smart_proxy_openscap 0.7.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (64) hide show
  1. checksums.yaml +7 -0
  2. data/.rubocop.yml +41 -0
  3. data/.rubocop_todo.yml +111 -0
  4. data/.travis.yml +14 -0
  5. data/COPYING +674 -0
  6. data/Gemfile +14 -0
  7. data/README.md +107 -0
  8. data/Rakefile +16 -0
  9. data/bin/smart-proxy-arf-html +7 -0
  10. data/bin/smart-proxy-arf-json +7 -0
  11. data/bin/smart-proxy-openscap-send +61 -0
  12. data/bin/smart-proxy-policy-guide +7 -0
  13. data/bin/smart-proxy-scap-profiles +7 -0
  14. data/bin/smart-proxy-scap-validation +7 -0
  15. data/bundler.d/openscap.rb +6 -0
  16. data/extra/rubygem-smart_proxy_openscap.spec +101 -0
  17. data/extra/smart-proxy-openscap-send.cron +2 -0
  18. data/lib/smart_proxy_openscap.rb +14 -0
  19. data/lib/smart_proxy_openscap/arf_html.rb +22 -0
  20. data/lib/smart_proxy_openscap/arf_json.rb +114 -0
  21. data/lib/smart_proxy_openscap/arf_parser.rb +39 -0
  22. data/lib/smart_proxy_openscap/content_parser.rb +30 -0
  23. data/lib/smart_proxy_openscap/fetch_file.rb +60 -0
  24. data/lib/smart_proxy_openscap/fetch_scap_content.rb +17 -0
  25. data/lib/smart_proxy_openscap/fetch_tailoring_file.rb +17 -0
  26. data/lib/smart_proxy_openscap/foreman_forwarder.rb +40 -0
  27. data/lib/smart_proxy_openscap/http_config.ru +20 -0
  28. data/lib/smart_proxy_openscap/openscap_api.rb +187 -0
  29. data/lib/smart_proxy_openscap/openscap_exception.rb +9 -0
  30. data/lib/smart_proxy_openscap/openscap_html_generator.rb +38 -0
  31. data/lib/smart_proxy_openscap/openscap_import_api.rb +32 -0
  32. data/lib/smart_proxy_openscap/openscap_lib.rb +67 -0
  33. data/lib/smart_proxy_openscap/openscap_plugin.rb +27 -0
  34. data/lib/smart_proxy_openscap/policy_guide.rb +23 -0
  35. data/lib/smart_proxy_openscap/policy_parser.rb +33 -0
  36. data/lib/smart_proxy_openscap/profiles_parser.rb +32 -0
  37. data/lib/smart_proxy_openscap/scap_profiles.rb +52 -0
  38. data/lib/smart_proxy_openscap/scap_validation.rb +35 -0
  39. data/lib/smart_proxy_openscap/shell_wrapper.rb +77 -0
  40. data/lib/smart_proxy_openscap/spool_forwarder.rb +79 -0
  41. data/lib/smart_proxy_openscap/storage.rb +47 -0
  42. data/lib/smart_proxy_openscap/storage_fs.rb +102 -0
  43. data/lib/smart_proxy_openscap/version.rb +15 -0
  44. data/settings.d/openscap.yml.example +33 -0
  45. data/smart_proxy_openscap.gemspec +23 -0
  46. data/test/data/arf_report +0 -0
  47. data/test/data/corrupted_arf_report +0 -0
  48. data/test/data/spool/cleanup_spool/arf/2c101b95-033f-4b15-b490-f50bf9090dae/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
  49. data/test/data/spool/cleanup_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
  50. data/test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb +0 -0
  51. data/test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
  52. data/test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
  53. data/test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
  54. data/test/data/ssg-rhel7-ds.xml +20271 -0
  55. data/test/data/tailoring.xml +31 -0
  56. data/test/fetch_scap_api_test.rb +73 -0
  57. data/test/fetch_tailoring_api_test.rb +37 -0
  58. data/test/get_report_xml_html_test.rb +58 -0
  59. data/test/post_report_api_test.rb +86 -0
  60. data/test/scap_content_parser_api_test.rb +69 -0
  61. data/test/script_class_test.rb +96 -0
  62. data/test/spool_forwarder_test.rb +84 -0
  63. data/test/test_helper.rb +13 -0
  64. metadata +180 -0
@@ -0,0 +1,31 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
3
+ <xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml"/>
4
+ <xccdf:version time="2016-11-10T11:24:26">1</xccdf:version>
5
+ <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized" extends="xccdf_org.ssgproject.content_profile_stig-firefox-upstream">
6
+ <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Upstream Firefox STIG [CUSTOMIZED]</xccdf:title>
7
+ <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process,
8
+ serving as the upstream development environment for the Firefox STIG.
