smart_proxy_openscap 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/bin/smart-proxy-openscap-send +1 -1
- data/lib/smart_proxy_openscap/fetch_file.rb +58 -0
- data/lib/smart_proxy_openscap/fetch_scap_content.rb +10 -51
- data/lib/smart_proxy_openscap/fetch_tailoring_file.rb +17 -0
- data/lib/smart_proxy_openscap/openscap_api.rb +48 -3
- data/lib/smart_proxy_openscap/openscap_content_parser.rb +23 -5
- data/lib/smart_proxy_openscap/openscap_lib.rb +1 -0
- data/lib/smart_proxy_openscap/openscap_plugin.rb +2 -1
- data/lib/smart_proxy_openscap/version.rb +1 -1
- data/settings.d/openscap.yml.example +3 -0
- data/smart_proxy_openscap.gemspec +1 -1
- data/test/data/tailoring.xml +31 -0
- data/test/fetch_scap_api_test.rb +10 -8
- data/test/fetch_tailoring_api_test.rb +37 -0
- data/test/get_report_xml_html_test.rb +1 -1
- data/test/scap_content_parser_api_test.rb +17 -2
- metadata +11 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: feab59ae3e8ce1e915f22d558c1160c55373fa16
|
4
|
+
data.tar.gz: e7de38b8eae9570f604850f129beb66a69e27060
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 37138364fff28b9677e4c2f401aad31c0c2fce71c18b5ca26cb25c0e6f8081ad0cf98caf8b092061b4241e9a9c2ce98a2ee800e025b4645c798e5ecb0c9ff7f7
|
7
|
+
data.tar.gz: aac42840356d8a85c7f74e08fe050584c45af8c5e857ab30d0b14004e71eb0e26afa88dfdb3fe207edad60669701ab2c9f55ffb997f32ac8869f93ef3f667f41
|
data/Gemfile
CHANGED
@@ -0,0 +1,58 @@
|
|
1
|
+
module Proxy::OpenSCAP
|
2
|
+
class FetchFile
|
3
|
+
include ::Proxy::Log
|
4
|
+
|
5
|
+
private
|
6
|
+
|
7
|
+
def create_store_dir(store_dir)
|
8
|
+
logger.info "Creating directory to store SCAP file: #{store_dir}"
|
9
|
+
FileUtils.mkdir_p(store_dir) # will fail silently if exists
|
10
|
+
rescue Errno::EACCES => e
|
11
|
+
logger.error "No permission to create directory #{store_dir}"
|
12
|
+
raise e
|
13
|
+
rescue StandardError => e
|
14
|
+
logger.error "Could not create '#{store_dir}' directory: #{e.message}"
|
15
|
+
raise e
|
16
|
+
end
|
17
|
+
|
18
|
+
def policy_content_file(policy_scap_file)
|
19
|
+
return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
|
20
|
+
File.open(policy_scap_file, 'rb').read
|
21
|
+
end
|
22
|
+
|
23
|
+
def clean_store_folder(policy_store_dir)
|
24
|
+
FileUtils.rm_f Dir["#{policy_store_dir}/*.xml"]
|
25
|
+
end
|
26
|
+
|
27
|
+
def save_or_serve_scap_file(policy_scap_file, file_download_path)
|
28
|
+
lock = Proxy::FileLock::try_locking(policy_scap_file)
|
29
|
+
response = fetch_scap_content_xml(file_download_path)
|
30
|
+
if lock.nil?
|
31
|
+
return response
|
32
|
+
else
|
33
|
+
begin
|
34
|
+
File.open(policy_scap_file, 'wb') do |file|
|
35
|
+
file << response
|
36
|
+
end
|
37
|
+
ensure
|
38
|
+
Proxy::FileLock::unlock(lock)
|
39
|
+
end
|
40
|
+
scap_file = policy_content_file(policy_scap_file)
|
41
|
+
raise FileNotFound if scap_file.nil?
