openscap 0.5.0 → 0.5.1

data/test/xccdf/item_test.rb

@@ -1,82 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/xccdf/benchmark'
-require 'common/testcase'
-
-class ItemTest < OpenSCAP::TestCase
-  def test_description_html
-    expected_markup = "\n" \
-                      "Most of the actions listed in this document are written with the\n" \
-                      "assumption that they will be executed by the root user running the\n" \
-                      "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">/bin/bash</xhtml:code> shell. Commands preceded with a hash mark (#)\n" \
-                      "assume that the administrator will execute the commands as root, i.e.\n" \
-                      "apply the command via <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> whenever possible, or use\n" \
-                      "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">su</xhtml:code> to gain root privileges if <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> cannot be\n" \
-                      "used. Commands which can be executed as a non-root user are are preceded\n" \
-                      "by a dollar sign ($) prompt.\n"
-    with_item 'xccdf_org.ssgproject.content_group_intro-root-shell-assumed' do |item|
-      assert_equal item.description(markup: true), expected_markup
-    end
-  end
-
-  def test_rationale_html
-    expected_markup = "\n" \
-                      "For AIDE to be effective, an initial database of <i xmlns=\"http://www.w3.org/1999/xhtml\">\"known-good\"</i> information about files\n" \
-                      "must be captured and it should be able to be verified against the installed files.\n"
-    with_item 'xccdf_org.ssgproject.content_rule_aide_build_database' do |item|
-      assert_equal item.rationale(markup: true), expected_markup
-    end
-  end
-
-  def test_missing_rationale
-    with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_rationale|
-      assert_equal item_sans_rationale.rationale(markup: true), nil
-    end
-  end
-
-  def test_version
-    with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_version|
-      assert_nil item_sans_version.version
-    end
-  end
-
-  def test_references
-    with_item 'xccdf_org.ssgproject.content_rule_disable_prelink' do |item|
-      item.references.tap do |refs|
-        assert_equal refs.length, 4
-        assert_equal refs.collect(&:title), ['CM-6(d)', 'CM-6(3)', 'SC-28', 'SI-7']
-        assert_equal refs.collect(&:href).uniq, ['http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf']
-      end
-    end
-  end
-
-  def test_warnings
-    expected_text = 'If verbose logging to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code> is done, sparse logging of downloads to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">/var/log/xferlog</xhtml:code> will not also occur. However, the information about what files were downloaded is included in the information logged to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code>'
-    with_item 'xccdf_org.ssgproject.content_rule_ftp_log_transactions' do |item|
-      warns = item.warnings
-      assert_equal warns.length, 1
-      warning = warns[0]
-      assert warning.instance_of?(Hash)
-      assert warning.keys.length == 2
-      assert warning[:category] == :general
-      assert warning[:text].text == expected_text
-    end
-  end
-
-  private
-
-  def with_item(id, &)
-    with_benchmark do |b|
-      item = b.items[id]
-      refute_nil item
-      yield item
-    end
-  end
-
-  def with_benchmark(&)
-    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
-      OpenSCAP::Xccdf::Benchmark.new(source, &)
-    end
-  end
-end

data/test/xccdf/policy_test.rb

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-
-require 'common/testcase'
-require 'openscap'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-require 'openscap/xccdf/policy'
-require 'openscap/xccdf/policy_model'
-
-class TestPolicy < OpenSCAP::TestCase
-  def test_new_policy_model
-    with_policy_model do |pm|
-      assert pm.policies.size == 1, pm.policies.to_s
-      assert pm.policies['xccdf_org.ssgproject.content_profile_common']
-    end
-  end
-
-  def test_profile_getter
-    with_policy do |policy|
-      profile = policy.profile
-      assert_equal profile.id, 'xccdf_org.ssgproject.content_profile_common'
-    end
-  end
-
-  def test_selects_item
-    with_policy do |policy|
-      assert policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_prelink')
-      refute policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_vsftpd')
-    end
-  end
-
-  private
-
-  def with_policy(&)
-    with_policy_model do |pm|
-      yield pm.policies['xccdf_org.ssgproject.content_profile_common']
-    end
-  end
-
-  def with_policy_model(&)
-    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
-      OpenSCAP::Xccdf::Benchmark.new source do |bench|
-        assert !bench.nil?
-        yield bench.policy_model
-      end
-    end
-  end
-end

