#
# Copyright (C) 2013 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# the GNU General Public License v.2, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY expressed or implied, including the implied warranties of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details. You should have received a copy of the
# GNU General Public License along with this program; if not, write to the
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the
# source code or documentation are not subject to the GNU General Public
# License and may only be used or replicated with the express permission of
# Red Hat, Inc.
#
# Red Hat Author(s): Vratislav Podzimek <vpodzime@redhat.com>
#
"""Module with unit tests for the common.py module"""
import os
import mock
import shutil
import pytest
import tempfile
from org_fedora_oscap import common
TESTING_FILES_PATH = os.path.join(
os.path.dirname(__file__), os.path.pardir, "testing_files")
@pytest.fixture()
def mock_subprocess():
mock_subprocess = mock.Mock()
mock_subprocess.Popen = mock.Mock()
mock_popen = mock.Mock()
mock_communicate = mock.Mock()
mock_communicate.return_value = (b"", b"")
mock_popen.communicate = mock_communicate
mock_popen.returncode = 0
mock_subprocess.Popen.return_value = mock_popen
mock_subprocess.PIPE = mock.Mock()
return mock_subprocess
def mock_run_remediate(mock_subprocess, monkeypatch):
mock_utils = mock.Mock()
mock_utils.ensure_dir_exists = mock.Mock()
common_module_symbols = common.__dict__
monkeypatch.setitem(common_module_symbols, "subprocess", mock_subprocess)
monkeypatch.setitem(common_module_symbols, "utils", mock_utils)
def _run_oscap(mock_subprocess, additional_args):
expected_args = [
"oscap", "xccdf", "eval", "--remediate",
"--results=%s" % common.RESULTS_PATH,
"--report=%s" % common.REPORT_PATH,
"--profile=myprofile",
]
expected_args.extend(additional_args)
kwargs = {
"stdout": mock_subprocess.PIPE,
"stderr": mock_subprocess.PIPE,
}
return expected_args, kwargs
def test_run_oscap_remediate_profile_only(mock_subprocess, monkeypatch):
return run_oscap_remediate_profile(
mock_subprocess, monkeypatch,
["myprofile", "my_ds.xml"],
["my_ds.xml"])
def test_run_oscap_remediate_with_ds(mock_subprocess, monkeypatch):
return run_oscap_remediate_profile(
mock_subprocess, monkeypatch,
["myprofile", "my_ds.xml", "my_ds_id"],
["--datastream-id=my_ds_id", "my_ds.xml"])
def test_run_oscap_remediate_with_ds_xccdf(mock_subprocess, monkeypatch):
return run_oscap_remediate_profile(
mock_subprocess, monkeypatch,
["myprofile", "my_ds.xml", "my_ds_id", "my_xccdf_id"],
["--datastream-id=my_ds_id", "--xccdf-id=my_xccdf_id", "my_ds.xml"])
def run_oscap_remediate_profile(
mock_subprocess, monkeypatch,
anaconda_remediate_args, oscap_remediate_args):
mock_run_remediate(mock_subprocess, monkeypatch)
common.run_oscap_remediate(* anaconda_remediate_args)
expected_args = [
"oscap", "xccdf", "eval", "--remediate",
"--results=%s" % common.RESULTS_PATH,
"--report=%s" % common.REPORT_PATH,
"--profile=myprofile",
]
expected_args.extend(oscap_remediate_args)
kwargs = {
"stdout": mock_subprocess.PIPE,
"stderr": mock_subprocess.PIPE,
}
# it's impossible to check the preexec_func as it is an internal
# function of the run_oscap_remediate function
for arg in expected_args:
assert arg in mock_subprocess.Popen.call_args[0][0]
mock_subprocess.Popen.call_args[0][0].remove(arg)
# nothing else should have been passed
assert not mock_subprocess.Popen.call_args[0][0]
for (key, val) in kwargs.items():
assert kwargs[key] == mock_subprocess.Popen.call_args[1].pop(key)
# plus the preexec_fn kwarg should have been passed
assert "preexec_fn" in mock_subprocess.Popen.call_args[1]
def test_run_oscap_remediate_create_dir(mock_subprocess, monkeypatch):
mock_run_remediate(mock_subprocess, monkeypatch)
common.run_oscap_remediate("myprofile", "my_ds.xml")
common.utils.ensure_dir_exists.assert_called_with(
os.path.dirname(common.RESULTS_PATH))
def test_run_oscap_remediate_create_chroot_dir(mock_subprocess, monkeypatch):