|
42
|
+
return scap_file
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def fetch_scap_content_xml(file_download_path)
|
47
|
+
foreman_request = Proxy::HttpRequest::ForemanRequest.new
|
48
|
+
req = foreman_request.request_factory.create_get(file_download_path)
|
49
|
+
response = foreman_request.send_request(req)
|
50
|
+
response.value
|
51
|
+
response.body
|
52
|
+
end
|
53
|
+
|
54
|
+
def clean_store_folder(policy_store_dir)
|
55
|
+
FileUtils.rm_f Dir["#{policy_store_dir}/*.xml"]
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -1,58 +1,17 @@
|
|
1
|
+
require 'smart_proxy_openscap/fetch_file'
|
2
|
+
|
1
3
|
module Proxy::OpenSCAP
|
2
|
-
class FetchScapContent
|
3
|
-
|
4
|
-
def get_policy_content(policy_id)
|
4
|
+
class FetchScapContent < FetchFile
|
5
|
+
def get_policy_content(policy_id, digest)
|
5
6
|
policy_store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.contentdir), policy_id.to_s)
|
6
|
-
policy_scap_file = File.join(policy_store_dir, "#{policy_id}
|
7
|
-
|
8
|
-
logger.info "Creating directory to store SCAP file: #{policy_store_dir}"
|
9
|
-
FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
|
10
|
-
rescue Errno::EACCES => e
|
11
|
-
logger.error "No permission to create directory #{policy_store_dir}"
|
12
|
-
raise e
|
13
|
-
rescue StandardError => e
|
14
|
-
logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
|
15
|
-
raise e
|
16
|
-
end
|
7
|
+
policy_scap_file = File.join(policy_store_dir, "#{policy_id}_#{digest}.xml")
|
8
|
+
file_download_path = "api/v2/compliance/policies/#{policy_id}/content"
|
17
9
|
|
18
|
-
|
19
|
-
scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
|
20
|
-
scap_file
|
21
|
-
end
|
10
|
+
create_store_dir policy_store_dir
|
22
11
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
|
27
|
-
File.open(policy_scap_file, 'rb').read
|
28
|
-
end
|
29
|
-
|
30
|
-
def save_or_serve_scap_file(policy_id, policy_scap_file)
|
31
|
-
lock = Proxy::FileLock::try_locking(policy_scap_file)
|
32
|
-
response = fetch_scap_content_xml(policy_id, policy_scap_file)
|
33
|
-
if lock.nil?
|
34
|
-
return response
|
35
|
-
else
|
36
|
-
begin
|
37
|
-
File.open(policy_scap_file, 'wb') do |file|
|
38
|
-
file << response
|
39
|
-
end
|
40
|
-
ensure
|
41
|
-
Proxy::FileLock::unlock(lock)
|
42
|
-
end
|
43
|
-
scap_file = policy_content_file(policy_scap_file)
|
44
|
-
raise FileNotFound if scap_file.nil?
