|
Packit |
792a06 |
#
|
|
Packit |
792a06 |
# Copyright (C) 2013 Red Hat, Inc.
|
|
Packit |
792a06 |
#
|
|
Packit |
792a06 |
# This copyrighted material is made available to anyone wishing to use,
|
|
Packit |
792a06 |
# modify, copy, or redistribute it subject to the terms and conditions of
|
|
Packit |
792a06 |
# the GNU General Public License v.2, or (at your option) any later version.
|
|
Packit |
792a06 |
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit |
792a06 |
# ANY WARRANTY expressed or implied, including the implied warranties of
|
|
Packit |
792a06 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
|
Packit |
792a06 |
# Public License for more details. You should have received a copy of the
|
|
Packit |
792a06 |
# GNU General Public License along with this program; if not, write to the
|
|
Packit |
792a06 |
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
792a06 |
# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the
|
|
Packit |
792a06 |
# source code or documentation are not subject to the GNU General Public
|
|
Packit |
792a06 |
# License and may only be used or replicated with the express permission of
|
|
Packit |
792a06 |
# Red Hat, Inc.
|
|
Packit |
792a06 |
#
|
|
Packit |
792a06 |
# Red Hat Author(s): Vratislav Podzimek <vpodzime@redhat.com>
|
|
Packit |
792a06 |
#
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
"""Module with unit tests for the common.py module"""
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
import os
|
|
Packit |
792a06 |
import mock
|
|
Packit |
792a06 |
import shutil
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
import pytest
|
|
Packit |
792a06 |
import tempfile
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
from org_fedora_oscap import common
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
TESTING_FILES_PATH = os.path.join(
|
|
Packit |
792a06 |
os.path.dirname(__file__), os.path.pardir, "testing_files")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
@pytest.fixture()
|
|
Packit |
792a06 |
def mock_subprocess():
|
|
Packit |
792a06 |
mock_subprocess = mock.Mock()
|
|
Packit |
792a06 |
mock_subprocess.Popen = mock.Mock()
|
|
Packit |
792a06 |
mock_popen = mock.Mock()
|
|
Packit |
792a06 |
mock_communicate = mock.Mock()
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
mock_communicate.return_value = (b"", b"")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
mock_popen.communicate = mock_communicate
|
|
Packit |
792a06 |
mock_popen.returncode = 0
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
mock_subprocess.Popen.return_value = mock_popen
|
|
Packit |
792a06 |
mock_subprocess.PIPE = mock.Mock()
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
return mock_subprocess
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def mock_run_remediate(mock_subprocess, monkeypatch):
|
|
Packit |
792a06 |
mock_utils = mock.Mock()
|
|
Packit |
792a06 |
mock_utils.ensure_dir_exists = mock.Mock()
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
common_module_symbols = common.__dict__
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
monkeypatch.setitem(common_module_symbols, "subprocess", mock_subprocess)
|
|
Packit |
792a06 |
monkeypatch.setitem(common_module_symbols, "utils", mock_utils)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def _run_oscap(mock_subprocess, additional_args):
|
|
Packit |
792a06 |
expected_args = [
|
|
Packit |
792a06 |
"oscap", "xccdf", "eval", "--remediate",
|
|
Packit |
792a06 |
"--results=%s" % common.RESULTS_PATH,
|
|
Packit |
792a06 |
"--report=%s" % common.REPORT_PATH,
|
|
Packit |
792a06 |
"--profile=myprofile",
|
|
Packit |
792a06 |
]
|
|
Packit |
792a06 |
expected_args.extend(additional_args)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
kwargs = {
|
|
Packit |
792a06 |
"stdout": mock_subprocess.PIPE,
|
|
Packit |
792a06 |
"stderr": mock_subprocess.PIPE,
|
|
Packit |
792a06 |
}
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
return expected_args, kwargs
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_run_oscap_remediate_profile_only(mock_subprocess, monkeypatch):
|
|
Packit |
792a06 |
return run_oscap_remediate_profile(
|
|
Packit |
792a06 |
mock_subprocess, monkeypatch,
|
|
Packit |
792a06 |
["myprofile", "my_ds.xml"],
|
|
Packit |
792a06 |
["my_ds.xml"])
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_run_oscap_remediate_with_ds(mock_subprocess, monkeypatch):
|
|
Packit |
792a06 |
return run_oscap_remediate_profile(
|
|
Packit |
792a06 |
mock_subprocess, monkeypatch,
|
|
Packit |
792a06 |
["myprofile", "my_ds.xml", "my_ds_id"],
|
|
Packit |
792a06 |
["--datastream-id=my_ds_id", "my_ds.xml"])