9
+
10
+ As a result of the upstream/downstream relationship between the SCAP Security Guide project
11
+ and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content.
12
+ For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/index.aspx.
13
+
14
+ While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note
15
+ that commercial support of this SCAP content is NOT available. This profile is provided as example
16
+ SCAP content with no endorsement for suitability or production readiness. Support for this
17
+ profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The
18
+ upstream project homepage is https://fedorahosted.org/scap-security-guide/.
19
+ </xccdf:description>
20
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-non-secure_page_warning" selected="true"/>
21
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_text" selected="true"/>
22
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_context_menus" selected="true"/>
23
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_changes" selected="true"/>
24
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_resizing" selected="true"/>
25
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_changes" selected="true"/>
26
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-auto-update_of_firefox" selected="false"/>
27
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_passwords" selected="false"/>
28
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_forms" selected="false"/>
29
+ <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-addons_plugin_updates" selected="false"/>
30
+ </xccdf:Profile>
31
+ </xccdf:Tailoring>
@@ -0,0 +1,73 @@
1
+ require 'test_helper'
2
+ require 'smart_proxy_openscap'
3
+ require 'smart_proxy_openscap/openscap_api'
4
+ require 'digest/sha2'
5
+
6
+ ENV['RACK_ENV'] = 'test'
7
+
8
+ class FetchScapApiTest < Test::Unit::TestCase
9
+ include Rack::Test::Methods
10
+
11
+ def setup
12
+ @foreman_url = 'https://foreman.example.com'
13
+ Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
14
+ @results_path = ("#{Dir.getwd}/test/test_run_files")
15
+ FileUtils.mkdir_p(@results_path)
16
+ Proxy::OpenSCAP::Plugin.settings.stubs(:contentdir).returns(@results_path)
17
+ Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path)
18
+ Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path)
19
+ @scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
20
+ @digest = Digest::SHA256.hexdigest @scap_content
21
+ @policy_id = 1
22
+ end
23
+
24
+ def teardown
25
+ FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
26
+ end
27
+
28
+ def app
29
+ ::Proxy::OpenSCAP::Api.new
30
+ end
31
+
32
+ def test_get_scap_content_from_foreman
33
+ stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
34
+ get "/policies/#{@policy_id}/content/#{@digest}"
35
+ assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
36
+ assert File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
37
+ assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
38
+ end
39
+
40
+ def test_get_scap_content_from_file
41
+ # Simulate that scap file was previously saved after fetched from Foreman.