|
45
|
-
return scap_file
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
def fetch_scap_content_xml(policy_id, policy_scap_file)
|
50
|
-
foreman_request = Proxy::HttpRequest::ForemanRequest.new
|
51
|
-
policy_content_path = "api/v2/compliance/policies/#{policy_id}/content"
|
52
|
-
req = foreman_request.request_factory.create_get(policy_content_path)
|
53
|
-
response = foreman_request.send_request(req)
|
54
|
-
response.value
|
55
|
-
response.body
|
12
|
+
scap_file = policy_content_file(policy_scap_file)
|
13
|
+
clean_store_folder(policy_store_dir) unless scap_file
|
14
|
+
scap_file ||= save_or_serve_scap_file(policy_scap_file, file_download_path)
|
56
15
|
end
|
57
16
|
end
|
58
17
|
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require 'smart_proxy_openscap/fetch_file'
|
2
|
+
|
3
|
+
module Proxy::OpenSCAP
|
4
|
+
class FetchTailoringFile < FetchFile
|
5
|
+
def get_tailoring_file(policy_id, digest)
|
6
|
+
store_dir = File.join(Proxy::OpenSCAP.fullpath(Proxy::OpenSCAP::Plugin.settings.tailoring_dir), policy_id.to_s)
|
7
|
+
policy_tailoring_file = File.join(store_dir, "#{policy_id}_#{digest}.xml")
|
8
|
+
file_download_path = "api/v2/compliance/policies/#{policy_id}/tailoring"
|
9
|
+
|
10
|
+
create_store_dir store_dir
|
11
|
+
|
12
|
+
scap_file = policy_content_file(policy_tailoring_file)
|
13
|
+
clean_store_folder(policy_store_dir) unless scap_file
|
14
|
+
scap_file ||= save_or_serve_scap_file(policy_tailoring_file, file_download_path)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -76,10 +76,33 @@ module Proxy::OpenSCAP
|
|
76
76
|
end
|
77
77
|
end
|
78
78
|
|
79
|
+
get "/policies/:policy_id/content/:digest" do
|
80
|
+
content_type 'application/xml'
|
81
|
+
begin
|
82
|
+
Proxy::OpenSCAP::FetchScapContent.new.get_policy_content(params[:policy_id], params[:digest])
|
83
|
+
rescue *HTTP_ERRORS => e
|
84
|
+
log_halt e.response.code.to_i, "File not found on Foreman. Wrong policy id?"
|
85
|
+
rescue StandardError => e
|
86
|
+
log_halt 500, "Error occurred: #{e.message}"
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
79
90
|
get "/policies/:policy_id/content" do
|
80
91
|
content_type 'application/xml'
|
92
|
+
logger.warn 'DEPRECATION WARNING: /policies/:policy_id/content/:digest should be used, please update foreman_openscap'
|
81
93
|
begin
|
82
|
-
Proxy::OpenSCAP::FetchScapContent.new.get_policy_content(params[:policy_id])
|
94
|
+
Proxy::OpenSCAP::FetchScapContent.new.get_policy_content(params[:policy_id], 'scap_content')
|
95
|
+
rescue *HTTP_ERRORS => e
|
96
|
+
log_halt e.response.code.to_i, "File not found on Foreman. Wrong policy id?"
|
97
|
+
rescue StandardError => e
|
98
|
+
log_halt 500, "Error occurred: #{e.message}"
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
get "/policies/:policy_id/tailoring/:digest" do
|
103
|
+
content_type 'application/xml'
|
104
|
+
begin
|
105
|
+
Proxy::OpenSCAP::FetchTailoringFile.new.get_tailoring_file(params[:policy_id], params[:digest])
|
83
106
|
rescue *HTTP_ERRORS => e
|
84
107
|
log_halt e.response.code.to_i, "File not found on Foreman. Wrong policy id?"
|
85
108
|
rescue StandardError => e
|
@@ -97,9 +120,9 @@ module Proxy::OpenSCAP
|
|
97
120
|
end
|
98
121
|
end
|
99
122
|
|
100
|
-
post "/
|
123
|
+
post "/tailoring_file/profiles" do
|
101
124
|
begin
|
102
|
-
Proxy::OpenSCAP::ContentParser.new(request.body.string).
