simp-beaker-helpers 1.34.3 → 1.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/pr_acceptance.yml +1 -1
- data/.github/workflows/pr_tests.yml +6 -7
- data/.rubocop.yml +652 -495
- data/CHANGELOG.md +4 -0
- data/Gemfile +5 -2
- data/lib/simp/beaker_helpers/constants.rb +7 -5
- data/lib/simp/beaker_helpers/inspec.rb +52 -55
- data/lib/simp/beaker_helpers/snapshot.rb +126 -134
- data/lib/simp/beaker_helpers/ssg.rb +33 -34
- data/lib/simp/beaker_helpers/version.rb +2 -1
- data/lib/simp/beaker_helpers/windows.rb +4 -1
- data/lib/simp/beaker_helpers.rb +274 -291
- data/lib/simp/rake/beaker.rb +174 -177
- data/spec/acceptance/suites/default/check_puppet_version_spec.rb +3 -3
- data/spec/acceptance/suites/default/fixture_modules_spec.rb +9 -9
- data/spec/acceptance/suites/default/install_simp_deps_repo_spec.rb +7 -13
- data/spec/acceptance/suites/default/pki_tests_spec.rb +10 -16
- data/spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb +4 -4
- data/spec/acceptance/suites/inspec/00_default_spec.rb +22 -22
- data/spec/acceptance/suites/offline/00_default_spec.rb +43 -12
- data/spec/acceptance/suites/offline/nodesets/default.yml +1 -3
- data/spec/acceptance/suites/puppet_collections/00_default_spec.rb +3 -3
- data/spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb +27 -7
- data/spec/acceptance/suites/snapshot/10_general_usage_spec.rb +3 -3
- data/spec/acceptance/suites/ssg/00_default_spec.rb +20 -18
- data/spec/acceptance/suites/windows/00_default_spec.rb +47 -49
- data/spec/acceptance/suites/windows/nodesets/default.yml +3 -3
- data/spec/acceptance/suites/windows/nodesets/win2012.yml +3 -3
- data/spec/acceptance/suites/windows/nodesets/win2016.yml +3 -3
- data/spec/acceptance/suites/windows/nodesets/win2019.yml +3 -3
- data/spec/lib/simp/beaker_helpers_spec.rb +96 -66
- data/spec/spec_helper.rb +51 -53
- data/spec/spec_helper_acceptance.rb +17 -22
- metadata +5 -5
|
@@ -1,15 +1,15 @@
|
|
|
1
|
+
# SIMP Beaker helper methods for testing
|
|
1
2
|
module Simp::BeakerHelpers
|
|
2
3
|
require 'simp/beaker_helpers/constants'
|
|
3
4
|
|
|
4
5
|
# Helpers for working with the SCAP Security Guide
|
|
5
6
|
class SSG
|
|
6
|
-
|
|
7
7
|
if ENV['BEAKER_ssg_repo']
|
|
8
8
|
GIT_REPO = ENV['BEAKER_ssg_repo']
|
|
9
9
|
else
|
|
10
|
-
|
|
10
|
+
raise('You are offline: Set BEAKER_ssg_repo to point to the git repo that hosts the SSG content') unless ONLINE
|
|
11
11
|
|
|
12
|
-
GIT_REPO = 'https://github.com/ComplianceAsCode/content.git'
|
|
12
|
+
GIT_REPO = 'https://github.com/ComplianceAsCode/content.git'.freeze