42
+ FileUtils.mkdir("#{@results_path}/#{@policy_id}")
43
+ FileUtils.cp("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
44
+ get "/policies/#{@policy_id}/content/#{@digest}"
45
+ assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
46
+ assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
47
+ assert(last_response.successful?, "Response should be success")
48
+ end
49
+
50
+ def test_get_scap_content_no_policy
51
+ stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:status => 404, :body => 'not found')
52
+ get "/policies/#{@policy_id}/content/#{@digest}"
53
+ assert(last_response.not_found?, "Response should be 404")
54
+ end
55
+
56
+ def test_get_scap_content_permissions
57
+ Proxy::OpenSCAP::FetchScapContent.any_instance.stubs(:get_policy_content).raises(Errno::EACCES)
58
+ stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
59
+ get "/policies/#{@policy_id}/content/#{@digest}"
60
+ assert_equal(500, last_response.status, "No permissions should raise error 500")
61
+ assert_equal('Error occurred: Permission denied', last_response.body)
62
+ end
63
+
64
+ def test_locked_file_should_serve_from_foreman
65
+ Proxy::FileLock.stubs(:try_locking).returns(nil)
66
+ stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
67
+ get "/policies/#{@policy_id}/content/#{@digest}"
68
+ refute(File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml"), "Scap file should be saved")
69
+ assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
70
+ assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
71
+ assert(last_response.successful?, "Response should be success")
72
+ end
73
+ end
@@ -0,0 +1,37 @@
1
+ require 'test_helper'
2
+ require 'smart_proxy_openscap'
3
+ require 'smart_proxy_openscap/openscap_api'
4
+
5
+ ENV['RACK_ENV'] = 'test'
6
+
7
+ class FetchTailoringApiTest < Test::Unit::TestCase
8
+ include Rack::Test::Methods
9
+
10
+ def setup
11
+ @foreman_url = 'https://foreman.example.com'
12
+ Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
13
+ @results_path = ("#{Dir.getwd}/test/test_run_files")
14
+ FileUtils.mkdir_p(@results_path)
15
+ Proxy::OpenSCAP::Plugin.settings.stubs(:tailoring_dir).returns(@results_path)
16
+ @tailoring_file = File.new("#{Dir.getwd}/test/data/tailoring.xml").read
17
+ @digest = Digest::SHA256.hexdigest @tailoring_file
18
+ @policy_id = 1
19
+ end
20
+
21
+ def teardown
22
+ FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
23
+ end
24
+
25
+ def app
26
+ ::Proxy::OpenSCAP::Api.new
27
+ end
28
+
29
+ def test_get_tailoring_file_from_file
30
+ FileUtils.mkdir("#{@results_path}/#{@policy_id}")
31
+ FileUtils.cp("#{Dir.getwd}/test/data/tailoring.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
32
+ get "/policies/#{@policy_id}/tailoring/#{@digest}"
33
+ assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
34
+ assert_equal(@tailoring_file.length, last_response.length, "Scap content should be equal")
35
+ assert(last_response.successful?, "Response should be success")
36
+ end
37
+ end
@@ -0,0 +1,58 @@
1
+ require 'test_helper'
2
+ require 'smart_proxy_openscap'
3
+ require 'smart_proxy_openscap/openscap_api'
4
+
5
+ ENV['RACK_ENV'] = 'test'
6
+
7
+ class OpenSCAPGetArfTest < Test::Unit::TestCase
8
+ include Rack::Test::Methods
9
+
10
+ def setup
11
+ @foreman_url = 'https://foreman.example.com'
12
+ Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
13
+ @results_path = ("#{Dir.getwd}/test/test_run_files")
14
+ Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
15
+ @arf_report = File.open("#{Dir.getwd}/test/data/arf_report").read
16
+ @policy_id = 1
17
+ @arf_id = 145
18
+ @filename = Digest::SHA256.hexdigest(@arf_report)
19
+ @cname = 'node.example.org'
20
+ @date = Time.now.strftime("%Y-%m-%d")
21
+ # Bypass common_name as it requires ssl certificate
22
+ Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
23
+ FileUtils.mkdir_p("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}")
24
+ FileUtils.cp("#{Dir.getwd}/test/data/arf_report", "#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}")
25
+ end
26
+
27
+ def teardown
28
+ FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
29
+ end
30
+
31
+ def app
32
+ ::Proxy::OpenSCAP::Api.new
33
+ end
34
+
35
+ def test_get_xml_arf
36
+ get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/xml"
37
+ assert(last_response.successful?, "Should return OK")
38
+ assert(last_response.header["Content-Type"].include?('application/x-bzip2'))
39
+ end
40
+
41
+ def test_get_html_arf
42
+ get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/html"
43
+ assert(last_response.successful?, "Should return OK")
44
+ assert(last_response.body.start_with?('<!DOCTYPE'), 'File should start with html')
45
+ end
46
+
47
+ def test_get_xml_file_not_found
48
+ get "/arf/#{@arf_id}/somewhere.example.org/#{@date}/#{@filename}/xml"
49
+ assert_equal(500, last_response.status, "Error response should be 500")
50
+ assert(last_response.server_error?)
