openscap 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/lib/openscap/version.rb +1 -1
  3. data/lib/openscap/xccdf/benchmark.rb +10 -10
  4. data/lib/openscap/xccdf/fix.rb +7 -14
  5. data/lib/openscap/xccdf/fixtext.rb +19 -0
  6. data/lib/openscap/xccdf/group.rb +6 -12
  7. data/lib/openscap/xccdf/ident.rb +4 -10
  8. data/lib/openscap/xccdf/item.rb +6 -6
  9. data/lib/openscap/xccdf/item_common.rb +1 -1
  10. data/lib/openscap/xccdf/policy.rb +3 -4
  11. data/lib/openscap/xccdf/policy_model.rb +6 -14
  12. data/lib/openscap/xccdf/profile.rb +2 -2
  13. data/lib/openscap/xccdf/reference.rb +5 -21
  14. data/lib/openscap/xccdf/rule.rb +32 -8
  15. data/lib/openscap/xccdf/ruleresult.rb +5 -7
  16. data/lib/openscap/xccdf/session.rb +11 -11
  17. data/lib/openscap/xccdf/status.rb +1 -2
  18. data/lib/openscap/xccdf/tailoring.rb +6 -12
  19. data/lib/openscap/xccdf/testresult.rb +12 -16
  20. data/lib/openscap/xccdf/value.rb +1 -2
  21. metadata +5 -27
  22. data/test/common/testcase.rb +0 -38
  23. data/test/data/arf.xml +0 -275156
  24. data/test/data/invalid.xml +0 -20
  25. data/test/data/sds-complex.xml +0 -132
  26. data/test/data/tailoring.xml +0 -31
  27. data/test/data/testresult.xml +0 -225
  28. data/test/data/xccdf.xml +0 -3047
  29. data/test/ds/arf_test.rb +0 -96
  30. data/test/ds/sds_test.rb +0 -89
  31. data/test/integration/arf_waiver_test.rb +0 -91
  32. data/test/openscap_test.rb +0 -21
  33. data/test/source_test.rb +0 -78
  34. data/test/text_test.rb +0 -19
  35. data/test/xccdf/arf_test.rb +0 -43
  36. data/test/xccdf/benchmark_test.rb +0 -201
  37. data/test/xccdf/item_test.rb +0 -82
  38. data/test/xccdf/policy_test.rb +0 -48
  39. data/test/xccdf/profile_test.rb +0 -62
  40. data/test/xccdf/session_ds_test.rb +0 -116
  41. data/test/xccdf/session_test.rb +0 -33
  42. data/test/xccdf/tailoring_test.rb +0 -30
  43. data/test/xccdf/testresult_test.rb +0 -99
  44. data/test/xccdf/value_test.rb +0 -67
@@ -1,82 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/xccdf/benchmark'
5
- require 'common/testcase'
6
-
7
- class ItemTest < OpenSCAP::TestCase
8
- def test_description_html
9
- expected_markup = "\n" \
10
- "Most of the actions listed in this document are written with the\n" \
11
- "assumption that they will be executed by the root user running the\n" \
12
- "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">/bin/bash</xhtml:code> shell. Commands preceded with a hash mark (#)\n" \
13
- "assume that the administrator will execute the commands as root, i.e.\n" \
14
- "apply the command via <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> whenever possible, or use\n" \
15
- "<xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">su</xhtml:code> to gain root privileges if <xhtml:code xmlns:xhtml=\"http://www.w3.org/1999/xhtml\">sudo</xhtml:code> cannot be\n" \
16
- "used. Commands which can be executed as a non-root user are are preceded\n" \
17
- "by a dollar sign ($) prompt.\n"
18
- with_item 'xccdf_org.ssgproject.content_group_intro-root-shell-assumed' do |item|
19
- assert_equal item.description(markup: true), expected_markup
20
- end
21
- end
22
-
23
- def test_rationale_html
24
- expected_markup = "\n" \
25
- "For AIDE to be effective, an initial database of <i xmlns=\"http://www.w3.org/1999/xhtml\">\"known-good\"</i> information about files\n" \
26
- "must be captured and it should be able to be verified against the installed files.\n"
27
- with_item 'xccdf_org.ssgproject.content_rule_aide_build_database' do |item|
28
- assert_equal item.rationale(markup: true), expected_markup
29
- end
30
- end
31
-
32
- def test_missing_rationale
33
- with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_rationale|
