Some example\n" \
-                "XCCDF <i xmlns=\"http://www.w3.org/1999/xhtml\">Profiles</i>, which are selections of items that form checklists and\n" \
-                "can be used as baselines, are available with this guide.  They can be\n" \
-                "processed, in an automated fashion, with tools that support the Security\n" \
-                "Content Automation Protocol (SCAP).\n"
-end