data/test/xccdf/profile_test.rb

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-
-require 'common/testcase'
-require 'openscap'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-require 'openscap/xccdf/profile'
-
-class TestProfile < OpenSCAP::TestCase
-  def test_new_from_file
-    with_profile do |p|
-      assert p.title == 'Common Profile for General-Purpose Fedora Systems'
-    end
-  end
-
-  def test_description_html
-    with_profile do |p|
-      assert_equal p.description, 'This profile contains items common to general-purpose Fedora installations.'
-    end
-  end
-
-  def test_status
-    with_profile do |p|
-      assert_nil p.status_current&.status
-    end
-  end
-
-  def test_version
-    with_profile do |p|
-      assert_equal p.version, '3.2.1'
-    end
-  end
-
-  def test_references
-    with_profile do |p|
-      assert_equal p.references, []
-    end
-  end
-
-  def test_abstract
-    with_profile do |p|
-      assert_false p.abstract?
-    end
-  end
-
-  private
-
-  def with_profile(&)
-    benchmark do |b|
-      assert b.profiles.size == 1, b.profiles.to_s
-      profile = b.profiles['xccdf_org.ssgproject.content_profile_common']
-      assert profile
-      yield profile
-    end
-  end
-
-  def benchmark(&)
-    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
-      OpenSCAP::Xccdf::Benchmark.new(source, &)
-    end
-  end
-end

data/test/xccdf/session_ds_test.rb

@@ -1,116 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'common/testcase'
-
-class TestSessionDS < OpenSCAP::TestCase
-  def test_sds_true
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    assert @s.sds?
-  end
-
-  def test_session_load
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load
-    @s.evaluate
-  end
-
-  def test_session_load_ds_comp
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(datastream_id: 'scap_org.open-scap_datastream_tst2', component_id: 'scap_org.open-scap_cref_second-xccdf.xml2')
-    @s.evaluate
-  end
-
-  def test_session_load_bad_datastream
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    msg = nil
-    begin
-      @s.load(datastream_id: 'nonexistent')
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?("Failed to locate a datastream with ID matching 'nonexistent' ID and checklist inside matching '<any>' ID.")
-  end
-
-  def test_session_load_bad_component
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    msg = nil
-    begin
-      @s.load(component_id: 'nonexistent')
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?("Failed to locate a datastream with ID matching '<any>' ID and checklist inside matching 'nonexistent' ID.")
-  end
-
-  def test_session_set_profile
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
-    @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
-    @s.evaluate
-  end
-
-  def test_session_set_profile_bad
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load
-    msg = nil
-    begin
-      @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?("No profile 'xccdf_moc.elpmaxe.www_profile_1' found")
-  end
-
-  def test_session_export_rds
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load
-    @s.evaluate
-    @s.export_results(rds_file: 'report.rds.xml')
-    assert_exported ['report.rds.xml']
-  end
-
-  def test_session_export_xccdf_results
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
-    @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
-    @s.evaluate
-    @s.export_results(xccdf_file: 'result.xccdf.xml')
-    assert_exported ['result.xccdf.xml']
-  end
-
-  def test_session_export_html_report
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
-    @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
-    @s.evaluate
-    @s.export_results(report_file: 'report.html', xccdf_file: 'result.xccdf.xml')
-    assert_exported ['report.html', 'result.xccdf.xml']
-  end
-
-  def test_session_export_oval_variables
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
-    @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
-    @s.evaluate
-    @s.export_results(oval_variables: true)
-    assert_exported []
-  end
-
-  def test_remediate
-    @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
-    @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
-    @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
-    @s.evaluate
-    @s.remediate
-  end
-
-  def assert_exported(files)
-    # libopenscap compiled with --enable-debug creates debug files
-    FileUtils.rm_rf(Dir.glob('oscap_debug.log.*'))
-    assert files.sort == Dir.glob('*')
-  end
-end

data/test/xccdf/session_test.rb

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'common/testcase'
-
-class TestSession < OpenSCAP::TestCase
-  def test_session_new_bad
-    msg = nil
-    begin
-      OpenSCAP::Xccdf::Session.new('')
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?("Unable to open file: ''"), "Message was: #{msg}"
-  end
-
-  def test_session_new_nil
-    msg = nil
-    begin
-      OpenSCAP::Xccdf::Session.new(nil)
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?('No filename specified!'), "Message was: #{msg}"
-  end
-
-  def test_sds_false
-    @s = OpenSCAP::Xccdf::Session.new('../data/xccdf.xml')
-    refute @s.sds?
-  end
-end

data/test/xccdf/tailoring_test.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/source'
-require 'openscap/xccdf/tailoring'
-require 'common/testcase'
-
-class TailoringTest < OpenSCAP::TestCase
-  def test_new_from_file
-    tailoring = tailoring_from_file
-    tailoring.destroy
-    refute tailoring.raw
-  end
-
-  def test_profiles
-    profiles = tailoring_from_file.profiles
-    assert_equal 1, profiles.length
-    assert profiles.values.first.is_a?(OpenSCAP::Xccdf::Profile)
-  end
-
-  private
-
-  def tailoring_from_file
-    source = OpenSCAP::Source.new '../data/tailoring.xml'
-    tailoring = OpenSCAP::Xccdf::Tailoring.new source, nil
-    source.destroy
-    assert tailoring
-    tailoring
-  end
-end