mock_run_remediate(mock_subprocess, monkeypatch)
common.run_oscap_remediate("myprofile", "my_ds.xml", chroot="/mnt/test")
chroot_dir = "/mnt/test" + os.path.dirname(common.RESULTS_PATH)
common.utils.ensure_dir_exists.assert_called_with(chroot_dir)
rpm_ssg_file_list = [
"/usr/share/doc/scap-security-guide/Contributors.md",
"/usr/share/doc/scap-security-guide/LICENSE",
"/usr/share/doc/scap-security-guide/README.md",
"/usr/share/man/man8/scap-security-guide.8.gz",
"/usr/share/scap-security-guide/ansible",
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-default.yml",
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-ospp.yml",
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-pci-dss.yml",
"/usr/share/scap-security-guide/ansible/ssg-fedora-role-standard.yml",
"/usr/share/scap-security-guide/bash",
"/usr/share/scap-security-guide/bash/ssg-fedora-role-default.sh",
"/usr/share/scap-security-guide/bash/ssg-fedora-role-ospp.sh",
"/usr/share/scap-security-guide/bash/ssg-fedora-role-pci-dss.sh",
"/usr/share/scap-security-guide/bash/ssg-fedora-role-standard.sh",
"/usr/share/xml/scap/ssg/content",
"/usr/share/xml/scap/ssg/content/ssg-fedora-cpe-dictionary.xml",
"/usr/share/xml/scap/ssg/content/ssg-fedora-cpe-oval.xml",
"/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml",
"/usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml",
"/usr/share/xml/scap/ssg/content/ssg-fedora-oval.xml",
"/usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml",
]
def test_extract_ssg_rpm():
temp_path = tempfile.mkdtemp(prefix="rpm")
extracted_files = common._extract_rpm(
TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
temp_path)
assert len(rpm_ssg_file_list) == len(extracted_files)
for rpm_file in rpm_ssg_file_list:
assert temp_path + rpm_file in extracted_files
shutil.rmtree(temp_path)
def test_extract_ssg_rpm_ensure_filepath_there():
temp_path = tempfile.mkdtemp(prefix="rpm")
extracted_files = common._extract_rpm(
TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
temp_path,
["/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml"])
assert len(rpm_ssg_file_list) == len(extracted_files)
for rpm_file in rpm_ssg_file_list:
assert temp_path + rpm_file in extracted_files
shutil.rmtree(temp_path)
def test_extract_ssg_rpm_ensure_filepath_not_there():
temp_path = tempfile.mkdtemp(prefix="rpm")
with pytest.raises(common.ExtractionError) as excinfo:
extracted_files = common._extract_rpm(
TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
temp_path,
["/usr/share/xml/scap/ssg/content/ssg-fedora-content.xml"])
assert "File '/usr/share/xml/scap/ssg/content/ssg-fedora-content.xml' "\
"not found in the archive" in str(excinfo.value)
shutil.rmtree(temp_path)
rpm_tailoring_file_list = [
"/usr/share/xml/scap/ssg-fedora-ds-tailoring/ssg-fedora-ds.xml",
"/usr/share/xml/scap/ssg-fedora-ds-tailoring/tailoring-xccdf.xml",
]
def test_extract_tailoring_rpm():
temp_path = tempfile.mkdtemp(prefix="rpm")
extracted_files = common._extract_rpm(
TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
temp_path)
assert len(rpm_tailoring_file_list) == len(extracted_files)
for rpm_file in rpm_tailoring_file_list:
assert temp_path + rpm_file in extracted_files
shutil.rmtree(temp_path)
def test_extract_tailoring_rpm_ensure_filepath_there():
temp_path = tempfile.mkdtemp(prefix="rpm")
extracted_files = common._extract_rpm(
TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
temp_path,
["/usr/share/xml/scap/ssg-fedora-ds-tailoring/ssg-fedora-ds.xml"])
assert len(rpm_tailoring_file_list) == len(extracted_files)
for rpm_file in rpm_tailoring_file_list:
assert temp_path + rpm_file in extracted_files
shutil.rmtree(temp_path)
def test_extract_tailoring_rpm_ensure_filename_there():
temp_path = tempfile.mkdtemp(prefix="rpm")
with pytest.raises(common.ExtractionError) as excinfo:
extracted_files = common._extract_rpm(
TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
temp_path,
["ssg-fedora-ds.xml"])
assert "File 'ssg-fedora-ds.xml' not found in the archive" \
in str(excinfo.value)
shutil.rmtree(temp_path)