smart_proxy_openscap 0.7.2

data/test/data/tailoring.xml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
+  <xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml"/>
+  <xccdf:version time="2016-11-10T11:24:26">1</xccdf:version>
+  <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized" extends="xccdf_org.ssgproject.content_profile_stig-firefox-upstream">
+    <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Upstream Firefox STIG [CUSTOMIZED]</xccdf:title>
+    <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process,
+serving as the upstream development environment for the Firefox STIG.
+
+As a result of the upstream/downstream relationship between the SCAP Security Guide project
+and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content.
+For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/index.aspx.
+
+While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note
+that commercial support of this SCAP content is NOT available. This profile is provided as example
+SCAP content with no endorsement for suitability or production readiness. Support for this
+profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The
+upstream project homepage is https://fedorahosted.org/scap-security-guide/.
+</xccdf:description>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-non-secure_page_warning" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_text" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_context_menus" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_changes" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_resizing" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_changes" selected="true"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-auto-update_of_firefox" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_passwords" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_forms" selected="false"/>
+    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-addons_plugin_updates" selected="false"/>
+  </xccdf:Profile>
+</xccdf:Tailoring>

data/test/fetch_scap_api_test.rb

@@ -0,0 +1,73 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+require 'digest/sha2'
+
+ENV['RACK_ENV'] = 'test'
+
+class FetchScapApiTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @results_path = ("#{Dir.getwd}/test/test_run_files")
+    FileUtils.mkdir_p(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:contentdir).returns(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path)
+    @scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
+    @digest = Digest::SHA256.hexdigest @scap_content
+    @policy_id = 1
+  end
+
+  def teardown
+    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_get_scap_content_from_foreman
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
+    get "/policies/#{@policy_id}/content/#{@digest}"
+    assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
+    assert File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
+    assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
+  end
+
+  def test_get_scap_content_from_file
+    # Simulate that scap file was previously saved after fetched from Foreman.
+    FileUtils.mkdir("#{@results_path}/#{@policy_id}")
+    FileUtils.cp("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
+    get "/policies/#{@policy_id}/content/#{@digest}"
+    assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
+    assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
+    assert(last_response.successful?, "Response should be success")
+  end
+
+  def test_get_scap_content_no_policy
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:status => 404, :body => 'not found')
+    get "/policies/#{@policy_id}/content/#{@digest}"
+    assert(last_response.not_found?, "Response should be 404")
+  end
+
+  def test_get_scap_content_permissions
+    Proxy::OpenSCAP::FetchScapContent.any_instance.stubs(:get_policy_content).raises(Errno::EACCES)
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
+    get "/policies/#{@policy_id}/content/#{@digest}"
+    assert_equal(500, last_response.status, "No permissions should raise error 500")
+    assert_equal('Error occurred: Permission denied', last_response.body)
+  end
+
+  def test_locked_file_should_serve_from_foreman
+    Proxy::FileLock.stubs(:try_locking).returns(nil)
+    stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
+    get "/policies/#{@policy_id}/content/#{@digest}"
+    refute(File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml"), "Scap file should be saved")
+    assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
+    assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
+    assert(last_response.successful?, "Response should be success")
+  end
+end

data/test/fetch_tailoring_api_test.rb

@@ -0,0 +1,37 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+ENV['RACK_ENV'] = 'test'
+
+class FetchTailoringApiTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @results_path = ("#{Dir.getwd}/test/test_run_files")
+    FileUtils.mkdir_p(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:tailoring_dir).returns(@results_path)
+    @tailoring_file = File.new("#{Dir.getwd}/test/data/tailoring.xml").read
+    @digest = Digest::SHA256.hexdigest @tailoring_file
+    @policy_id = 1
+  end
+
+  def teardown
+    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_get_tailoring_file_from_file
+    FileUtils.mkdir("#{@results_path}/#{@policy_id}")
+    FileUtils.cp("#{Dir.getwd}/test/data/tailoring.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
+    get "/policies/#{@policy_id}/tailoring/#{@digest}"
+    assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
+    assert_equal(@tailoring_file.length, last_response.length, "Scap content should be equal")
+    assert(last_response.successful?, "Response should be success")
+  end
+end

