smart_proxy_openscap 0.4.1 → 0.5.0

data/test/fetch_scap_api_test.rb

@@ -0,0 +1,71 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+ENV['RACK_ENV'] = 'test'
+
+class FetchScapApiTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @results_path = ("#{Dir.getwd}/test/test_run_files")
+    FileUtils.mkdir_p(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:contentdir).returns(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path)
+    @scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
+    @policy_id = 1
+  end
+
+  def teardown
+    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_get_scap_content_from_foreman
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
+    get "/policies/#{@policy_id}/content"
+    assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
+    assert File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_scap_content.xml")
+    assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
+  end
+
+  def test_get_scap_content_from_file
+    # Simulate that scap file was previously saved after fetched from Foreman.
+    FileUtils.mkdir("#{@results_path}/#{@policy_id}")
+    FileUtils.cp("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}_scap_content.xml")
+    get "/policies/#{@policy_id}/content"
+    assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
+    assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
+    assert(last_response.successful?, "Response should be success")
+  end
+
+  def test_get_scap_content_no_policy
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:status => 404, :body => 'not found')
+    get "/policies/#{@policy_id}/content"
+    assert(last_response.not_found?, "Response should be 404")
+  end
+
+  def test_get_scap_content_permissions
+    Proxy::OpenSCAP::FetchScapContent.any_instance.stubs(:get_policy_content).raises(Errno::EACCES)
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
+    get "/policies/#{@policy_id}/content"
+    assert_equal(500, last_response.status, "No permissions should raise error 500")
+    assert_equal('Error occurred: Permission denied', last_response.body)
+  end
+
+  def test_locked_file_should_serve_from_foreman
+    Proxy::FileLock.stubs(:try_locking).returns(nil)
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
+    get "/policies/#{@policy_id}/content"
+    refute(File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_scap_content.xml"), "Scap file should be saved")
+    assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
+    assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
+    assert(last_response.successful?, "Response should be success")
+  end
+end

data/test/get_report_xml_html_test.rb

@@ -0,0 +1,52 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+ENV['RACK_ENV'] = 'test'
+
+class OpenSCAPGetArfTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @results_path = ("#{Dir.getwd}/test/test_run_files")
+    Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
+    @arf_report = File.open("#{Dir.getwd}/test/data/arf_report").read
+    @policy_id = 1
+    @arf_id = 145
+    @filename = Digest::SHA256.hexdigest(@arf_report)
+    @cname = 'node.example.org'
+    @date = Time.now.strftime("%Y-%m-%d")
+    # Bypass common_name as it requires ssl certificate
+    Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
+    FileUtils.mkdir_p("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}")
+    FileUtils.cp("#{Dir.getwd}/test/data/arf_report", "#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}")
+  end
+
+  def teardown
+    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_get_xml_arf
+    get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/xml"
+    assert(last_response.successful?, "Should return OK")
+    assert(last_response.header["Content-Type"].include?('application/x-bzip2'))
+  end
+
+  def test_get_html_arf
+    get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/html"
+    assert(last_response.successful?, "Should return OK")
+    assert(last_response.body.start_with?('<!DOCTYPE'), 'File should start with html')
+  end
+
+  def test_get_xml_file_not_found
+    get "/arf/#{@arf_id}/somewhere.example.org/#{@date}/#{@filename}/xml"
+    assert_equal(500, last_response.status, "Error response should be 500")
+    assert(last_response.server_error?)
+  end
+end

data/test/post_report_api_test.rb

@@ -0,0 +1,75 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+ENV['RACK_ENV'] = 'test'
+
+class OpenSCAPApiTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @results_path = ("#{Dir.getwd}/test/test_run_files")
+    FileUtils.mkdir_p(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:contentdir).returns(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path + "/spool")
+    Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
+    Proxy::OpenSCAP::Plugin.settings.stubs(:failed_dir).returns(@results_path + "/failed")
+    @arf_report = File.open("#{Dir.getwd}/test/data/arf_report").read
+    @policy_id = 1
+    @arf_id = 145
+    @filename = Digest::SHA256.hexdigest(@arf_report)
+    @cname = 'node.example.org'
+    @date = Time.now.to_i
+    # Bypass common_name as it requires ssl certificate
+    Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
+  end
+
+  def teardown
+    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_post_arf_report_to_foreman
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
+      .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    assert(last_response.successful?, "Should return OK")
+    assert(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should be save on Reports directory")
+  end
+
+  def test_post_fails_save_in_spool
+    @policy_id = 2
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
+      .to_return(:status => 500, :body => "{\"result\":\"server error\"}")
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    assert(last_response.successful?, "Should return OK")
+    assert(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
+    refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
+  end
+
+  def test_fail_save_file_should_raise_error
+    @policy_id = 2
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}").to_return(:status => 500, :body => "{\"result\":\"server error\"}")
+    Proxy::OpenSCAP::StorageFS.any_instance.stubs(:create_directory).raises(StandardError)
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    assert(last_response.server_error?, "Should return 500")
+    refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
+  end
+
+  def test_success_post_fail_save_should_save_spool
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
+      .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
+    Proxy::OpenSCAP::StorageFS.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should not be  in spool directory")
+    refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
+    assert(File.file?("#{@results_path}/failed/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should be in Failed directory")
+    log_file = File.read('logs/test.log')
+    assert(log_file.include?('Failed to save Report in reports directory'), 'Logger should notify that failed to save in reports dir')
+  end
+end