34
- assert_equal item_sans_rationale.rationale(markup: true), nil
35
- end
36
- end
37
-
38
- def test_version
39
- with_item 'xccdf_org.ssgproject.content_group_intro' do |item_sans_version|
40
- assert_nil item_sans_version.version
41
- end
42
- end
43
-
44
- def test_references
45
- with_item 'xccdf_org.ssgproject.content_rule_disable_prelink' do |item|
46
- item.references.tap do |refs|
47
- assert_equal refs.length, 4
48
- assert_equal refs.collect(&:title), ['CM-6(d)', 'CM-6(3)', 'SC-28', 'SI-7']
49
- assert_equal refs.collect(&:href).uniq, ['http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf']
50
- end
51
- end
52
- end
53
-
54
- def test_warnings
55
- expected_text = 'If verbose logging to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code> is done, sparse logging of downloads to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">/var/log/xferlog</xhtml:code> will not also occur. However, the information about what files were downloaded is included in the information logged to <xhtml:code xmlns:xhtml="http://www.w3.org/1999/xhtml">vsftpd.log</xhtml:code>'
56
- with_item 'xccdf_org.ssgproject.content_rule_ftp_log_transactions' do |item|
57
- warns = item.warnings
58
- assert_equal warns.length, 1
59
- warning = warns[0]
60
- assert warning.instance_of?(Hash)
61
- assert warning.keys.length == 2
62
- assert warning[:category] == :general
63
- assert warning[:text].text == expected_text
64
- end
65
- end
66
-
67
- private
68
-
69
- def with_item(id, &)
70
- with_benchmark do |b|
71
- item = b.items[id]
72
- refute_nil item
73
- yield item
74
- end
75
- end
76
-
77
- def with_benchmark(&)
78
- OpenSCAP::Source.new '../data/xccdf.xml' do |source|
79
- OpenSCAP::Xccdf::Benchmark.new(source, &)
80
- end
81
- end
82
- end
@@ -1,48 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'common/testcase'
4
- require 'openscap'
5
- require 'openscap/source'
6
- require 'openscap/xccdf/benchmark'
7
- require 'openscap/xccdf/policy'
8
- require 'openscap/xccdf/policy_model'
9
-
10
- class TestPolicy < OpenSCAP::TestCase
11
- def test_new_policy_model
12
- with_policy_model do |pm|
13
- assert pm.policies.size == 1, pm.policies.to_s
14
- assert pm.policies['xccdf_org.ssgproject.content_profile_common']
15
- end
16
- end
17
-
18
- def test_profile_getter
19
- with_policy do |policy|
20
- profile = policy.profile
21
- assert_equal profile.id, 'xccdf_org.ssgproject.content_profile_common'
22
- end
23
- end
24
-
25
- def test_selects_item
26
- with_policy do |policy|
27
- assert policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_prelink')
28
- refute policy.selects_item?('xccdf_org.ssgproject.content_rule_disable_vsftpd')
29
- end
30
- end
31
-
32
- private
33
-
34
- def with_policy(&)
35
- with_policy_model do |pm|
36
- yield pm.policies['xccdf_org.ssgproject.content_profile_common']
37
- end
38
- end
39
-
40
- def with_policy_model(&)
41
- OpenSCAP::Source.new '../data/xccdf.xml' do |source|
42
- OpenSCAP::Xccdf::Benchmark.new source do |bench|
43
- assert !bench.nil?
44
- yield bench.policy_model
45
- end
46
- end
47
- end
48
- end
@@ -1,62 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'common/testcase'
4
- require 'openscap'
5
- require 'openscap/source'
6
- require 'openscap/xccdf/benchmark'
7
- require 'openscap/xccdf/profile'
8
-
9
- class TestProfile < OpenSCAP::TestCase
10
- def test_new_from_file
11
- with_profile do |p|
12
- assert p.title == 'Common Profile for General-Purpose Fedora Systems'
13
- end
14
- end
15
-
16
- def test_description_html
17
- with_profile do |p|
18
- assert_equal p.description, 'This profile contains items common to general-purpose Fedora installations.'