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
# If this is not set, the highest numeric tag will be used
|
|
@@ -29,7 +29,7 @@ module Simp::BeakerHelpers
|
|
|
29
29
|
'python-jinja2',
|
|
30
30
|
'python-lxml',
|
|
31
31
|
'python-setuptools',
|
|
32
|
-
]
|
|
32
|
+
].freeze
|
|
33
33
|
|
|
34
34
|
EL8_PACKAGES = [
|
|
35
35
|
'cmake',
|
|
@@ -44,7 +44,7 @@ module Simp::BeakerHelpers
|
|
|
44
44
|
'python3-pyyaml',
|
|
45
45
|
'python3-setuptools',
|
|
46
46
|
'libarchive',
|
|
47
|
-
]
|
|
47
|
+
].freeze
|
|
48
48
|
|
|
49
49
|
EL9_PACKAGES = [
|
|
50
50
|
'cmake',
|
|
@@ -59,7 +59,7 @@ module Simp::BeakerHelpers
|
|
|
59
59
|
'python3-pyyaml',
|
|
60
60
|
'python3-setuptools',
|
|
61
61
|
'libarchive',
|
|
62
|
-
]
|
|
62
|
+
].freeze
|
|
63
63
|
|
|
64
64
|
OS_INFO = {
|
|
65
65
|
'RedHat' => {
|
|
@@ -174,7 +174,7 @@ module Simp::BeakerHelpers
|
|
|
174
174
|
}
|
|
175
175
|
}
|
|
176
176
|
}
|
|
177
|
-
}
|
|
177
|
+
}.freeze
|
|
178
178
|
|
|
179
179
|
attr_accessor :scap_working_dir
|
|
180
180
|
|
|
@@ -194,7 +194,7 @@ module Simp::BeakerHelpers
|
|
|
194
194
|
@scap_working_dir = on(sut, 'cd scap_working_dir && pwd').stdout.strip
|
|
195
195
|
|
|
196
196
|
unless OS_INFO[@os]
|
|
197
|
-
|
|
197
|
+
raise("Error: The '#{@os}' Operating System is not supported")
|
|
198
198
|
end
|
|
199
199
|
|
|
200
200
|
OS_INFO[@os][@os_rel]['required_packages'].each do |pkg|
|
|
@@ -222,14 +222,14 @@ module Simp::BeakerHelpers
|
|
|
222
222
|
.stdout
|
|
223
223
|
.strip
|
|
224
224
|
.lines
|
|
225
|
-
.map{|x| x.split(':').first}
|
|
225
|
+
.map { |x| x.split(':').first }
|
|
226
226
|
end
|
|
227
227
|
|
|
228
228
|
def remediate(profile)
|
|
229
229
|
evaluate(profile, true)
|
|
230
230
|
end
|
|
231
231
|
|
|
232
|
-
def evaluate(profile, remediate=false)
|
|
232
|
+
def evaluate(profile, remediate = false)
|
|
233
233
|
cmd = "cd #{@scap_working_dir}; oscap xccdf eval"
|
|
234
234
|
|
|
235
235
|
if remediate
|
|
@@ -241,13 +241,13 @@ module Simp::BeakerHelpers
|
|
|
241
241
|
# We accept all exit codes here because there have occasionally been
|
|
242
242
|
# failures in the SSG content and we're not testing that.
|
|
243
243
|
|
|
244
|
-
on(@sut, cmd, :
|
|
244
|
+
on(@sut, cmd, accept_all_exit_codes: true)
|
|
245
245
|
|
|
246
246
|
['xml', 'html'].each do |ext|
|
|
247
247
|
path = "#{@scap_working_dir}/#{@result_file}.#{ext}"
|
|
248
248
|
scp_from(@sut, path, @output_dir)
|
|
249
249
|
|
|
250
|
-
|
|
250
|
+
raise("Could not retrieve #{path} from #{@sut}") unless File.exist?(File.join(@output_dir, "#{@result_file}.#{ext}"))