|
125
|
+
Proxy::OpenSCAP::ContentParser.new(request.body.string).get_profiles
|
103
126
|
rescue *HTTP_ERRORS => e
|
104
127
|
log_halt 500, e.message
|
105
128
|
rescue StandardError => e
|
@@ -107,6 +130,16 @@ module Proxy::OpenSCAP
|
|
107
130
|
end
|
108
131
|
end
|
109
132
|
|
133
|
+
post "/scap_file/validator/:type" do
|
134
|
+
validate_scap_file params
|
135
|
+
end
|
136
|
+
|
137
|
+
post "/scap_content/validator" do
|
138
|
+
logger.warn "DEPRECATION WARNING: '/scap_content/validator' will be removed in the future. Use '/scap_file/validator/scap_content' instead"
|
139
|
+
params[:type] = 'scap_content'
|
140
|
+
validate_scap_file params
|
141
|
+
end
|
142
|
+
|
110
143
|
post "/scap_content/guide/:policy" do
|
111
144
|
begin
|
112
145
|
Proxy::OpenSCAP::ContentParser.new(request.body.string).guide(params[:policy])
|
@@ -116,5 +149,17 @@ module Proxy::OpenSCAP
|
|
116
149
|
log_halt 500, "Error occurred: #{e.message}"
|
117
150
|
end
|
118
151
|
end
|
152
|
+
|
153
|
+
private
|
154
|
+
|
155
|
+
def validate_scap_file(params)
|
156
|
+
begin
|
157
|
+
Proxy::OpenSCAP::ContentParser.new(request.body.string, params[:type]).validate
|
158
|
+
rescue *HTTP_ERRORS => e
|
159
|
+
log_halt 500, e.message
|
160
|
+
rescue StandardError => e
|
161
|
+
log_halt 500, "Error occurred: #{e.message}"
|
162
|
+
end
|
163
|
+
end
|
119
164
|
end
|
120
165
|
end
|
@@ -1,12 +1,21 @@
|
|
1
1
|
require 'openscap/ds/sds'
|
2
2
|
require 'openscap/source'
|
3
3
|
require 'openscap/xccdf/benchmark'
|
4
|
+
require 'openscap/xccdf/tailoring'
|
4
5
|
|
5
6
|
module Proxy::OpenSCAP
|
6
7
|
class ContentParser
|
7
|
-
def initialize(scap_content)
|
8
|
+
def initialize(scap_file, type = 'scap_content')
|
8
9
|
OpenSCAP.oscap_init
|
9
|
-
@source = OpenSCAP::Source.new(:content =>
|
10
|
+
@source = OpenSCAP::Source.new(:content => scap_file)
|
11
|
+
@type = type
|
12
|
+
end
|
13
|
+
|
14
|
+
def allowed_types
|
15
|
+
{
|
16
|
+
'tailoring_file' => 'XCCDF Tailoring',
|
17
|
+
'scap_content' => 'SCAP Source Datastream'
|
18
|
+
}
|
10
19
|
end
|
11
20
|
|
12
21
|
def extract_policies
|
@@ -19,11 +28,20 @@ module Proxy::OpenSCAP
|
|
19
28
|
policies.to_json
|
20
29
|
end
|
21
30
|
|
31
|
+
def get_profiles
|
32
|
+
tailoring = ::OpenSCAP::Xccdf::Tailoring.new(@source, nil)
|
33
|
+
profiles = tailoring.profiles.inject({}) do |memo, (key, profile)|
|
34
|
+
memo.tap { |hash| hash[key] = profile.title }
|
35
|
+
end
|
36
|
+
tailoring.destroy
|
37
|
+
profiles.to_json
|
38
|
+
end
|
39
|
+
|
22
40
|
def validate
|
23
41
|
errors = []
|
24
|
-
|
25
|
-
if @source.type !=
|
26
|
-
errors << "Uploaded file is
|
42
|
+
|
43
|
+
if @source.type != allowed_types[@type]
|
44
|
+
errors << "Uploaded file is #{@source.type}, unexpected file type"
|
27
45
|
end
|
28
46
|
|
29
47
|
begin
|
@@ -21,6 +21,7 @@ require 'smart_proxy_openscap/openscap_exception'
|
|
21
21
|
require 'smart_proxy_openscap/openscap_report_parser'
|
22
22
|
require 'smart_proxy_openscap/spool_forwarder'
|
23
23
|
require 'smart_proxy_openscap/storage_fs'
|
24
|
+
require 'smart_proxy_openscap/fetch_tailoring_file'
|
24
25
|
|
25
26
|
module Proxy::OpenSCAP
|
26
27
|
extend ::Proxy::Log
|
@@ -21,6 +21,7 @@ module Proxy::OpenSCAP
|
|
21
21
|
:openscap_send_log_file => File.join(APP_ROOT, 'logs/openscap-send.log'),
|
22
22
|
:contentdir => File.join(APP_ROOT, 'openscap/content'),
|
23
23
|
:reportsdir => File.join(APP_ROOT, 'openscap/reports'),
|
24
|
-
:failed_dir => File.join(APP_ROOT, 'openscap/failed')
|
24
|
+
:failed_dir => File.join(APP_ROOT, 'openscap/failed'),
|
25
|
+
:tailoring_dir => File.join(APP_ROOT, 'openscap/tailoring')
|
25
26
|
end
|
26
27
|
end
|
@@ -12,6 +12,9 @@