19
- end
20
- end
21
-
22
- def test_status
23
- with_profile do |p|
24
- assert_nil p.status_current&.status
25
- end
26
- end
27
-
28
- def test_version
29
- with_profile do |p|
30
- assert_equal p.version, '3.2.1'
31
- end
32
- end
33
-
34
- def test_references
35
- with_profile do |p|
36
- assert_equal p.references, []
37
- end
38
- end
39
-
40
- def test_abstract
41
- with_profile do |p|
42
- assert_false p.abstract?
43
- end
44
- end
45
-
46
- private
47
-
48
- def with_profile(&)
49
- benchmark do |b|
50
- assert b.profiles.size == 1, b.profiles.to_s
51
- profile = b.profiles['xccdf_org.ssgproject.content_profile_common']
52
- assert profile
53
- yield profile
54
- end
55
- end
56
-
57
- def benchmark(&)
58
- OpenSCAP::Source.new '../data/xccdf.xml' do |source|
59
- OpenSCAP::Xccdf::Benchmark.new(source, &)
60
- end
61
- end
62
- end
@@ -1,116 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'common/testcase'
5
-
6
- class TestSessionDS < OpenSCAP::TestCase
7
- def test_sds_true
8
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
9
- assert @s.sds?
10
- end
11
-
12
- def test_session_load
13
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
14
- @s.load
15
- @s.evaluate
16
- end
17
-
18
- def test_session_load_ds_comp
19
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
20
- @s.load(datastream_id: 'scap_org.open-scap_datastream_tst2', component_id: 'scap_org.open-scap_cref_second-xccdf.xml2')
21
- @s.evaluate
22
- end
23
-
24
- def test_session_load_bad_datastream
25
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
26
- msg = nil
27
- begin
28
- @s.load(datastream_id: 'nonexistent')
29
- assert false
30
- rescue OpenSCAP::OpenSCAPError => e
31
- msg = e.to_s
32
- end
33
- assert msg.start_with?("Failed to locate a datastream with ID matching 'nonexistent' ID and checklist inside matching '<any>' ID.")
34
- end
35
-
36
- def test_session_load_bad_component
37
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
38
- msg = nil
39
- begin
40
- @s.load(component_id: 'nonexistent')
41
- assert false
42
- rescue OpenSCAP::OpenSCAPError => e
43
- msg = e.to_s
44
- end
45
- assert msg.start_with?("Failed to locate a datastream with ID matching '<any>' ID and checklist inside matching 'nonexistent' ID.")
46
- end
47
-
48
- def test_session_set_profile
49
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
50
- @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
51
- @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
52
- @s.evaluate
53
- end
54
-
55
- def test_session_set_profile_bad
56
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
57
- @s.load
58
- msg = nil
59
- begin
60
- @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
61
- assert false
62
- rescue OpenSCAP::OpenSCAPError => e
63
- msg = e.to_s
64
- end
65
- assert msg.start_with?("No profile 'xccdf_moc.elpmaxe.www_profile_1' found")
66
- end
67
-
68
- def test_session_export_rds
69
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
70
- @s.load
71
- @s.evaluate
72
- @s.export_results(rds_file: 'report.rds.xml')
73
- assert_exported ['report.rds.xml']
74
- end
75
-
76
- def test_session_export_xccdf_results
77
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
78
- @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
79