|
|
251
251
|
end
|
|
252
252
|
end
|
|
253
253
|
|
|
@@ -278,11 +278,11 @@ module Simp::BeakerHelpers
|
|
|
278
278
|
# set of STIG ids, but don't see those ids in the oscap results xml.
|
|
279
279
|
# Further mapping is required...
|
|
280
280
|
# - Create the same report structure as inspec
|
|
281
|
-
def process_ssg_results(filter=nil, exclusions=nil)
|
|
281
|
+
def process_ssg_results(filter = nil, exclusions = nil)
|
|
282
282
|
self.class.process_ssg_results(
|
|
283
283
|
File.join(@output_dir, @result_file) + '.xml',
|
|
284
284
|
filter,
|
|
285
|
-
exclusions
|
|
285
|
+
exclusions,
|
|
286
286
|
)
|
|
287
287
|
end
|
|
288
288
|
|
|
@@ -300,13 +300,13 @@ module Simp::BeakerHelpers
|
|
|
300
300
|
#
|
|
301
301
|
# @return [Hash] A Hash of statistics and a formatted report
|
|
302
302
|
#
|
|
303
|
-
def self.process_ssg_results(result_file, filter=nil, exclusions=nil)
|
|
303
|
+
def self.process_ssg_results(result_file, filter = nil, exclusions = nil)
|
|
304
304
|
require 'highline'
|
|
305
305
|
require 'nokogiri'
|
|
306
306
|
|
|
307
307
|
HighLine.colorize_strings
|
|
308
308
|
|
|
309
|
-
|
|
309
|
+
raise("Could not find results XML file '#{result_file}'") unless File.exist?(result_file)
|
|
310
310
|
|
|
311
311
|
puts "Processing #{result_file}"
|
|
312
312
|
doc = Nokogiri::XML(File.open(result_file))
|
|
@@ -321,9 +321,9 @@ module Simp::BeakerHelpers
|
|
|
321
321
|
'//rule-result[(',
|
|
322
322
|
]
|
|
323
323
|
|
|
324
|
-
xpath_query << filter.map
|
|
324
|
+
xpath_query << filter.map { |flt|
|
|
325
325
|
"contains(@idref,'#{flt}')"
|
|
326
|
-
|
|
326
|
+
}.join(' or ')
|
|
327
327
|
|
|
328
328
|
xpath_query << ')' if filter.size > 1
|
|
329
329
|
|
|
@@ -331,11 +331,11 @@ module Simp::BeakerHelpers
|
|
|
331
331
|
unless exclusions.empty?
|
|
332
332
|
xpath_query << 'and not('
|
|
333
333
|
|
|
334
|
-
xpath_query << exclusions.map
|
|
334
|
+
xpath_query << exclusions.map { |exl|
|
|
335
335
|
"contains(@idref,'#{exl}')"
|
|
336
|
-
|
|
336
|
+
}.join(' or ')
|
|
337
337
|
|
|
338
|
-
xpath_query << ')'
|
|
338
|
+
xpath_query << ')' unless exclusions.empty?
|
|
339
339
|
end
|
|
340
340
|
|
|
341
341
|
xpath_query << ')]'
|
|
@@ -352,12 +352,12 @@ module Simp::BeakerHelpers
|
|
|
352
352
|
end
|
|
353
353
|
|
|
354
354
|
stats = {
|
|
355
|
-
:
|
|
356
|
-
:
|
|
357
|
-
:
|
|
358
|
-
:
|
|
359
|
-
:
|
|
360
|
-
:
|
|
355
|
+
failed: [],
|
|
356
|
+
passed: [],
|
|
357
|
+
skipped: [],
|
|
358
|
+
filter: filter.nil? ? 'No Filter' : filter,
|
|
359
|
+
report: nil,
|
|
360
|
+
score: 0
|
|
361
361
|
}
|
|
362
362
|
|
|
363
363
|
result_nodes.each do |rule_result|
|
|
@@ -385,7 +385,7 @@ module Simp::BeakerHelpers
|
|
|
385
385
|
result_value << " * #{src}"
|
|
386
386
|