data/test/xccdf/testresult_test.rb

@@ -1,99 +0,0 @@
-# frozen_string_literal: true
-
-require 'openscap'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-require 'openscap/xccdf/testresult'
-require 'common/testcase'
-
-class TestTestResult < OpenSCAP::TestCase
-  def test_testresult_new_bad
-    source = OpenSCAP::Source.new('../data/xccdf.xml')
-    assert !source.nil?
-    msg = nil
-    begin
-      OpenSCAP::Xccdf::TestResult.new(source)
-      assert false
-    rescue OpenSCAP::OpenSCAPError => e
-      msg = e.to_s
-    end
-    assert msg.start_with?("Expected 'TestResult' element while found 'Benchmark'."),
-           "Message was: #{msg}"
-  end
-
-  def test_result_create_and_query_properties
-    tr = new_tr
-    assert tr.id == 'xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_common',
-           "TestResult.id was '#{tr.id}"
-    assert tr.profile == 'xccdf_org.ssgproject.content_profile_common',
-           "TestResult.profile was '#{tr.profile}'"
-    tr.destroy
-  end
-
-  def test_result_create_and_query_rr
-    tr = new_tr
-    assert tr.rr.size == 28
-    assert tr.rr.key?('xccdf_org.ssgproject.content_rule_disable_prelink')
-    assert tr.rr.key?('xccdf_org.ssgproject.content_rule_no_direct_root_logins')
-    assert tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink'].result == 'fail'
-    assert tr.rr['xccdf_org.ssgproject.content_rule_no_direct_root_logins'].result == 'notchecked'
-    tr.destroy
-  end
-
-  def test_override
-    tr = new_tr
-    rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
-    assert rr.result == 'fail'
-    rr.override!(new_result: :pass,
-                 time: 'yesterday',
-                 authority: 'John Hacker',
-                 raw_text: 'We are testing prelink on this machine')
-    assert rr.result == 'pass'
-    tr.destroy
-  end
-
-  def test_score
-    tr = new_tr
-    assert_default_score tr.score, 34, 35
-    tr.destroy
-  end
-
-  def test_waive_and_score
-    tr = new_tr
-    benchmark = benchmark_for_tr
-
-    assert_default_score tr.score, 34, 35
-    assert_default_score tr.score!(benchmark), 34, 35
-
-    rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
-    assert rr.result == 'fail'
-    rr.override!(new_result: :pass,
-                 time: 'yesterday',
-                 authority: 'John Hacker',
-                 raw_text: 'We are testing prelink on this machine')
-    assert rr.result == 'pass'
-
-    assert_default_score tr.score, 34, 35
-    assert_default_score tr.score!(benchmark), 47, 48
-
-    benchmark.destroy
-    tr.destroy
-  end
-
-  private
-
-  def benchmark_for_tr
-    source = OpenSCAP::Source.new('../data/xccdf.xml')
-    benchmark = OpenSCAP::Xccdf::Benchmark.new source
-    source.destroy
-    benchmark
-  end
-
-  def new_tr
-    source = OpenSCAP::Source.new('../data/testresult.xml')
-    assert !source.nil?
-    tr = OpenSCAP::Xccdf::TestResult.new(source)
-    source.destroy
-    tr
-  end
-end

data/test/xccdf/value_test.rb

@@ -1,67 +0,0 @@
-# frozen_string_literal: true
-
-require 'common/testcase'
-require 'openscap'
-require 'openscap/source'
-require 'openscap/xccdf/benchmark'
-
-class TestBenchmark < OpenSCAP::TestCase
-  def test_benchmark_values
-    with_benchmark do |b|
-      val_ids = []
-      b.each_value do |val|
-        val_ids << val.id
-      end
-      assert_equal val_ids, ['xccdf_org.ssgproject.content_value_conditional_clause']
-    end
-  end
-
-  def test_value_props
-    with_value do |val|
-      assert_equal val.id, 'xccdf_org.ssgproject.content_value_conditional_clause'
-      assert_equal val.title, 'A conditional clause for check statements.'
-      assert_equal val.description, 'A conditional clause for check statements.'
-    end
-  end
-
-  def test_collect_all_values
-    with_all_values do |vals|
-      assert_equal vals.length, 7
-      assert_equal vals.to_set(&:id).length, 7
-    end
-  end
-
-  private
-
-  def with_value(&)
-    with_benchmark { |b| b.each_value(&) }
-  end
-
-  def with_all_values(&)
-    vals = []
-    with_benchmark do |b|
-      vals += collect_values(b)
-      yield vals
-    end
-  end
-
-  def with_benchmark(&)
-    OpenSCAP::Source.new '../data/xccdf.xml' do |source|
-      OpenSCAP::Xccdf::Benchmark.new(source, &)
-    end
-  end
-
-  def collect_values(item)
-    vals = []
-    if item.is_a?(OpenSCAP::Xccdf::Benchmark) || item.is_a?(OpenSCAP::Xccdf::Group)
-      item.each_value { |v| vals << v }
-
-      if item.is_a? OpenSCAP::Xccdf::Benchmark
-        item.each_item { |item| vals += collect_values(item) }
-      else
-        item.each_child { |item| vals += collect_values(item) }
-      end
-    end
-    vals
-  end
-end