51
+ end
52
+
53
+ def test_delete_arf_file
54
+ delete "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}"
55
+ assert last_response.ok?
56
+ refute File.exist?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}")
57
+ end
58
+ end
@@ -0,0 +1,86 @@
1
+ require 'test_helper'
2
+ require 'smart_proxy_openscap'
3
+ require 'smart_proxy_openscap/openscap_api'
4
+
5
+ ENV['RACK_ENV'] = 'test'
6
+
7
+ class OpenSCAPApiTest < Test::Unit::TestCase
8
+ include Rack::Test::Methods
9
+
10
+ def setup
11
+ @foreman_url = 'https://foreman.example.com'
12
+ Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
13
+ @results_path = ("#{Dir.getwd}/test/test_run_files")
14
+ FileUtils.mkdir_p(@results_path)
15
+ Proxy::OpenSCAP::Plugin.settings.stubs(:contentdir).returns(@results_path)
16
+ Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path + "/spool")
17
+ Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
18
+ Proxy::OpenSCAP::Plugin.settings.stubs(:failed_dir).returns(@results_path + "/failed")
19
+ Proxy::OpenSCAP::Plugin.settings.stubs(:corrupted_dir).returns(@results_path + "/corrupted")
20
+ @arf_report = File.open("#{Dir.getwd}/test/data/arf_report").read
21
+ @corrupted_arf_report = File.open("#{Dir.getwd}/test/data/corrupted_arf_report").read
22
+ @policy_id = 1
23
+ @arf_id = 145
24
+ @filename = Digest::SHA256.hexdigest(@arf_report)
25
+ @corrupted_filename = Digest::SHA256.hexdigest(@corrupted_arf_report)
26
+ @cname = 'node.example.org'
27
+ @date = Time.now.to_i
28
+ # Bypass common_name as it requires ssl certificate
29
+ Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
30
+ end
31
+
32
+ def teardown
33
+ FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
34
+ end
35
+
36
+ def app
37
+ ::Proxy::OpenSCAP::Api.new
38
+ end
39
+
40
+ def test_post_arf_report_to_foreman
41
+ stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
42
+ .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
43
+ post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
44
+ assert(last_response.successful?, "Should return OK")
45
+ assert(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should be save on Reports directory")
46
+ end
47
+
48
+ def test_post_fails_save_in_spool
49
+ @policy_id = 2
50
+ stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
51
+ .to_return(:status => 500, :body => "{\"result\":\"server error\"}")
52
+ post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
53
+ assert(last_response.successful?, "Should return OK")
54
+ assert(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
55
+ refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
56
+ end
57
+
58
+ def test_fail_save_file_should_raise_error
59
+ @policy_id = 2
60
+ stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}").to_return(:status => 500, :body => "{\"result\":\"server error\"}")
61
+ Proxy::OpenSCAP::StorageFS.any_instance.stubs(:create_directory).raises(StandardError)
62
+ post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
63
+ assert(last_response.server_error?, "Should return 500")
64
+ refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
65
+ end
66
+
67
+ def test_success_post_fail_save_should_save_spool
68
+ stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
69
+ .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
70
+ Proxy::OpenSCAP::StorageFS.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
71
+ post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
72
+ refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should not be in spool directory")
73
+ refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
74
+ assert(File.file?("#{@results_path}/failed/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should be in Failed directory")
75
+ log_file = File.read('logs/test.log')
76
+ assert(log_file.include?('Failed to save Report in reports directory'), 'Logger should notify that failed to save in reports dir')
77
+ end
78
+
79
+ def test_post_corrupted_should_move_to_corrupted
80
+ stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
81
+ .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
82
+ post "/arf/#{@policy_id}", @corrupted_arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
83
+ assert(File.file?("#{@results_path}/corrupted/arf/#{@cname}/#{@policy_id}/#{@date}/#{@corrupted_filename}"), "File should be in Corrupted directory")
84
+ refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@corrupted_filename}"), "File should not be in Spool directory")
85
+ end
86
+ end
@@ -0,0 +1,69 @@
1
+ require 'test_helper'
2
+ require 'smart_proxy_openscap'
3
+ require 'smart_proxy_openscap/openscap_api'
4
+
5
+ class ScapContentParserApiTest < Test::Unit::TestCase
6
+ include Rack::Test::Methods
7
+
8
+ def setup
9
+ @foreman_url = 'https://foreman.example.com'
10
+ Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
11
+ @scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
12
+ @tailoring_file = File.new("#{Dir.getwd}/test/data/tailoring.xml").read
13
+ end
14
+
15
+ def app
16
+ ::Proxy::OpenSCAP::Api.new
17
+ end
18
+
19
+ def test_scap_content_policies
20
+ post '/scap_content/policies', @scap_content, 'CONTENT_TYPE' => 'text/xml'
21
+ expected_response = {"xccdf_org.ssgproject.content_profile_test" => "test",
22
+ "xccdf_org.ssgproject.content_profile_rht-ccp" => "Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)",
23
+ "xccdf_org.ssgproject.content_profile_common" => "Common Profile for General-Purpose Systems",
24
+ "xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream" => "Common Profile for General-Purpose SystemsPre-release Draft STIG for RHEL 7 Server"}
25
+ assert_equal(expected_response.to_json, last_response.body)
26
+ assert(last_response.successful?)
27
+ end
28
+
29
+ def test_invalid_scap_content_policies
30
+ post '/scap_content/policies', '<xml>blah</xml>', 'CONTENT_TYPE' => 'text/xml'
31
+ assert(last_response.body.include?('Failure when running script which extracts profiles from scap file'))
32
+ end
33
+
34
+ def test_scap_content_validator
35
+ post '/scap_file/validator/scap_content', @scap_content, 'CONTENT_TYPE' => 'text/xml'
36
+ result = JSON.parse(last_response.body)
37
+ assert_empty(result['errors'])
38
+ assert(last_response.successful?)
39
+ end
40
+
41
+ def test_invalid_scap_content_validator
42
+ Proxy::OpenSCAP::ContentParser.any_instance.stubs(:validate).returns({:errors => 'Invalid SCAP file type'}.to_json)
43
+ post '/scap_file/validator/scap_content', @scap_content, 'CONTENT_TYPE' => 'text/xml'
44
+ result = JSON.parse(last_response.body)
45
+ refute_empty(result['errors'])
46
+ assert(last_response.successful?)
47
+ end
48
+
49
+ def test_scap_content_guide
50
+ post '/scap_content/guide/xccdf_org.ssgproject.content_profile_rht-ccp', @scap_content, 'CONTENT_TYPE' => 'text/xml'
51
+ result = JSON.parse(last_response.body)
52
+ assert(result['html'].start_with?('<!DOCTYPE html>'))
53
+ assert(last_response.successful?)