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_run_oscap_remediate_with_ds_xccdf(mock_subprocess, monkeypatch):
|
|
Packit |
792a06 |
return run_oscap_remediate_profile(
|
|
Packit |
792a06 |
mock_subprocess, monkeypatch,
|
|
Packit |
792a06 |
["myprofile", "my_ds.xml", "my_ds_id", "my_xccdf_id"],
|
|
Packit |
792a06 |
["--datastream-id=my_ds_id", "--xccdf-id=my_xccdf_id", "my_ds.xml"])
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def run_oscap_remediate_profile(
|
|
Packit |
792a06 |
mock_subprocess, monkeypatch,
|
|
Packit |
792a06 |
anaconda_remediate_args, oscap_remediate_args):
|
|
Packit |
792a06 |
mock_run_remediate(mock_subprocess, monkeypatch)
|
|
Packit |
792a06 |
common.run_oscap_remediate(* anaconda_remediate_args)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
expected_args = [
|
|
Packit |
792a06 |
"oscap", "xccdf", "eval", "--remediate",
|
|
Packit |
792a06 |
"--results=%s" % common.RESULTS_PATH,
|
|
Packit |
792a06 |
"--report=%s" % common.REPORT_PATH,
|
|
Packit |
792a06 |
"--profile=myprofile",
|
|
Packit |
792a06 |
]
|
|
Packit |
792a06 |
expected_args.extend(oscap_remediate_args)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
kwargs = {
|
|
Packit |
792a06 |
"stdout": mock_subprocess.PIPE,
|
|
Packit |
792a06 |
"stderr": mock_subprocess.PIPE,
|
|
Packit |
792a06 |
}
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
# it's impossible to check the preexec_func as it is an internal
|
|
Packit |
792a06 |
# function of the run_oscap_remediate function
|
|
Packit |
792a06 |
for arg in expected_args:
|
|
Packit |
792a06 |
assert arg in mock_subprocess.Popen.call_args[0][0]
|
|
Packit |
792a06 |
mock_subprocess.Popen.call_args[0][0].remove(arg)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
# nothing else should have been passed
|
|
Packit |
792a06 |
assert not mock_subprocess.Popen.call_args[0][0]
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
for (key, val) in kwargs.items():
|
|
Packit |
792a06 |
assert kwargs[key] == mock_subprocess.Popen.call_args[1].pop(key)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
# plus the preexec_fn kwarg should have been passed
|
|
Packit |
792a06 |
assert "preexec_fn" in mock_subprocess.Popen.call_args[1]
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_run_oscap_remediate_create_dir(mock_subprocess, monkeypatch):
|
|
Packit |
792a06 |
mock_run_remediate(mock_subprocess, monkeypatch)
|
|
Packit |
792a06 |
common.run_oscap_remediate("myprofile", "my_ds.xml")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
common.utils.ensure_dir_exists.assert_called_with(
|
|
Packit |
792a06 |
os.path.dirname(common.RESULTS_PATH))
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_run_oscap_remediate_create_chroot_dir(mock_subprocess, monkeypatch):
|
|
Packit |
792a06 |
mock_run_remediate(mock_subprocess, monkeypatch)
|
|
Packit |
792a06 |
common.run_oscap_remediate("myprofile", "my_ds.xml", chroot="/mnt/test")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
chroot_dir = "/mnt/test" + os.path.dirname(common.RESULTS_PATH)
|
|
Packit |
792a06 |
common.utils.ensure_dir_exists.assert_called_with(chroot_dir)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
rpm_ssg_file_list = [
|
|
Packit |
792a06 |
"/usr/share/doc/scap-security-guide/Contributors.md",
|
|
Packit |
792a06 |
"/usr/share/doc/scap-security-guide/LICENSE",
|
|
Packit |
792a06 |
"/usr/share/doc/scap-security-guide/README.md",
|
|
Packit |
792a06 |
"/usr/share/man/man8/scap-security-guide.8.gz",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/ansible",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-default.yml",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-ospp.yml",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-pci-dss.yml",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-standard.yml",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/bash",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/bash/ssg-fedora-role-default.sh",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/bash/ssg-fedora-role-ospp.sh",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/bash/ssg-fedora-role-pci-dss.sh",
|
|
Packit |
792a06 |
"/usr/share/scap-security-guide/bash/ssg-fedora-role-standard.sh",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg/content",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg/content/ssg-fedora-cpe-dictionary.xml",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg/content/ssg-fedora-cpe-oval.xml",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg/content/ssg-fedora-oval.xml",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml",
|
|
Packit |
792a06 |
]