data/test/get_report_xml_html_test.rb

@@ -0,0 +1,58 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+ENV['RACK_ENV'] = 'test'
+
+class OpenSCAPGetArfTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @results_path = ("#{Dir.getwd}/test/test_run_files")
+    Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
+    @arf_report = File.open("#{Dir.getwd}/test/data/arf_report").read
+    @policy_id = 1
+    @arf_id = 145
+    @filename = Digest::SHA256.hexdigest(@arf_report)
+    @cname = 'node.example.org'
+    @date = Time.now.strftime("%Y-%m-%d")
+    # Bypass common_name as it requires ssl certificate
+    Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
+    FileUtils.mkdir_p("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}")
+    FileUtils.cp("#{Dir.getwd}/test/data/arf_report", "#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}")
+  end
+
+  def teardown
+    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_get_xml_arf
+    get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/xml"
+    assert(last_response.successful?, "Should return OK")
+    assert(last_response.header["Content-Type"].include?('application/x-bzip2'))
+  end
+
+  def test_get_html_arf
+    get "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}/html"
+    assert(last_response.successful?, "Should return OK")
+    assert(last_response.body.start_with?('<!DOCTYPE'), 'File should start with html')
+  end
+
+  def test_get_xml_file_not_found
+    get "/arf/#{@arf_id}/somewhere.example.org/#{@date}/#{@filename}/xml"
+    assert_equal(500, last_response.status, "Error response should be 500")
+    assert(last_response.server_error?)
+  end
+
+  def test_delete_arf_file
+    delete "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}"
+    assert last_response.ok?
+    refute  File.exist?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}")
+  end
+end

data/test/post_report_api_test.rb

@@ -0,0 +1,86 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+ENV['RACK_ENV'] = 'test'
+
+class OpenSCAPApiTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @results_path = ("#{Dir.getwd}/test/test_run_files")
+    FileUtils.mkdir_p(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:contentdir).returns(@results_path)
+    Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path + "/spool")
+    Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
+    Proxy::OpenSCAP::Plugin.settings.stubs(:failed_dir).returns(@results_path + "/failed")
+    Proxy::OpenSCAP::Plugin.settings.stubs(:corrupted_dir).returns(@results_path + "/corrupted")
+    @arf_report = File.open("#{Dir.getwd}/test/data/arf_report").read
+    @corrupted_arf_report = File.open("#{Dir.getwd}/test/data/corrupted_arf_report").read
+    @policy_id = 1
+    @arf_id = 145
+    @filename = Digest::SHA256.hexdigest(@arf_report)
+    @corrupted_filename = Digest::SHA256.hexdigest(@corrupted_arf_report)
+    @cname = 'node.example.org'
+    @date = Time.now.to_i
+    # Bypass common_name as it requires ssl certificate
+    Proxy::OpenSCAP.stubs(:common_name).returns(@cname)
+  end
+
+  def teardown
+    FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_post_arf_report_to_foreman
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
+      .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    assert(last_response.successful?, "Should return OK")
+    assert(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should be save on Reports directory")
+  end
+
+  def test_post_fails_save_in_spool
+    @policy_id = 2
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
+      .to_return(:status => 500, :body => "{\"result\":\"server error\"}")
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    assert(last_response.successful?, "Should return OK")
+    assert(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
+    refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
+  end
+
+  def test_fail_save_file_should_raise_error
+    @policy_id = 2
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}").to_return(:status => 500, :body => "{\"result\":\"server error\"}")
+    Proxy::OpenSCAP::StorageFS.any_instance.stubs(:create_directory).raises(StandardError)
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    assert(last_response.server_error?, "Should return 500")
+    refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should be saved in spool directory")
+  end
+
+  def test_success_post_fail_save_should_save_spool
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
+      .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
+    Proxy::OpenSCAP::StorageFS.any_instance.stubs(:store_archive).raises(Proxy::OpenSCAP::StoreReportError)
+    post "/arf/#{@policy_id}", @arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@filename}"), "File should not be  in spool directory")
+    refute(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should not be in Reports directory")
+    assert(File.file?("#{@results_path}/failed/arf/#{@cname}/#{@arf_id}/#{@date}/#{@filename}"), "File should be in Failed directory")
+    log_file = File.read('logs/test.log')
+    assert(log_file.include?('Failed to save Report in reports directory'), 'Logger should notify that failed to save in reports dir')
+  end
+
+  def test_post_corrupted_should_move_to_corrupted
+    stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
+      .to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
+    post "/arf/#{@policy_id}", @corrupted_arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
+    assert(File.file?("#{@results_path}/corrupted/arf/#{@cname}/#{@policy_id}/#{@date}/#{@corrupted_filename}"), "File should be in Corrupted directory")
+    refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@corrupted_filename}"), "File should not be in Spool directory")
+  end
+end