|
|
12
12
|
# So we will not request the XML from Foreman each time
|
13
13
|
#:contentdir: /var/lib/openscap/content
|
14
14
|
|
15
|
+
# Directory where OpenSCAP tailoring XML files are stored
|
16
|
+
#:tailoring_dir: /var/lib/openscap/tailoring
|
17
|
+
|
15
18
|
# Directory where OpenSCAP report XML are stored
|
16
19
|
# So Foreman can request arf xml reports
|
17
20
|
#:reportsdir: /usr/share/foreman-proxy/openscap/reports
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
|
3
|
+
<xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml"/>
|
4
|
+
<xccdf:version time="2016-11-10T11:24:26">1</xccdf:version>
|
5
|
+
<xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized" extends="xccdf_org.ssgproject.content_profile_stig-firefox-upstream">
|
6
|
+
<xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Upstream Firefox STIG [CUSTOMIZED]</xccdf:title>
|
7
|
+
<xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process,
|
8
|
+
serving as the upstream development environment for the Firefox STIG.
|
9
|
+
|
10
|
+
As a result of the upstream/downstream relationship between the SCAP Security Guide project
|
11
|
+
and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content.
|
12
|
+
For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/index.aspx.
|
13
|
+
|
14
|
+
While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note
|
15
|
+
that commercial support of this SCAP content is NOT available. This profile is provided as example
|
16
|
+
SCAP content with no endorsement for suitability or production readiness. Support for this
|
17
|
+
profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The
|
18
|
+
upstream project homepage is https://fedorahosted.org/scap-security-guide/.
|
19
|
+
</xccdf:description>
|
20
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-non-secure_page_warning" selected="true"/>
|
21
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_text" selected="true"/>
|
22
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_context_menus" selected="true"/>
|
23
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_changes" selected="true"/>
|
24
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_resizing" selected="true"/>
|
25
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_changes" selected="true"/>
|
26
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-auto-update_of_firefox" selected="false"/>
|
27
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_passwords" selected="false"/>
|
28
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_forms" selected="false"/>
|
29
|
+
<xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-addons_plugin_updates" selected="false"/>
|
30
|
+
</xccdf:Profile>
|
31
|
+
</xccdf:Tailoring>
|
data/test/fetch_scap_api_test.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
require 'test_helper'
|
2
2
|
require 'smart_proxy_openscap'
|
3
3
|
require 'smart_proxy_openscap/openscap_api'
|
4
|
+
require 'digest/sha2'
|
4
5
|
|
5
6
|
ENV['RACK_ENV'] = 'test'
|
6
7
|
|
@@ -16,6 +17,7 @@ class FetchScapApiTest < Test::Unit::TestCase
|
|
16
17
|
Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path)
|
17
18
|
Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path)
|
18
19
|
@scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
|
20
|
+
@digest = Digest::SHA256.hexdigest @scap_content
|
19
21
|
@policy_id = 1
|
20
22
|
end
|
21
23
|
|
@@ -29,17 +31,17 @@ class FetchScapApiTest < Test::Unit::TestCase
|
|
29
31
|
|
30
32
|
def test_get_scap_content_from_foreman
|
31
33
|
stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
|
32
|
-
get "/policies/#{@policy_id}/content"
|
34
|
+
get "/policies/#{@policy_id}/content/#{@digest}"