- @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
80
- @s.evaluate
81
- @s.export_results(xccdf_file: 'result.xccdf.xml')
82
- assert_exported ['result.xccdf.xml']
83
- end
84
-
85
- def test_session_export_html_report
86
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
87
- @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
88
- @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
89
- @s.evaluate
90
- @s.export_results(report_file: 'report.html', xccdf_file: 'result.xccdf.xml')
91
- assert_exported ['report.html', 'result.xccdf.xml']
92
- end
93
-
94
- def test_session_export_oval_variables
95
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
96
- @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
97
- @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
98
- @s.evaluate
99
- @s.export_results(oval_variables: true)
100
- assert_exported []
101
- end
102
-
103
- def test_remediate
104
- @s = OpenSCAP::Xccdf::Session.new('../data/sds-complex.xml')
105
- @s.load(component_id: 'scap_org.open-scap_cref_second-xccdf.xml')
106
- @s.profile = 'xccdf_moc.elpmaxe.www_profile_1'
107
- @s.evaluate
108
- @s.remediate
109
- end
110
-
111
- def assert_exported(files)
112
- # libopenscap compiled with --enable-debug creates debug files
113
- FileUtils.rm_rf(Dir.glob('oscap_debug.log.*'))
114
- assert files.sort == Dir.glob('*')
115
- end
116
- end
@@ -1,33 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'common/testcase'
5
-
6
- class TestSession < OpenSCAP::TestCase
7
- def test_session_new_bad
8
- msg = nil
9
- begin
10
- OpenSCAP::Xccdf::Session.new('')
11
- assert false
12
- rescue OpenSCAP::OpenSCAPError => e
13
- msg = e.to_s
14
- end
15
- assert msg.start_with?("Unable to open file: ''"), "Message was: #{msg}"
16
- end
17
-
18
- def test_session_new_nil
19
- msg = nil
20
- begin
21
- OpenSCAP::Xccdf::Session.new(nil)
22
- assert false
23
- rescue OpenSCAP::OpenSCAPError => e
24
- msg = e.to_s
25
- end
26
- assert msg.start_with?('No filename specified!'), "Message was: #{msg}"
27
- end
28
-
29
- def test_sds_false
30
- @s = OpenSCAP::Xccdf::Session.new('../data/xccdf.xml')
31
- refute @s.sds?
32
- end
33
- end
@@ -1,30 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/source'
5
- require 'openscap/xccdf/tailoring'
6
- require 'common/testcase'
7
-
8
- class TailoringTest < OpenSCAP::TestCase
9
- def test_new_from_file
10
- tailoring = tailoring_from_file
11
- tailoring.destroy
12
- refute tailoring.raw
13
- end
14
-
15
- def test_profiles
16
- profiles = tailoring_from_file.profiles
17
- assert_equal 1, profiles.length
18
- assert profiles.values.first.is_a?(OpenSCAP::Xccdf::Profile)
19
- end
20
-
21
- private
22
-
23
- def tailoring_from_file
24
- source = OpenSCAP::Source.new '../data/tailoring.xml'
25
- tailoring = OpenSCAP::Xccdf::Tailoring.new source, nil
26
- source.destroy
27
- assert tailoring
28
- tailoring
29
- end
30
- end
@@ -1,99 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'openscap'
4
- require 'openscap/source'
5
- require 'openscap/xccdf/benchmark'
6
- require 'openscap/xccdf/testresult'
7
- require 'common/testcase'
8
-
9
- class TestTestResult < OpenSCAP::TestCase
10
- def test_testresult_new_bad
11
- source = OpenSCAP::Source.new('../data/xccdf.xml')
12
- assert !source.nil?
