smart_proxy_openscap 0.6.1 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_proxy_openscap/fetch_tailoring_file.rb +1 -1
- data/lib/smart_proxy_openscap/foreman_forwarder.rb +3 -0
- data/lib/smart_proxy_openscap/openscap_api.rb +3 -0
- data/lib/smart_proxy_openscap/openscap_exception.rb +1 -0
- data/lib/smart_proxy_openscap/spool_forwarder.rb +16 -16
- data/lib/smart_proxy_openscap/storage_fs.rb +18 -0
- data/lib/smart_proxy_openscap/version.rb +1 -1
- data/settings.d/openscap.yml.example +4 -0
- data/test/data/corrupted_arf_report +0 -0
- data/test/data/spool/cleanup_spool/arf/2c101b95-033f-4b15-b490-f50bf9090dae/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
- data/test/data/spool/cleanup_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
- data/test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb +0 -0
- data/test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
- data/test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
- data/test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1 +0 -0
- data/test/post_report_api_test.rb +11 -0
- data/test/spool_forwarder_test.rb +82 -0
- metadata +10 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 17c8ac2a2ead069f4efa7282704a31bfc92b248a
|
4
|
+
data.tar.gz: bfe816a4639d132847e7ba97848aeed06829c80b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: db6215253f5ddd5f6e862b5fa01a23a06f2eaeacb16d0a82bd037b493bc5c4cdcdabd21034f425aede1013ca7189c7b98b83ef81e06c6fa5684d75402d8008e8
|
7
|
+
data.tar.gz: cf76b07956f6d50a101ea9ec26432c2dd7a0206763db8732149e9d97bb97ae6114eb8b481354ecff08941e0253e90006673014913b2d9f0014cda393a27d7546
|
@@ -10,7 +10,7 @@ module Proxy::OpenSCAP
|
|
10
10
|
create_store_dir store_dir
|
11
11
|
|
12
12
|
scap_file = policy_content_file(policy_tailoring_file)
|
13
|
-
clean_store_folder(
|
13
|
+
clean_store_folder(store_dir) unless scap_file
|
14
14
|
scap_file ||= save_or_serve_scap_file(policy_tailoring_file, file_download_path)
|
15
15
|
end
|
16
16
|
end
|
@@ -11,6 +11,9 @@ module Proxy::OpenSCAP
|
|
11
11
|
response.value
|
12
12
|
res = JSON.parse(response.body)
|
13
13
|
raise StandardError, "Received response: #{response.code} #{response.msg}" unless res['result'] == 'OK'
|
14
|
+
rescue OpenSCAP::OpenSCAPError => e
|
15
|
+
logger.debug e.backtrace.join("\n\t")
|
16
|
+
raise e
|
14
17
|
rescue StandardError => e
|
15
18
|
logger.debug response.body if response
|
16
19
|
logger.debug e.backtrace.join("\n\t")
|
@@ -42,6 +42,9 @@ module Proxy::OpenSCAP
|
|
42
42
|
Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.failed_dir, cn, post_to_foreman['id'], date).store_failed(request.body.string)
|
43
43
|
logger.error "Failed to save Report in reports directory (#{Proxy::OpenSCAP::Plugin.settings.reportsdir}). Failed with: #{e.message}.
|
44
44
|
Saving file in #{Proxy::OpenSCAP::Plugin.settings.failed_dir}. Please copy manually to #{Proxy::OpenSCAP::Plugin.settings.reportsdir}"
|
45
|
+
rescue OpenSCAP::OpenSCAPError => e
|
46
|
+
logger.error "Failed to parse Arf Report, moving to #{Proxy::OpenSCAP::Plugin.settings.corrupted_dir}"
|
47
|
+
Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.corrupted_dir, cn, policy, date).store_corrupted(request.body.string)
|
45
48
|
rescue *HTTP_ERRORS => e
|
46
49
|
### If the upload to foreman fails then store it in the spooldir
|
47
50
|
logger.error "Failed to upload to Foreman, saving in spool. Failed with: #{e.message}"
|
@@ -3,19 +3,11 @@ module Proxy::OpenSCAP
|
|
3
3
|
include ::Proxy::Log
|
4
4
|
|
5
5
|
def post_arf_from_spool(arf_dir)
|
6
|
-
failed = nil
|
7
6
|
Dir.foreach(arf_dir) do |cname|
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
forward_cname_dir(cname, cname_dir) if File.directory?(cname_dir)
|
12
|
-
rescue StandardError => e
|
13
|
-
logger.debug e.backtrace.join("\n\t")
|
14
|
-
logger.error "Failed to send SCAP results for #{cname} to the Foreman server: #{e}"
|
15
|
-
failed = true
|
16
|
-
end
|
7
|
+
next if cname == '.' || cname == '..'
|
8
|
+
cname_dir = File.join(arf_dir, cname)
|
9
|
+
forward_cname_dir(cname, cname_dir) if File.directory?(cname_dir)
|
17
10
|
end
|
18
|
-
raise "Failed to send SCAP results for one or more hosts." if failed
|
19
11
|
end
|
20
12
|
|
21
13
|
private
|
@@ -28,7 +20,7 @@ module Proxy::OpenSCAP
|
|
28
20
|
forward_policy_dir(cname, policy_id, policy_dir)
|
29
21
|
end
|
30
22
|
end
|
31
|
-
|
23
|
+
remove_if_empty(cname_dir)
|
32
24
|
end
|
33
25
|
|
34
26
|
def forward_policy_dir(cname, policy_id, policy_dir)
|
@@ -39,7 +31,7 @@ module Proxy::OpenSCAP
|
|
39
31
|
forward_date_dir(cname, policy_id, date, date_dir)
|
40
32
|
end
|
41
33
|
end
|
42
|
-
|
34
|
+
remove_if_empty(policy_dir)
|
43
35
|
end
|
44
36
|
|
45
37
|
def forward_date_dir(cname, policy_id, date, date_dir)
|
@@ -51,7 +43,7 @@ module Proxy::OpenSCAP
|
|
51
43
|
forward_arf_file(cname, policy_id, date, arf_path)
|
52
44
|
end
|
53
45
|
end
|
54
|
-
|
46
|
+
remove_if_empty(date_dir)
|
55
47
|
end
|
56
48
|
|
57
49
|
def forward_arf_file(cname, policy_id, date, arf_file_path)
|
@@ -59,11 +51,19 @@ module Proxy::OpenSCAP
|
|
59
51
|
post_to_foreman = ForemanForwarder.new.post_arf_report(cname, policy_id, date, data)
|
60
52
|
Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.reportsdir, cname, post_to_foreman['id'], date).store_archive(data)
|
61
53
|
File.delete arf_file_path
|
54
|
+
rescue OpenSCAP::OpenSCAPError => e
|
55
|
+
logger.error "Failed to parse Arf Report at #{arf_file_path}, moving to #{Proxy::OpenSCAP::Plugin.settings.corrupted_dir}"
|
56
|
+
|
57
|
+
Proxy::OpenSCAP::StorageFS.new(Proxy::OpenSCAP::Plugin.settings.corrupted_dir, cname, policy_id, date)
|
58
|
+
.move_corrupted(arf_file_path.split('/').last)
|
59
|
+
rescue StandardError => e
|
60
|
+
logger.error "smart-proxy-openscap-send failed to upload Compliance report for #{cname}, generated on #{Time.at date.to_i}. Cause: #{e}"
|
62
61
|
end
|
63
62
|
|
64
|
-
def
|
63
|
+
def remove_if_empty(dir)
|
65
64
|
begin
|
66
|
-
Dir.delete dir
|
65
|
+
Dir.delete dir if Dir["#{dir}/*"].empty?
|
66
|
+
logger.debug "Removing directory: #{dir}"
|
67
67
|
rescue StandardError => e
|
68
68
|
logger.error "Could not remove directory: #{e.message}"
|
69
69
|
end
|
@@ -14,6 +14,15 @@ module Proxy::OpenSCAP
|
|
14
14
|
store(data, StoreFailedError)
|
15
15
|
end
|
16
16
|
|
17
|
+
def store_corrupted(data)
|
18
|
+
store(data, StoreCorruptedError)
|
19
|
+
end
|
20
|
+
|
21
|
+
def move_corrupted(digest)
|
22
|
+
source = "#{Proxy::OpenSCAP::Plugin.settings.spooldir}/#{@namespace}/#{@cname}/#{@id}/#{@date}"
|
23
|
+
move "#{source}/#{digest}", StoreCorruptedError
|
24
|
+
end
|
25
|
+
|
17
26
|
def get_arf_xml(digest)
|
18
27
|
get_arf_file(digest)[:xml]
|
19
28
|
end
|
@@ -54,6 +63,15 @@ module Proxy::OpenSCAP
|
|
54
63
|
@path
|
55
64
|
end
|
56
65
|
|
66
|
+
def move(source, error_type)
|
67
|
+
begin
|
68
|
+
create_directory
|
69
|
+
FileUtils.mv source, @path
|
70
|
+
rescue StandardError => e
|
71
|
+
raise error_type, "Could not move file: #{e.message}"
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
57
75
|
def store(data, error_type)
|
58
76
|
begin
|
59
77
|
create_directory
|
@@ -22,3 +22,7 @@
|
|
22
22
|
# Directory where OpenSCAP report XML are stored
|
23
23
|
# In case sending to Foreman succeeded, yet failed to save to reportsdir
|
24
24
|
#:failed_dir: /usr/share/foreman-proxy/openscap/failed
|
25
|
+
|
26
|
+
# Directory where corrupted OpenSCAP report XML are stored
|
27
|
+
# When proxy cannot parse the report sent by client
|
28
|
+
#:corrupted_dir: /var/lib/foreman-proxy/openscap/corrupted
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -16,10 +16,13 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
16
16
|
Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@results_path + "/spool")
|
17
17
|
Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
|
18
18
|
Proxy::OpenSCAP::Plugin.settings.stubs(:failed_dir).returns(@results_path + "/failed")
|
19
|
+
Proxy::OpenSCAP::Plugin.settings.stubs(:corrupted_dir).returns(@results_path + "/corrupted")
|
19
20
|
@arf_report = File.open("#{Dir.getwd}/test/data/arf_report").read
|
21
|
+
@corrupted_arf_report = File.open("#{Dir.getwd}/test/data/corrupted_arf_report").read
|
20
22
|
@policy_id = 1
|
21
23
|
@arf_id = 145
|
22
24
|
@filename = Digest::SHA256.hexdigest(@arf_report)
|
25
|
+
@corrupted_filename = Digest::SHA256.hexdigest(@corrupted_arf_report)
|
23
26
|
@cname = 'node.example.org'
|
24
27
|
@date = Time.now.to_i
|
25
28
|
# Bypass common_name as it requires ssl certificate
|
@@ -72,4 +75,12 @@ class OpenSCAPApiTest < Test::Unit::TestCase
|
|
72
75
|
log_file = File.read('logs/test.log')
|
73
76
|
assert(log_file.include?('Failed to save Report in reports directory'), 'Logger should notify that failed to save in reports dir')
|
74
77
|
end
|
78
|
+
|
79
|
+
def test_post_corrupted_should_move_to_corrupted
|
80
|
+
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date}")
|
81
|
+
.to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@arf_id}\"}")
|
82
|
+
post "/arf/#{@policy_id}", @corrupted_arf_report, 'CONTENT_TYPE' => 'text/xml', 'CONTENT_ENCODING' => 'x-bzip2'
|
83
|
+
assert(File.file?("#{@results_path}/corrupted/arf/#{@cname}/#{@policy_id}/#{@date}/#{@corrupted_filename}"), "File should be in Corrupted directory")
|
84
|
+
refute(File.file?("#{@results_path}/spool/arf/#{@cname}/#{@policy_id}/#{@date}/#{@corrupted_filename}"), "File should not be in Spool directory")
|
85
|
+
end
|
75
86
|
end
|
@@ -0,0 +1,82 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require 'smart_proxy_openscap'
|
3
|
+
require 'smart_proxy_openscap/openscap_lib'
|
4
|
+
|
5
|
+
class SpoolForwarderTest < Test::Unit::TestCase
|
6
|
+
def setup
|
7
|
+
@foreman_url = 'https://foreman.example.com'
|
8
|
+
Proxy::SETTINGS.stubs(:foreman_url).returns(@foreman_url)
|
9
|
+
@base_spool_for_test = ("#{Dir.getwd}/test/data/spool")
|
10
|
+
@results_path = ("#{Dir.getwd}/test/test_run_files")
|
11
|
+
FileUtils.mkdir_p(@results_path)
|
12
|
+
Proxy::OpenSCAP::Plugin.settings.stubs(:contentdir).returns(@results_path)
|
13
|
+
@spooldir = @results_path + "/spool"
|
14
|
+
Proxy::OpenSCAP::Plugin.settings.stubs(:spooldir).returns(@spooldir)
|
15
|
+
Proxy::OpenSCAP::Plugin.settings.stubs(:reportsdir).returns(@results_path + "/reports")
|
16
|
+
Proxy::OpenSCAP::Plugin.settings.stubs(:corrupted_dir).returns(@results_path + "/corrupted")
|
17
|
+
@policy_id = 1
|
18
|
+
@date_1 = 1484309984
|
19
|
+
@date_2 = 1484313035
|
20
|
+
@id_1 = 42
|
21
|
+
@id_2 = 84
|
22
|
+
@valid_digest = "fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1"
|
23
|
+
@corrupted_digest = "a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb"
|
24
|
+
@cname = "e20b9695-f655-401a-9dda-8cca7a47a8c0"
|
25
|
+
@cname_2 = "2c101b95-033f-4b15-b490-f50bf9090dae"
|
26
|
+
|
27
|
+
@arf_dir = File.join(Proxy::OpenSCAP::Plugin.settings.spooldir, "/arf")
|
28
|
+
|
29
|
+
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date_1}")
|
30
|
+
.to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@id_1}\"}")
|
31
|
+
|
32
|
+
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date_2}")
|
33
|
+
.to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@id_2}\"}")
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
def teardown
|
38
|
+
FileUtils.rm_rf @results_path
|
39
|
+
end
|
40
|
+
|
41
|
+
def test_send_spool_to_foreman
|
42
|
+
test_spool = @base_spool_for_test + "/valid_spool/"
|
43
|
+
FileUtils.cp_r test_spool, @spooldir
|
44
|
+
|
45
|
+
Proxy::OpenSCAP::SpoolForwarder.new.post_arf_from_spool(@arf_dir)
|
46
|
+
assert(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@id_1}/#{@date_1}/#{@valid_digest}"), "File should be in reports directory")
|
47
|
+
assert(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@id_2}/#{@date_2}/#{@valid_digest}"), "File should be in reports directory")
|
48
|
+
refute(File.file?("#{@spooldir}/arf/#{@cname}/#{@policy_id}/#{@date_1}/#{@valid_digest}"), "File should not be in spool directory")
|
49
|
+
refute(File.file?("#{@spooldir}/arf/#{@cname}/#{@policy_id}/#{@date_2}/#{@valid_digest}"), "File should not be in spool directory")
|
50
|
+
end
|
51
|
+
|
52
|
+
def test_send_corrupted_spool_to_foreman
|
53
|
+
test_spool = @base_spool_for_test + "/corrupted_spool/"
|
54
|
+
FileUtils.cp_r test_spool, @spooldir
|
55
|
+
|
56
|
+
Proxy::OpenSCAP::SpoolForwarder.new.post_arf_from_spool(@arf_dir)
|
57
|
+
|
58
|
+
assert(File.file?("#{@results_path}/corrupted/arf/#{@cname}/#{@policy_id}/#{@date_1}/#{@corrupted_digest}"), "File should be in corrupted directory")
|
59
|
+
assert(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@id_2}/#{@date_2}/#{@valid_digest}"), "File should be in reports directory")
|
60
|
+
|
61
|
+
refute(File.file?("#{@spooldir}/arf/#{@cname}/#{@policy_id}/#{@date_1}/#{@corrupted_digest}"), "File should not be in spool directory")
|
62
|
+
refute(File.file?("#{@spooldir}/arf/#{@cname}/#{@policy_id}/#{@date_2}/#{@valid_digest}"), "File should not be in spool directory")
|
63
|
+
end
|
64
|
+
|
65
|
+
def test_send_spool_cleans_up
|
66
|
+
test_spool = @base_spool_for_test + "/cleanup_spool/"
|
67
|
+
FileUtils.cp_r test_spool, @spooldir
|
68
|
+
|
69
|
+
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname}/#{@policy_id}/#{@date_1}")
|
70
|
+
.to_return(:status => 200, :body => "{\"result\":\"OK\",\"id\":\"#{@id_1}\"}")
|
71
|
+
|
72
|
+
stub_request(:post, "#{@foreman_url}/api/v2/compliance/arf_reports/#{@cname_2}/#{@policy_id}/#{@date_2}")
|
73
|
+
.to_return(:status => 500)
|
74
|
+
|
75
|
+
Proxy::OpenSCAP::SpoolForwarder.new.post_arf_from_spool(@arf_dir)
|
76
|
+
|
77
|
+
assert(File.file?("#{@results_path}/reports/arf/#{@cname}/#{@id_1}/#{@date_1}/#{@valid_digest}"), "File should be in reports directory")
|
78
|
+
assert(File.file?("#{@spooldir}/arf/#{@cname_2}/#{@policy_id}/#{@date_2}/#{@valid_digest}"), "File should be in spool directory")
|
79
|
+
|
80
|
+
refute(File.exist?("#{@spooldir}/arf/#{@cname}"), "Folder should not exist")
|
81
|
+
end
|
82
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- "Šimon Lukašík"
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2017-
|
13
|
+
date: 2017-03-13 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rake
|
@@ -121,6 +121,13 @@ files:
|
|
121
121
|
- settings.d/openscap.yml.example
|
122
122
|
- smart_proxy_openscap.gemspec
|
123
123
|
- test/data/arf_report
|
124
|
+
- test/data/corrupted_arf_report
|
125
|
+
- test/data/spool/cleanup_spool/arf/2c101b95-033f-4b15-b490-f50bf9090dae/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
126
|
+
- test/data/spool/cleanup_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
127
|
+
- test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/a4dfba5db27b21795e6fa401b8dce7a70faeb25b7963891f07f6f4baaf052afb
|
128
|
+
- test/data/spool/corrupted_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
129
|
+
- test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484309984/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
130
|
+
- test/data/spool/valid_spool/arf/e20b9695-f655-401a-9dda-8cca7a47a8c0/1/1484313035/fa2f68ffb944c917332a284dc63ec7f8fa76990cb815ddcad3318b5d9457f8a1
|
124
131
|
- test/data/ssg-rhel7-ds.xml
|
125
132
|
- test/data/tailoring.xml
|
126
133
|
- test/fetch_scap_api_test.rb
|
@@ -128,6 +135,7 @@ files:
|
|
128
135
|
- test/get_report_xml_html_test.rb
|
129
136
|
- test/post_report_api_test.rb
|
130
137
|
- test/scap_content_parser_api_test.rb
|
138
|
+
- test/spool_forwarder_test.rb
|
131
139
|
- test/test_helper.rb
|
132
140
|
homepage: http://github.com/OpenSCAP/smart_proxy_openscap
|
133
141
|
licenses:
|