result_value << " * #{items.join(', ')}"
|
|
387
387
|
end
|
|
388
|
-
result_value << ' Description: ' + doc.xpath("//Rule[@id='#{result_id}']/description").text.gsub("\n","\n ")
|
|
388
|
+
result_value << ' Description: ' + doc.xpath("//Rule[@id='#{result_id}']/description").text.gsub("\n", "\n ")
|
|
389
389
|
end
|
|
390
390
|
|
|
391
391
|
result_value = result_value.join("\n")
|
|
@@ -410,7 +410,6 @@ module Simp::BeakerHelpers
|
|
|
410
410
|
report << '== Failed =='
|
|
411
411
|
report << stats[:failed].join("\n")
|
|
412
412
|
|
|
413
|
-
|
|
414
413
|
report << 'OSCAP Statistics:'
|
|
415
414
|
|
|
416
415
|
if filter
|
|
@@ -424,7 +423,7 @@ module Simp::BeakerHelpers
|
|
|
424
423
|
score = 0
|
|
425
424
|
|
|
426
425
|
if (stats[:passed].count + stats[:failed].count) > 0
|
|
427
|
-
score = ((stats[:passed].count.to_f/(stats[:passed].count + stats[:failed].count)) * 100.0).round(0)
|
|
426
|
+
score = ((stats[:passed].count.to_f / (stats[:passed].count + stats[:failed].count)) * 100.0).round(0)
|
|
428
427
|
end
|
|
429
428
|
|
|
430
429
|
report << "\n Score: #{score}%"
|
|
@@ -432,7 +431,7 @@ module Simp::BeakerHelpers
|
|
|
432
431
|
stats[:score] = score
|
|
433
432
|
stats[:report] = report.join("\n")
|
|
434
433
|
|
|
435
|
-
|
|
434
|
+
stats
|
|
436
435
|
end
|
|
437
436
|
|
|
438
437
|
private
|
|
@@ -455,8 +454,8 @@ module Simp::BeakerHelpers
|
|
|
455
454
|
else
|
|
456
455
|
tags = on(@sut, %(cd scap-content; git tag -l)).output
|
|
457
456
|
target_tag = tags.lines.map(&:strip)
|
|
458
|
-
|
|
459
|
-
|
|
457
|
+
.select { |x| x.match?(%r{^v(\d+\.)+\d+$}) }
|
|
458
|
+
.sort.last
|
|
460
459
|
|
|
461
460
|
on(@sut, %(cd scap-content; git checkout #{target_tag}))
|
|
462
461
|
end
|
|
@@ -470,7 +469,7 @@ module Simp::BeakerHelpers
|
|
|
470
469
|
safe_sed(
|
|
471
470
|
@sut,
|
|
472
471
|
's/ssg.build_derivatives.profile_handling/__simp_dontcare__ = None #ssg.build_derivatives.profile_handling/g',
|
|
473
|
-
'scap-content/build-scripts/enable_derivatives.py'
|
|
472
|
+
'scap-content/build-scripts/enable_derivatives.py',
|
|
474
473
|
)
|
|
475
474
|
|
|
476
475
|
on(@sut, %(cd scap-content/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['build_target']}-content && cp *ds.xml #{@scap_working_dir}))
|
|
@@ -1,11 +1,14 @@
|
|
|
1
|
+
# SIMP namespace
|
|
1
2
|
module Simp; end
|
|
3
|
+
# SIMP Beaker helper methods for testing
|
|
2
4
|
module Simp::BeakerHelpers; end
|
|
3
5
|
|
|
6
|
+
# Windows-specific helper methods
|
|
4
7
|
module Simp::BeakerHelpers::Windows
|
|
5
8
|
begin
|
|
6
9
|
require 'beaker-windows'
|
|
7
10
|
rescue LoadError
|
|
8
|
-
logger.error(%
|
|
11
|
+
logger.error(%(You must include 'beaker-windows' in your Gemfile for windows support))
|
|
9
12
|
exit 1
|
|
10
13
|
end
|
|
11
14
|
|