data/test/scap_content_parser_api_test.rb

@@ -0,0 +1,69 @@
+require 'test_helper'
+require 'smart_proxy_openscap'
+require 'smart_proxy_openscap/openscap_api'
+
+class ScapContentParserApiTest < Test::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @foreman_url = 'https://foreman.example.com'
+    Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
+    @scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
+    @tailoring_file = File.new("#{Dir.getwd}/test/data/tailoring.xml").read
+  end
+
+  def app
+    ::Proxy::OpenSCAP::Api.new
+  end
+
+  def test_scap_content_policies
+    post '/scap_content/policies', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    expected_response = {"xccdf_org.ssgproject.content_profile_test" => "test",
+                         "xccdf_org.ssgproject.content_profile_rht-ccp" => "Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)",
+                         "xccdf_org.ssgproject.content_profile_common" => "Common Profile for General-Purpose Systems",
+                         "xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream" => "Common Profile for General-Purpose SystemsPre-release Draft STIG for RHEL 7 Server"}
+    assert_equal(expected_response.to_json, last_response.body)
+    assert(last_response.successful?)
+  end
+
+  def test_invalid_scap_content_policies
+    post '/scap_content/policies', '<xml>blah</xml>', 'CONTENT_TYPE' => 'text/xml'
+    assert(last_response.body.include?('Failure when running script which extracts profiles from scap file'))
+  end
+
+  def test_scap_content_validator
+    post '/scap_file/validator/scap_content', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    assert_empty(result['errors'])
+    assert(last_response.successful?)
+  end
+
+  def test_invalid_scap_content_validator
+    Proxy::OpenSCAP::ContentParser.any_instance.stubs(:validate).returns({:errors => 'Invalid SCAP file type'}.to_json)
+    post '/scap_file/validator/scap_content', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    refute_empty(result['errors'])
+    assert(last_response.successful?)
+  end
+
+  def test_scap_content_guide
+    post '/scap_content/guide/xccdf_org.ssgproject.content_profile_rht-ccp', @scap_content, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    assert(result['html'].start_with?('<!DOCTYPE html>'))
+    assert(last_response.successful?)
+  end
+
+  def test_validate_tailoring_file
+    post '/scap_file/validator/tailoring_file', @tailoring_file, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    assert_empty(result['errors'])
+    assert(last_response.successful?)
+  end
+
+  def test_get_profiles_from_tailoring_file
+    post '/tailoring_file/profiles', @tailoring_file, 'CONTENT_TYPE' => 'text/xml'
+    result = JSON.parse(last_response.body)
+    assert_equal 1, result.keys.length
+    assert(last_response.successful?)
+  end
+end

data/test/script_class_test.rb

@@ -0,0 +1,96 @@
+require 'test_helper'
+require 'smart_proxy_openscap/arf_html'
+require 'smart_proxy_openscap/arf_json'
+require 'smart_proxy_openscap/policy_guide'
+require 'smart_proxy_openscap/scap_profiles'
+require 'smart_proxy_openscap/arf_json'
+require 'smart_proxy_openscap/scap_validation'
+
+class ScriptClassTest < Test::Unit::TestCase
+  def test_arf_generate_html
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ArfHtml.new.generate_html("#{Dir.getwd}/test/data/arf_report", tmp.path)
+      content = File.read tmp
+      assert content.start_with?('<!DOCTYPE'), "File should be html"
+    end
+  end
+
+  def test_arf_as_json
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
+      json = read_json tmp
+      refute json['logs'].empty?
+      refute json['metrics'].empty?
+      refute json['openscap_proxy_name'].empty?
+      refute json['openscap_proxy_url'].empty?
+    end
+  end
+
+  def test_policy_guide
+    carry_out do |tmp|
+      profile = "xccdf_org.ssgproject.content_profile_stig-rhel7-workstation-upstream"
+      Proxy::OpenSCAP::PolicyGuide.new.generate_guide("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, profile)
+      guide = read_json tmp
+      assert guide['html'].start_with?('<!DOCTYPE'), "File should be html"
+    end
+  end
+
+  def test_scap_file_profiles
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
+      profiles = read_json tmp
+      refute profiles.empty?
+      assert profiles["xccdf_org.ssgproject.content_profile_common"]
+    end
+  end
+
+  def test_tailoring_file_profiles
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapProfiles.new.profiles("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
+      profiles = read_json tmp
+      refute profiles.empty?
+      assert profiles["xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized"]
+    end
+  end
+
+  def test_arf_json
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ArfJson.new.as_json("#{Dir.getwd}/test/data/arf_report", tmp.path, 'my-proxy', 'http://test-proxy.org')
+      json = read_json tmp
+      refute json['logs'].empty?
+      refute json['metrics'].empty?
+    end
+  end
+
+  def test_scap_content_validation
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", tmp.path, 'scap_content')
+      res = read_json tmp
+      assert res['errors'].empty?
+    end
+  end
+
+  def test_tailoring_file_validation
+    carry_out do |tmp|
+      Proxy::OpenSCAP::ScapValidation.new.validate("#{Dir.getwd}/test/data/tailoring.xml", tmp.path, 'tailoring_file')
+      res = read_json tmp
+      assert res['errors'].empty?
+    end
+  end
+
+  private
+
+  def carry_out
+    tmp = Tempfile.new('test')
+    begin
+      yield tmp if block_given?
+    ensure
+      tmp.close
+      tmp.unlink
+    end
+  end
+
+  def read_json(file)
+    JSON.parse(File.read file)
+  end
+end