|
33
35
|
assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
|
34
|
-
assert File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}
|
36
|
+
assert File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
|
35
37
|
assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
|
36
38
|
end
|
37
39
|
|
38
40
|
def test_get_scap_content_from_file
|
39
41
|
# Simulate that scap file was previously saved after fetched from Foreman.
|
40
42
|
FileUtils.mkdir("#{@results_path}/#{@policy_id}")
|
41
|
-
FileUtils.cp("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}
|
42
|
-
get "/policies/#{@policy_id}/content"
|
43
|
+
FileUtils.cp("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
|
44
|
+
get "/policies/#{@policy_id}/content/#{@digest}"
|
43
45
|
assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
|
44
46
|
assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
|
45
47
|
assert(last_response.successful?, "Response should be success")
|
@@ -47,14 +49,14 @@ class FetchScapApiTest < Test::Unit::TestCase
|
|
47
49
|
|
48
50
|
def test_get_scap_content_no_policy
|
49
51
|
stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:status => 404, :body => 'not found')
|
50
|
-
get "/policies/#{@policy_id}/content"
|
52
|
+
get "/policies/#{@policy_id}/content/#{@digest}"
|
51
53
|
assert(last_response.not_found?, "Response should be 404")
|
52
54
|
end
|
53
55
|
|
54
56
|
def test_get_scap_content_permissions
|
55
57
|
Proxy::OpenSCAP::FetchScapContent.any_instance.stubs(:get_policy_content).raises(Errno::EACCES)
|
56
58
|
stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
|
57
|
-
get "/policies/#{@policy_id}/content"
|
59
|
+
get "/policies/#{@policy_id}/content/#{@digest}"
|
58
60
|
assert_equal(500, last_response.status, "No permissions should raise error 500")
|
59
61
|
assert_equal('Error occurred: Permission denied', last_response.body)
|
60
62
|
end
|
@@ -62,8 +64,8 @@ class FetchScapApiTest < Test::Unit::TestCase
|
|
62
64
|
def test_locked_file_should_serve_from_foreman
|
63
65
|
Proxy::FileLock.stubs(:try_locking).returns(nil)
|
64
66
|
stub_request(:get, "#{@foreman_url}/api/v2/compliance/policies/#{@policy_id}/content").to_return(:body => @scap_content)
|
65
|
-
get "/policies/#{@policy_id}/content"
|
66
|
-
refute(File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}
|
67
|
+
get "/policies/#{@policy_id}/content/#{@digest}"
|
68
|
+
refute(File.file?("#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml"), "Scap file should be saved")
|
67
69
|
assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
|
68
70
|
assert_equal(@scap_content.length, last_response.length, "Scap content should be equal")
|
69
71
|
assert(last_response.successful?, "Response should be success")
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require 'smart_proxy_openscap'
|
3
|
+
require 'smart_proxy_openscap/openscap_api'
|
4
|
+
|
5
|
+
ENV['RACK_ENV'] = 'test'
|
6
|
+
|
7
|
+
class FetchTailoringApiTest < Test::Unit::TestCase
|
8
|
+
include Rack::Test::Methods
|
9
|
+
|
10
|
+
def setup
|
11
|
+
@foreman_url = 'https://foreman.example.com'
|
12
|
+
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
13
|
+
@results_path = ("#{Dir.getwd}/test/test_run_files")
|
14
|
+
FileUtils.mkdir_p(@results_path)
|
15
|
+
Proxy::OpenSCAP::Plugin.settings.stubs(:tailoring_dir).returns(@results_path)
|
16
|
+
@tailoring_file = File.new("#{Dir.getwd}/test/data/tailoring.xml").read
|
17
|
+
@digest = Digest::SHA256.hexdigest @tailoring_file
|
18
|
+
@policy_id = 1
|
19
|
+
end
|
20
|
+
|
21
|
+
def teardown
|
22
|
+
FileUtils.rm_rf(Dir.glob("#{@results_path}/*"))
|
23
|
+
end
|
24
|
+
|
25
|
+
def app
|
26
|
+
::Proxy::OpenSCAP::Api.new
|
27
|
+
end
|
28
|
+
|
29
|
+
def test_get_tailoring_file_from_file
|
30
|
+
FileUtils.mkdir("#{@results_path}/#{@policy_id}")
|
31
|
+
FileUtils.cp("#{Dir.getwd}/test/data/tailoring.xml", "#{@results_path}/#{@policy_id}/#{@policy_id}_#{@digest}.xml")
|
32
|
+
get "/policies/#{@policy_id}/tailoring/#{@digest}"
|
33
|
+
assert_equal("application/xml;charset=utf-8", last_response.header["Content-Type"], "Response header should be application/xml")
|
34
|
+
assert_equal(@tailoring_file.length, last_response.length, "Scap content should be equal")
|
35
|
+
assert(last_response.successful?, "Response should be success")
|
36
|
+
end
|
37
|
+
end
|
@@ -53,6 +53,6 @@ class OpenSCAPGetArfTest < Test::Unit::TestCase
|
|
53
53
|
def test_delete_arf_file
|
54
54
|
delete "/arf/#{@arf_id}/#{@cname}/#{@date}/#{@filename}"
|
55
55
|
assert last_response.ok?
|
56
|
-
refute File.
|
56
|
+
refute File.exist?("#{@results_path}/reports/arf/#{@cname}/#{@arf_id}")
|
57
57
|
end
|
58
58
|
end
|
@@ -9,6 +9,7 @@ class ScapContentParserApiTest < Test::Unit::TestCase
|
|
9
9
|
@foreman_url = 'https://foreman.example.com'
|
10
10
|
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
11
11
|
@scap_content = File.new("#{Dir.getwd}/test/data/ssg-rhel7-ds.xml").read
|
12
|
+
@tailoring_file = File.new("#{Dir.getwd}/test/data/tailoring.xml").read
|
12
13
|
end
|
13
14
|
|
14
15
|
def app
|
@@ -31,7 +32,7 @@ class ScapContentParserApiTest < Test::Unit::TestCase
|
|
31
32
|
end
|
32
33
|
|
33
34
|
def test_scap_content_validator
|
34
|
-
post '/
|
35
|
+
post '/scap_file/validator/scap_content', @scap_content, 'CONTENT_TYPE' => 'text/xml'
|
35
36
|
result = JSON.parse(last_response.body)
|
36
37
|
assert_empty(result['errors'])
|
37
38
|
assert(last_response.successful?)
|
@@ -39,7 +40,7 @@ class ScapContentParserApiTest < Test::Unit::TestCase
|
|
39
40
|
|
40
41
|
def test_invalid_scap_content_validator
|
41
42
|
Proxy::OpenSCAP::ContentParser.any_instance.stubs(:validate).returns({:errors => 'Invalid SCAP file type'}.to_json)
|
42
|
-
post '/
|
43
|
+
post '/scap_file/validator/scap_content', @scap_content, 'CONTENT_TYPE' => 'text/xml'
|
43
44
|
result = JSON.parse(last_response.body)
|
44
45
|
refute_empty(result['errors'])
|
45
46
|
assert(last_response.successful?)
|
@@ -51,4 +52,18 @@ class ScapContentParserApiTest < Test::Unit::TestCase
|
|
51
52
|
assert(result['html'].start_with?('<!DOCTYPE html>'))
|
52
53
|
assert(last_response.successful?)
