source-git / oscap-anaconda-addon

Clone
Source Code
GIT

Files

  1.   b7d9adec2f4014555123a7c66526abfb2019b7bc
  2.   tests
  3.   test_common.py
Blob Blame History Raw 
#
# Copyright (C) 2013  Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# the GNU General Public License v.2, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY expressed or implied, including the implied warranties of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
# Public License for more details.  You should have received a copy of the
# GNU General Public License along with this program; if not, write to the
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.  Any Red Hat trademarks that are incorporated in the
# source code or documentation are not subject to the GNU General Public
# License and may only be used or replicated with the express permission of
# Red Hat, Inc.
#
# Red Hat Author(s): Vratislav Podzimek <vpodzime@redhat.com>
#

"""Module with unit tests for the common.py module"""

import os
import mock
import shutil

import pytest
import tempfile

from org_fedora_oscap import common

TESTING_FILES_PATH = os.path.join(
    os.path.dirname(__file__), os.path.pardir, "testing_files")

@pytest.fixture()
def mock_subprocess():
    mock_subprocess = mock.Mock()
    mock_subprocess.Popen = mock.Mock()
    mock_popen = mock.Mock()
    mock_communicate = mock.Mock()

    mock_communicate.return_value = (b"", b"")

    mock_popen.communicate = mock_communicate
    mock_popen.returncode = 0

    mock_subprocess.Popen.return_value = mock_popen
    mock_subprocess.PIPE = mock.Mock()

    return mock_subprocess


def mock_run_remediate(mock_subprocess, monkeypatch):
    mock_utils = mock.Mock()
    mock_utils.ensure_dir_exists = mock.Mock()

    common_module_symbols = common.__dict__

    monkeypatch.setitem(common_module_symbols, "subprocess", mock_subprocess)
    monkeypatch.setitem(common_module_symbols, "utils", mock_utils)


def _run_oscap(mock_subprocess, additional_args):
    expected_args = [
        "oscap", "xccdf", "eval", "--remediate",
        "--results=%s" % common.RESULTS_PATH,
        "--report=%s" % common.REPORT_PATH,
        "--profile=myprofile",
    ]
    expected_args.extend(additional_args)

    kwargs = {
        "stdout": mock_subprocess.PIPE,
        "stderr": mock_subprocess.PIPE,
    }

    return expected_args, kwargs


def test_run_oscap_remediate_profile_only(mock_subprocess, monkeypatch):
    return run_oscap_remediate_profile(
        mock_subprocess, monkeypatch,
        ["myprofile", "my_ds.xml"],
        ["my_ds.xml"])


def test_run_oscap_remediate_with_ds(mock_subprocess, monkeypatch):
    return run_oscap_remediate_profile(
        mock_subprocess, monkeypatch,
        ["myprofile", "my_ds.xml", "my_ds_id"],
        ["--datastream-id=my_ds_id", "my_ds.xml"])


def test_run_oscap_remediate_with_ds_xccdf(mock_subprocess, monkeypatch):
    return run_oscap_remediate_profile(
        mock_subprocess, monkeypatch,
        ["myprofile", "my_ds.xml", "my_ds_id", "my_xccdf_id"],
        ["--datastream-id=my_ds_id", "--xccdf-id=my_xccdf_id", "my_ds.xml"])


def run_oscap_remediate_profile(
        mock_subprocess, monkeypatch,
        anaconda_remediate_args, oscap_remediate_args):
    mock_run_remediate(mock_subprocess, monkeypatch)
    common.run_oscap_remediate(* anaconda_remediate_args)

    expected_args = [
        "oscap", "xccdf", "eval", "--remediate",
        "--results=%s" % common.RESULTS_PATH,
        "--report=%s" % common.REPORT_PATH,
        "--profile=myprofile",
    ]
    expected_args.extend(oscap_remediate_args)

    kwargs = {
        "stdout": mock_subprocess.PIPE,
        "stderr": mock_subprocess.PIPE,
    }

    # it's impossible to check the preexec_func as it is an internal
    # function of the run_oscap_remediate function
    for arg in expected_args:
        assert arg in mock_subprocess.Popen.call_args[0][0]
        mock_subprocess.Popen.call_args[0][0].remove(arg)