data/test/scap_content_parser_api_test.rb

@@ -0,0 +1,54 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+class ScapContentParserApiTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_scap_content_policies
+    post '/scap_content/policies', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    expected_response = {"xccdf_org.ssgproject.content_profile_test" => "test",
+                         "xccdf_org.ssgproject.content_profile_rht-ccp" => "Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)",
+                         "xccdf_org.ssgproject.content_profile_common" => "Common Profile for General-Purpose Systems",
+                         "xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream" => "Common Profile for General-Purpose SystemsPre-release Draft STIG for RHEL 7 Server"}
+    assert_equal(expected_response.to_json, last_response.body)
+    assert(last_response.successful?)
+  end
+
+  def test_invalid_scap_content_policies
+    post '/scap_content/policies', '<xml>blah</xml>', 'CONTENT_TYPE' => 'text/xml'
+    assert(last_response.body.include?('Could not create Source DataStream session'))
+  end
+
+  def test_scap_content_validator
+    post '/scap_content/validator', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    assert_empty(result['errors'])
+    assert(last_response.successful?)
+  end
+
+  def test_invalid_scap_content_validator
+    Proxy::OpenSCAP::ContentParser.any_instance.stubs(:validate).returns({:errors => 'Invalid SCAP file type'}.to_json)
+    post '/scap_content/validator', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    refute_empty(result['errors'])
+    assert(last_response.successful?)
+  end
+
+  def test_scap_content_guide
+    post '/scap_content/guide/xccdf_org.ssgproject.content_profile_rht-ccp', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    assert(result['html'].start_with?('<!DOCTYPE html>'))
+    assert(last_response.successful?)
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,11 @@
+require 'rack/test'
+require 'test/unit'
+require 'webmock/test_unit'
+require 'mocha/setup'
+require 'json'
+require 'ostruct'
+
+require 'smart_proxy_for_testing'
+
+# create log directory in our (not smart-proxy) directory
+FileUtils.mkdir_p File.dirname(Proxy::SETTINGS.log_file)

metadata

@@ -1,15 +1,87 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Šimon Lukašík
+- Shlomi Zadok
+- Marek Hulan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-19 00:00:00.000000000 Z
-dependencies: []
+date: 2015-11-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: openscap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.4.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.4.3
 description: |-
   A plug-in to the Foreman's smart-proxy which receives
     bzip2ed ARF files and forwards them to the Foreman.
@@ -19,21 +91,39 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- .rubocop.yml
+- .rubocop_todo.yml
 - COPYING
+- Gemfile
 - README.md
+- Rakefile
 - bin/smart-proxy-openscap-send
 - bundler.d/openscap.rb
 - extra/rubygem-smart_proxy_openscap.spec
 - extra/smart-proxy-openscap-send.cron
 - lib/smart_proxy_openscap.rb
+- lib/smart_proxy_openscap/fetch_scap_content.rb
+- lib/smart_proxy_openscap/foreman_forwarder.rb
 - lib/smart_proxy_openscap/http_config.ru
 - lib/smart_proxy_openscap/openscap_api.rb
+- lib/smart_proxy_openscap/openscap_content_parser.rb
 - lib/smart_proxy_openscap/openscap_exception.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
+- lib/smart_proxy_openscap/openscap_report_parser.rb
 - lib/smart_proxy_openscap/openscap_version.rb
+- lib/smart_proxy_openscap/spool_forwarder.rb
+- lib/smart_proxy_openscap/storage.rb
+- lib/smart_proxy_openscap/storage_fs.rb
 - settings.d/openscap.yml.example
 - smart_proxy_openscap.gemspec
+- test/data/arf_report
+- test/data/ssg-rhel7-ds.xml
+- test/fetch_scap_api_test.rb
+- test/get_report_xml_html_test.rb
+- test/post_report_api_test.rb
+- test/scap_content_parser_api_test.rb
+- test/test_helper.rb
 homepage: http://github.com/OpenSCAP/smart_proxy_openscap
 licenses:
 - GPL-3
@@ -59,4 +149,3 @@ signing_key:
 specification_version: 4
 summary: OpenSCAP plug-in for Foreman's smart-proxy.
 test_files: []
-has_rdoc: