|
Packit Service |
569379 |
#!/usr/bin/env bash
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Copyright 2009 Red Hat Inc., Durham, North Carolina.
|
|
Packit Service |
569379 |
# All Rights Reserved.
|
|
Packit Service |
569379 |
#
|
|
Packit Service |
569379 |
# OpenScap Testing Helpers.
|
|
Packit Service |
569379 |
#
|
|
Packit Service |
569379 |
# Authors:
|
|
Packit Service |
569379 |
# Ondrej Moris <omoris@redhat.com>
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Normalized path.
|
|
Packit Service |
569379 |
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
PREFERRED_PYTHON=@PREFERRED_PYTHON_PATH@
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Some of the tests rely on the "C" locale and would fail with some locales.
|
|
Packit Service |
569379 |
LC_ALL=C
|
|
Packit Service |
569379 |
export LC_ALL
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
OSCAP_FULL_VALIDATION=1
|
|
Packit Service |
569379 |
export OSCAP_FULL_VALIDATION
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if [ -z ${CUSTOM_OSCAP+x} ] ; then
|
|
Packit Service |
569379 |
enable_valgrind="@ENABLE_VALGRIND@"
|
|
Packit Service |
569379 |
if [ $enable_valgrind != "OFF" ] ; then
|
|
Packit Service |
569379 |
actualdir=@CMAKE_BINARY_DIR@
|
|
Packit Service |
569379 |
export actualdir
|
|
Packit Service |
569379 |
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP="@CMAKE_SOURCE_DIR@/tests/valgrind_test.sh"
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP="bash @CMAKE_BINARY_DIR@/run @CMAKE_BINARY_DIR@/utils/oscap"
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP_CHROOTABLE_EXEC="@CMAKE_BINARY_DIR@/utils/oscap-chrootable"
|
|
Packit Service |
569379 |
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP_CHROOTABLE="bash @CMAKE_BINARY_DIR@/run $OSCAP_CHROOTABLE_EXEC"
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
export OSCAP=${CUSTOM_OSCAP}
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
export XMLDIFF="@CMAKE_SOURCE_DIR@/tests/xmldiff.pl"
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if ! XPATH_ORIG=`command -v xpath 2>&1;; then
|
|
Packit Service |
569379 |
echo "I require xpath tool but it's not installed. Aborting." >&2
|
|
Packit Service |
569379 |
exit 1
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
xpath_variant=$(perl -MXML::XPath -e 'print $XML::XPath::VERSION >= 1.34 ? "need_wrapper" : "standard"')
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if [ "$xpath_variant" == "need_wrapper" ];
|
|
Packit Service |
569379 |
then
|
|
Packit Service |
569379 |
export XPATH_ORIG
|
|
Packit Service |
569379 |
xpath_wrapper() {
|
|
Packit Service |
569379 |
if [ "$#" == "1" ]; then
|
|
Packit Service |
569379 |
# read file from stdin
|
|
Packit Service |
569379 |
xpath_expr="$1"
|
|
Packit Service |
569379 |
"$XPATH_ORIG" -e "$xpath_expr"
|
|
Packit Service |
569379 |
elif [ "$#" == "2" ]; then
|
|
Packit Service |
569379 |
file="$1"
|
|
Packit Service |
569379 |
xpath_expr="$2"
|
|
Packit Service |
569379 |
"$XPATH_ORIG" -e "$xpath_expr" "$file"
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
echo "Parameters are not supported by xpath wrapper" >&2
|
|
Packit Service |
569379 |
exit 1
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
export -f xpath_wrapper
|
|
Packit Service |
569379 |
export XPATH=xpath_wrapper
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
export XPATH="$XPATH_ORIG"
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Overall test result.
|
|
Packit Service |
569379 |
result=0
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Set-up testing environment.
|
|
Packit Service |
569379 |
function test_init {
|
|
Packit Service |
569379 |
:
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Execute test and report its results.
|
|
Packit Service |
569379 |
function test_run {
|
|
Packit Service |
569379 |
printf "+ %-60s\n" "$1";
|
|
Packit Service |
569379 |
echo -e "TEST: $1" >&2;
|
|
Packit Service |
569379 |
shift
|
|
Packit Service |
569379 |
( exec 1>&2 ; eval "$@" )
|
|
Packit Service |
569379 |
ret_val=$?
|
|
Packit Service |
569379 |
if [ $ret_val -eq 0 ]; then
|
|
Packit Service |
569379 |
echo -e "RESULT: PASSED\n" >&2
|
|
Packit Service |
569379 |
return 0;
|
|
Packit Service |
569379 |
elif [ $ret_val -eq 1 ]; then
|
|
Packit Service |
569379 |
result=$(($result + $ret_val))
|
|
Packit Service |
569379 |
echo -e "RESULT: FAILED\n" >&2
|
|
Packit Service |
569379 |
return 1;
|
|
Packit Service |
569379 |
elif [ $ret_val -eq 255 ]; then
|
|
Packit Service |
569379 |
echo -e "RESULT: SKIPPED\n" >&2
|
|
Packit Service |
569379 |
return 0;
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
result=$(($result + $ret_val))
|
|
Packit Service |
569379 |
echo -e "RESULT: WARNING (unknown exist status $ret_val)\n" >&2
|
|
Packit Service |
569379 |
return 1;
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Clean-up testing environment.
|
|
Packit Service |
569379 |
function test_exit {
|
|
Packit Service |
569379 |
if [ $# -eq 1 ]
|
|
Packit Service |
569379 |
then
|
|
Packit Service |
569379 |
( exec 1>&2 ; eval "$@" )
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
[ $result -eq 0 ] && exit 0
|
|
Packit Service |
569379 |
exit 1
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Check if requirements are in a path, use it as follows:
|
|
Packit Service |
569379 |
# require 'program' || return 255
|
|
Packit Service |
569379 |
function require {
|
|
Packit Service |
569379 |
eval "which $1 > /dev/null 2>&1"
|
|
Packit Service |
569379 |
if [ ! $? -eq 0 ]; then
|
|
Packit Service |
569379 |
echo -e "No '$1' found in $PATH!\n"
|
|
Packit Service |
569379 |
return 1; # Test is not applicable.
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
return 0
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Check if probe exists, use it as follows:
|
|
Packit Service |
569379 |
# probecheck 'probe' || return 255
|
|
Packit Service |
569379 |
function probecheck {
|
|
Packit Service |
569379 |
if ! $OSCAP --version | grep "\<"$1"\>" >/dev/null ; then
|
|
Packit Service |
569379 |
echo -e "Probe $1 does not exist!\n"
|
|
Packit Service |
569379 |
return 255 # Test is not applicable.
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
return 0
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# Check for package names and return a version number
|
|
Packit Service |
569379 |
function package_version {
|
|
Packit Service |
569379 |
# loop through multiple potential package names
|
|
Packit Service |
569379 |
# return first version number found
|
|
Packit Service |
569379 |
for package in $@; do
|
|
Packit Service |
569379 |
ver=""
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# check rpm for package version first
|
|
Packit Service |
569379 |
if [ -f "/usr/bin/rpm" ]; then
|
|
Packit Service |
569379 |
ver=$(rpm -q $package --qf="%{version}" 2> /dev/null)
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# rpm returns error messages on stdout, check return code
|
|
Packit Service |
569379 |
if [ ! "$?" -eq "0" ]; then
|
|
Packit Service |
569379 |
ver=""
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# fall back to dpkg for debian systems
|
|
Packit Service |
569379 |
if [ "${ver}" == "" ] && [ -f "/usr/bin/dpkg-query" ]; then
|
|
Packit Service |
569379 |
# for Debian-based systems, return the upstream version
|
|
Packit Service |
569379 |
ver="$(dpkg-query -f '${source:Upstream-Version}' -W $package 2> /dev/null)"
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# return the first match found
|
|
Packit Service |
569379 |
if [ "${ver}" != "" ]; then
|
|
Packit Service |
569379 |
echo "${ver}"
|
|
Packit Service |
569379 |
return 0
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
done
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# package not found
|
|
Packit Service |
569379 |
if [ "${ver}" == "" ]; then
|
|
Packit Service |
569379 |
return 255
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
function verify_results {
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
require "grep" || return 255
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
local ret_val=0;
|
|
Packit Service |
569379 |
local TYPE="$1"
|
|
Packit Service |
569379 |
local CONTENT="$2"
|
|
Packit Service |
569379 |
local RESULTS="$3"
|
|
Packit Service |
569379 |
local COUNT="$4"
|
|
Packit Service |
569379 |
local FULLTYPE="definition"
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
[ $TYPE == "tst" ] && FULLTYPE="test"
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
ID=1
|
|
Packit Service |
569379 |
while [ $ID -le $COUNT ]; do
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
CON_ITEM=`grep "id=\"oval:[[:digit:]]\+:${TYPE}:${ID}\"" $CONTENT`
|
|
Packit Service |
569379 |
RES_ITEM=`grep "${FULLTYPE}_id=\"oval:[[:digit:]]\+:${TYPE}:${ID}\"" $RESULTS`
|
|
Packit Service |
569379 |
OVAL_ID=`echo ${CON_ITEM} | grep -o "oval:[[:digit:]]\+:${TYPE}:${ID}"`
|
|
Packit Service |
569379 |
if (echo $RES_ITEM | grep "result=\"true\"") >/dev/null; then
|
|
Packit Service |
569379 |
RES="TRUE"
|
|
Packit Service |
569379 |
elif (echo $RES_ITEM | grep "result=\"false\"" >/dev/null); then
|
|
Packit Service |
569379 |
RES="FALSE"
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
RES="ERROR"
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if (echo $CON_ITEM | grep "comment=\"true\"" >/dev/null); then
|
|
Packit Service |
569379 |
CMT="TRUE"
|
|
Packit Service |
569379 |
elif (echo $CON_ITEM | grep "comment=\"false\"" >/dev/null); then
|
|
Packit Service |
569379 |
CMT="FALSE"
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
CMT="ERROR"
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
if [ ! $RES = $CMT ]; then
|
|
Packit Service |
569379 |
echo "Result of ${OVAL_ID} should be ${CMT} and is ${RES}"
|
|
Packit Service |
569379 |
ret_val=$(($ret_val + 1))
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
ID=$(($ID+1))
|
|
Packit Service |
569379 |
done
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
return $([ $ret_val -eq 0 ])
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
assert_exists() {
|
|
Packit Service |
569379 |
real_cnt="$($XPATH $result 'count('"$2"')' 2>/dev/null)"
|
|
Packit Service |
569379 |
if [ "$real_cnt" != "$1" ]; then
|
|
Packit Service |
569379 |
echo "Failed: expected count: $1, real count: $real_cnt, xpath: '$2'"
|
|
Packit Service |
569379 |
return 1
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# $1: The chroot directory
|
|
Packit Service |
569379 |
set_chroot_offline_test_mode() {
|
|
Packit Service |
569379 |
if test -n "$_OSCAP_BEFORE"; then
|
|
Packit Service |
569379 |
echo "Already in offline test mode!" >&2
|
|
Packit Service |
569379 |
return
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
if test -x "$OSCAP_CHROOTABLE_EXEC"; then
|
|
Packit Service |
569379 |
if ! getcap "$OSCAP_CHROOTABLE_EXEC" | grep -q 'cap_sys_chroot+ep'; then
|
|
Packit Service |
569379 |
echo "Skipping test '${FUNCNAME[1]}' as '$OSCAP_CHROOTABLE_EXEC' doesn't have the chroot capability." >&2
|
|
Packit Service |
569379 |
return 255
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
_OSCAP_BEFORE="$OSCAP"
|
|
Packit Service |
569379 |
OSCAP="$OSCAP_CHROOTABLE"
|
|
Packit Service |
569379 |
elif test $(id -u) -eq 0; then
|
|
Packit Service |
569379 |
: # Running offline tests as root is acceptable too
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
echo "Skipping test '${FUNCNAME[1]}' as '$OSCAP_CHROOTABLE_EXEC' oscap which is supposed to have chroot capability doesn't exist." >&2
|
|
Packit Service |
569379 |
return 255
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
set_offline_chroot_dir "$1"
|
|
Packit Service |
569379 |
return 0
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
# $1: The chroot directory. If empty, unset the OSCAP_PROBE_ROOT variable
|
|
Packit Service |
569379 |
set_offline_chroot_dir() {
|
|
Packit Service |
569379 |
if test -n "$1"; then
|
|
Packit Service |
569379 |
export OSCAP_PROBE_ROOT="$1"
|
|
Packit Service |
569379 |
else
|
|
Packit Service |
569379 |
unset OSCAP_PROBE_ROOT
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
unset_chroot_offline_test_mode() {
|
|
Packit Service |
569379 |
if test -n "$_OSCAP_BEFORE"; then
|
|
Packit Service |
569379 |
OSCAP="$_OSCAP_BEFORE"
|
|
Packit Service |
569379 |
_OSCAP_BEFORE=
|
|
Packit Service |
569379 |
fi
|
|
Packit Service |
569379 |
set_offline_chroot_dir ""
|
|
Packit Service |
569379 |
}
|
|
Packit Service |
569379 |
|
|
Packit Service |
569379 |
export -f assert_exists
|