54
+ end
55
+
56
+ def test_validate_tailoring_file
57
+ post '/scap_file/validator/tailoring_file', @tailoring_file, 'CONTENT_TYPE' => 'text/xml'
58
+ result = JSON.parse(last_response.body)
59
+ assert_empty(result['errors'])
60
+ assert(last_response.successful?)
61
+ end
62
+
63
+ def test_get_profiles_from_tailoring_file
64
+ post '/tailoring_file/profiles', @tailoring_file, 'CONTENT_TYPE' => 'text/xml'
65
+ result = JSON.parse(last_response.body)
66
+ assert_equal 1, result.keys.length
67
+ assert(last_response.successful?)
68
+ end
69
+ end
@@ -0,0 +1,96 @@
1
+ require 'test_helper'
2
+ require 'smart_proxy_openscap/arf_html'
3
+ require 'smart_proxy_openscap/arf_json'
4
+ require 'smart_proxy_openscap/policy_guide'
5
+ require 'smart_proxy_openscap/scap_profiles'
6
+ require 'smart_proxy_openscap/arf_json'
7
+ require 'smart_proxy_openscap/scap_validation'
8
+
9
+ class ScriptClassTest < Test::Unit::TestCase
10
+ def test_arf_generate_html
11
+ carry_out do |tmp|
12
+ Proxy::OpenSCAP::ArfHtml.new.generate_html("#{Dir.getwd}/test/data/arf_report", tmp.path)
13
+ content = File.read tmp
14
+ assert content.start_with?('<!DOCTYPE'), "File should be html"
15
+ end
16
+ end
17
+
18
+ def test_arf_as_json
19
+ carry_out do |tmp|
20
+ Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
21
+ json = read_json tmp
22
+ refute json['logs'].empty?
23
+ refute json['metrics'].empty?
24
+ refute json['openscap_proxy_name'].empty?
25
+ refute json['openscap_proxy_url'].empty?
26
+ end
27
+ end
28
+
29
+ def test_policy_guide
30
+ carry_out do |tmp|
31
+ profile = "xccdf_org.ssgproject.content_profile_stig-rhel7-workstation-upstream"
32
+ Proxy::OpenSCAP::PolicyGuide.new.generate_guide("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, profile)
33
+ guide = read_json tmp
34
+ assert guide['html'].start_with?('<!DOCTYPE'), "File should be html"
35
+ end
36
+ end
37
+
38
+ def test_scap_file_profiles
39
+ carry_out do |tmp|
40
+ Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
41
+ profiles = read_json tmp
42
+ refute profiles.empty?
43
+ assert profiles["xccdf_org.ssgproject.content_profile_common"]
44
+ end
45
+ end
46
+
47
+ def test_tailoring_file_profiles
48
+ carry_out do |tmp|
49
+ Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
50
+ profiles = read_json tmp
51
+ refute profiles.empty?
52
+ assert profiles["xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized"]
53
+ end
54
+ end
55
+
56
+ def test_arf_json
57
+ carry_out do |tmp|
58
+ Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
59
+ json = read_json tmp
60
+ refute json['logs'].empty?
61
+ refute json['metrics'].empty?
62
+ end
63
+ end
64
+
65
+ def test_scap_content_validation
66
+ carry_out do |tmp|
67
+ Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
68
+ res = read_json tmp
69
+ assert res['errors'].empty?
70
+ end
71
+ end
72
+
73
+ def test_tailoring_file_validation
74
+ carry_out do |tmp|
75
+ Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
76
+ res = read_json tmp
77
+ assert res['errors'].empty?
78
+ end
79
+ end
80
+
81
+ private
82
+
83
+ def carry_out
84
+ tmp = Tempfile.new('test')
85
+ begin
86
+ yield tmp if block_given?
87
+ ensure
88
+ tmp.close
89
+ tmp.unlink
90
+ end
91
+ end
92
+
93
+ def read_json(file)
94
+ JSON.parse(File.read file)
95
+ end
96
+ end