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_extract_ssg_rpm():
|
|
Packit |
792a06 |
temp_path = tempfile.mkdtemp(prefix="rpm")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
extracted_files = common._extract_rpm(
|
|
Packit |
792a06 |
TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
|
|
Packit |
792a06 |
temp_path)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
assert len(rpm_ssg_file_list) == len(extracted_files)
|
|
Packit |
792a06 |
for rpm_file in rpm_ssg_file_list:
|
|
Packit |
792a06 |
assert temp_path + rpm_file in extracted_files
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
shutil.rmtree(temp_path)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_extract_ssg_rpm_ensure_filepath_there():
|
|
Packit |
792a06 |
temp_path = tempfile.mkdtemp(prefix="rpm")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
extracted_files = common._extract_rpm(
|
|
Packit |
792a06 |
TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
|
|
Packit |
792a06 |
temp_path,
|
|
Packit |
792a06 |
["/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml"])
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
assert len(rpm_ssg_file_list) == len(extracted_files)
|
|
Packit |
792a06 |
for rpm_file in rpm_ssg_file_list:
|
|
Packit |
792a06 |
assert temp_path + rpm_file in extracted_files
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
shutil.rmtree(temp_path)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_extract_ssg_rpm_ensure_filepath_not_there():
|
|
Packit |
792a06 |
temp_path = tempfile.mkdtemp(prefix="rpm")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
with pytest.raises(common.ExtractionError) as excinfo:
|
|
Packit |
792a06 |
extracted_files = common._extract_rpm(
|
|
Packit |
792a06 |
TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
|
|
Packit |
792a06 |
temp_path,
|
|
Packit |
792a06 |
["/usr/share/xml/scap/ssg/content/ssg-fedora-content.xml"])
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
assert "File '/usr/share/xml/scap/ssg/content/ssg-fedora-content.xml' "\
|
|
Packit |
792a06 |
"not found in the archive" in str(excinfo.value)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
shutil.rmtree(temp_path)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
rpm_tailoring_file_list = [
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg-fedora-ds-tailoring/ssg-fedora-ds.xml",
|
|
Packit |
792a06 |
"/usr/share/xml/scap/ssg-fedora-ds-tailoring/tailoring-xccdf.xml",
|
|
Packit |
792a06 |
]
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_extract_tailoring_rpm():
|
|
Packit |
792a06 |
temp_path = tempfile.mkdtemp(prefix="rpm")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
extracted_files = common._extract_rpm(
|
|
Packit |
792a06 |
TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
|
|
Packit |
792a06 |
temp_path)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
assert len(rpm_tailoring_file_list) == len(extracted_files)
|
|
Packit |
792a06 |
for rpm_file in rpm_tailoring_file_list:
|
|
Packit |
792a06 |
assert temp_path + rpm_file in extracted_files
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
shutil.rmtree(temp_path)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_extract_tailoring_rpm_ensure_filepath_there():
|
|
Packit |
792a06 |
temp_path = tempfile.mkdtemp(prefix="rpm")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
extracted_files = common._extract_rpm(
|
|
Packit |
792a06 |
TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
|
|
Packit |
792a06 |
temp_path,
|
|
Packit |
792a06 |
["/usr/share/xml/scap/ssg-fedora-ds-tailoring/ssg-fedora-ds.xml"])
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
assert len(rpm_tailoring_file_list) == len(extracted_files)
|
|
Packit |
792a06 |
for rpm_file in rpm_tailoring_file_list:
|
|
Packit |
792a06 |
assert temp_path + rpm_file in extracted_files
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
shutil.rmtree(temp_path)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
def test_extract_tailoring_rpm_ensure_filename_there():
|
|
Packit |
792a06 |
temp_path = tempfile.mkdtemp(prefix="rpm")
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
with pytest.raises(common.ExtractionError) as excinfo:
|
|
Packit |
792a06 |
extracted_files = common._extract_rpm(
|
|
Packit |
792a06 |
TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
|
|
Packit |
792a06 |
temp_path,
|
|
Packit |
792a06 |
["ssg-fedora-ds.xml"])
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
assert "File 'ssg-fedora-ds.xml' not found in the archive" \
|
|
Packit |
792a06 |
in str(excinfo.value)
|
|
Packit |
792a06 |
|
|
Packit |
792a06 |
shutil.rmtree(temp_path)
|