|
53
54
|
end
|
55
|
+
|
56
|
+
def test_validate_tailoring_file
|
57
|
+
post '/scap_file/validator/tailoring_file', @tailoring_file, 'CONTENT_TYPE' => 'text/xml'
|
58
|
+
result = JSON.parse(last_response.body)
|
59
|
+
assert_empty(result['errors'])
|
60
|
+
assert(last_response.successful?)
|
61
|
+
end
|
62
|
+
|
63
|
+
def test_get_profiles_from_tailoring_file
|
64
|
+
post '/tailoring_file/profiles', @tailoring_file, 'CONTENT_TYPE' => 'text/xml'
|
65
|
+
result = JSON.parse(last_response.body)
|
66
|
+
assert_equal 1, result.keys.length
|
67
|
+
assert(last_response.successful?)
|
68
|
+
end
|
54
69
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- "Šimon Lukašík"
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2017-02-14 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rake
|
@@ -72,16 +72,16 @@ dependencies:
|
|
72
72
|
name: openscap
|
73
73
|
requirement: !ruby/object:Gem::Requirement
|
74
74
|
requirements:
|
75
|
-
- - "
|
75
|
+
- - "~>"
|
76
76
|
- !ruby/object:Gem::Version
|
77
|
-
version: 0.4.
|
77
|
+
version: 0.4.7
|
78
78
|
type: :runtime
|
79
79
|
prerelease: false
|
80
80
|
version_requirements: !ruby/object:Gem::Requirement
|
81
81
|
requirements:
|
82
|
-
- - "
|
82
|
+
- - "~>"
|
83
83
|
- !ruby/object:Gem::Version
|
84
|
-
version: 0.4.
|
84
|
+
version: 0.4.7
|
85
85
|
description: |-
|
86
86
|
A plug-in to the Foreman's smart-proxy which receives
|
87
87
|
bzip2ed ARF files and forwards them to the Foreman.
|
@@ -102,7 +102,9 @@ files:
|
|
102
102
|
- extra/rubygem-smart_proxy_openscap.spec
|
103
103
|
- extra/smart-proxy-openscap-send.cron
|
104
104
|
- lib/smart_proxy_openscap.rb
|
105
|
+
- lib/smart_proxy_openscap/fetch_file.rb
|
105
106
|
- lib/smart_proxy_openscap/fetch_scap_content.rb
|
107
|
+
- lib/smart_proxy_openscap/fetch_tailoring_file.rb
|
106
108
|
- lib/smart_proxy_openscap/foreman_forwarder.rb
|
107
109
|
- lib/smart_proxy_openscap/http_config.ru
|
108
110
|
- lib/smart_proxy_openscap/openscap_api.rb
|
@@ -120,7 +122,9 @@ files:
|
|
120
122
|
- smart_proxy_openscap.gemspec
|
121
123
|
- test/data/arf_report
|
122
124
|
- test/data/ssg-rhel7-ds.xml
|
125
|
+
- test/data/tailoring.xml
|
123
126
|
- test/fetch_scap_api_test.rb
|
127
|
+
- test/fetch_tailoring_api_test.rb
|
124
128
|
- test/get_report_xml_html_test.rb
|
125
129
|
- test/post_report_api_test.rb
|
126
130
|
- test/scap_content_parser_api_test.rb
|
@@ -145,9 +149,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
145
149
|
version: '0'
|
146
150
|
requirements: []
|
147
151
|
rubyforge_project:
|
148
|
-
rubygems_version: 2.4.
|
152
|
+
rubygems_version: 2.4.5
|
149
153
|
signing_key:
|
150
154
|
specification_version: 4
|
151
155
|
summary: OpenSCAP plug-in for Foreman's smart-proxy.
|
152
156
|
test_files: []
|
153
|
-
has_rdoc:
|