13
- msg = nil
14
- begin
15
- OpenSCAP::Xccdf::TestResult.new(source)
16
- assert false
17
- rescue OpenSCAP::OpenSCAPError => e
18
- msg = e.to_s
19
- end
20
- assert msg.start_with?("Expected 'TestResult' element while found 'Benchmark'."),
21
- "Message was: #{msg}"
22
- end
23
-
24
- def test_result_create_and_query_properties
25
- tr = new_tr
26
- assert tr.id == 'xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_common',
27
- "TestResult.id was '#{tr.id}"
28
- assert tr.profile == 'xccdf_org.ssgproject.content_profile_common',
29
- "TestResult.profile was '#{tr.profile}'"
30
- tr.destroy
31
- end
32
-
33
- def test_result_create_and_query_rr
34
- tr = new_tr
35
- assert tr.rr.size == 28
36
- assert tr.rr.key?('xccdf_org.ssgproject.content_rule_disable_prelink')
37
- assert tr.rr.key?('xccdf_org.ssgproject.content_rule_no_direct_root_logins')
38
- assert tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink'].result == 'fail'
39
- assert tr.rr['xccdf_org.ssgproject.content_rule_no_direct_root_logins'].result == 'notchecked'
40
- tr.destroy
41
- end
42
-
43
- def test_override
44
- tr = new_tr
45
- rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
46
- assert rr.result == 'fail'
47
- rr.override!(new_result: :pass,
48
- time: 'yesterday',
49
- authority: 'John Hacker',
50
- raw_text: 'We are testing prelink on this machine')
51
- assert rr.result == 'pass'
52
- tr.destroy
53
- end
54
-
55
- def test_score
56
- tr = new_tr
57
- assert_default_score tr.score, 34, 35
58
- tr.destroy
59
- end
60
-
61
- def test_waive_and_score
62
- tr = new_tr
63
- benchmark = benchmark_for_tr
64
-
65
- assert_default_score tr.score, 34, 35
66
- assert_default_score tr.score!(benchmark), 34, 35
67
-
68
- rr = tr.rr['xccdf_org.ssgproject.content_rule_disable_prelink']
69
- assert rr.result == 'fail'
70
- rr.override!(new_result: :pass,
71
- time: 'yesterday',
72
- authority: 'John Hacker',
73
- raw_text: 'We are testing prelink on this machine')
74
- assert rr.result == 'pass'
75
-
76
- assert_default_score tr.score, 34, 35
77
- assert_default_score tr.score!(benchmark), 47, 48
78
-
79
- benchmark.destroy
80
- tr.destroy
81
- end
82
-
83
- private
84
-
85
- def benchmark_for_tr
86
- source = OpenSCAP::Source.new('../data/xccdf.xml')
87
- benchmark = OpenSCAP::Xccdf::Benchmark.new source
88
- source.destroy
89
- benchmark
90
- end
91
-
92
- def new_tr
93
- source = OpenSCAP::Source.new('../data/testresult.xml')
94
- assert !source.nil?
95
- tr = OpenSCAP::Xccdf::TestResult.new(source)
96
- source.destroy
97
- tr
98
- end
99
- end
@@ -1,67 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'common/testcase'
4
- require 'openscap'
5
- require 'openscap/source'
6
- require 'openscap/xccdf/benchmark'
7
-
8
- class TestBenchmark < OpenSCAP::TestCase
9
- def test_benchmark_values
10
- with_benchmark do |b|
11
- val_ids = []
12
- b.each_value do |val|
13
- val_ids << val.id
14
- end
15
- assert_equal val_ids, ['xccdf_org.ssgproject.content_value_conditional_clause']
16
- end
17
- end
18
-
19
- def test_value_props
20
- with_value do |val|
21
- assert_equal val.id, 'xccdf_org.ssgproject.content_value_conditional_clause'
22
- assert_equal val.title, 'A conditional clause for check statements.'
23
- assert_equal val.description, 'A conditional clause for check statements.'
24
- end
25
- end
26
-
27
- def test_collect_all_values
28
- with_all_values do |vals|
29
- assert_equal vals.length, 7
30
- assert_equal vals.to_set(&:id).length, 7
31
- end
32
- end
33
-
34
- private
35
-
36
- def with_value(&)
37
- with_benchmark { |b| b.each_value(&) }
38
- end
39
-
40
- def with_all_values(&)
41
- vals = []
42
- with_benchmark do |b|
43
- vals += collect_values(b)
44
- yield vals
45
- end
46
- end
47
-
48
- def with_benchmark(&)
49
- OpenSCAP::Source.new '../data/xccdf.xml' do |source|
50
- OpenSCAP::Xccdf::Benchmark.new(source, &)
51
- end
52
- end
53
-
54
- def collect_values(item)
55
- vals = []
56
- if item.is_a?(OpenSCAP::Xccdf::Benchmark) || item.is_a?(OpenSCAP::Xccdf::Group)
57
- item.each_value { |v| vals << v }
58
-
59
- if item.is_a? OpenSCAP::Xccdf::Benchmark
60
- item.each_item { |item| vals += collect_values(item) }
61
- else
62
- item.each_child { |item| vals += collect_values(item) }
63
- end
64
- end
65
- vals
66
- end
67
- end