    # nothing else should have been passed
    assert not mock_subprocess.Popen.call_args[0][0]

    for (key, val) in kwargs.items():
        assert kwargs[key] == mock_subprocess.Popen.call_args[1].pop(key)

    # plus the preexec_fn kwarg should have been passed
    assert "preexec_fn" in mock_subprocess.Popen.call_args[1]


def test_run_oscap_remediate_create_dir(mock_subprocess, monkeypatch):
    mock_run_remediate(mock_subprocess, monkeypatch)
    common.run_oscap_remediate("myprofile", "my_ds.xml")

    common.utils.ensure_dir_exists.assert_called_with(
        os.path.dirname(common.RESULTS_PATH))


def test_run_oscap_remediate_create_chroot_dir(mock_subprocess, monkeypatch):
    mock_run_remediate(mock_subprocess, monkeypatch)
    common.run_oscap_remediate("myprofile", "my_ds.xml", chroot="/mnt/test")

    chroot_dir = "/mnt/test" + os.path.dirname(common.RESULTS_PATH)
    common.utils.ensure_dir_exists.assert_called_with(chroot_dir)


rpm_ssg_file_list = [
    "/usr/share/doc/scap-security-guide/Contributors.md",
    "/usr/share/doc/scap-security-guide/LICENSE",
    "/usr/share/doc/scap-security-guide/README.md",
    "/usr/share/man/man8/scap-security-guide.8.gz",
    "/usr/share/scap-security-guide/ansible",
    "/usr/share/scap-security-guide/ansible/ssg-fedora-role-default.yml",
    "/usr/share/scap-security-guide/ansible/ssg-fedora-role-ospp.yml",
    "/usr/share/scap-security-guide/ansible/ssg-fedora-role-pci-dss.yml",
    "/usr/share/scap-security-guide/ansible/ssg-fedora-role-standard.yml",
    "/usr/share/scap-security-guide/bash",
    "/usr/share/scap-security-guide/bash/ssg-fedora-role-default.sh",
    "/usr/share/scap-security-guide/bash/ssg-fedora-role-ospp.sh",
    "/usr/share/scap-security-guide/bash/ssg-fedora-role-pci-dss.sh",
    "/usr/share/scap-security-guide/bash/ssg-fedora-role-standard.sh",
    "/usr/share/xml/scap/ssg/content",
    "/usr/share/xml/scap/ssg/content/ssg-fedora-cpe-dictionary.xml",
    "/usr/share/xml/scap/ssg/content/ssg-fedora-cpe-oval.xml",
    "/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml",
    "/usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml",
    "/usr/share/xml/scap/ssg/content/ssg-fedora-oval.xml",
    "/usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml",
    ]


def test_extract_ssg_rpm():
    temp_path = tempfile.mkdtemp(prefix="rpm")

    extracted_files = common._extract_rpm(
            TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
            temp_path)

    assert len(rpm_ssg_file_list) == len(extracted_files)
    for rpm_file in rpm_ssg_file_list:
        assert temp_path + rpm_file in extracted_files

    shutil.rmtree(temp_path)


def test_extract_ssg_rpm_ensure_filepath_there():
    temp_path = tempfile.mkdtemp(prefix="rpm")

    extracted_files = common._extract_rpm(
            TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
            temp_path,
            ["/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml"])

    assert len(rpm_ssg_file_list) == len(extracted_files)
    for rpm_file in rpm_ssg_file_list:
        assert temp_path + rpm_file in extracted_files

    shutil.rmtree(temp_path)


def test_extract_ssg_rpm_ensure_filepath_not_there():
    temp_path = tempfile.mkdtemp(prefix="rpm")

    with pytest.raises(common.ExtractionError) as excinfo:
        extracted_files = common._extract_rpm(
                TESTING_FILES_PATH + "/scap-security-guide.noarch.rpm",
                temp_path,
                ["/usr/share/xml/scap/ssg/content/ssg-fedora-content.xml"])

    assert "File '/usr/share/xml/scap/ssg/content/ssg-fedora-content.xml' "\
           "not found in the archive" in str(excinfo.value)

    shutil.rmtree(temp_path)


rpm_tailoring_file_list = [
    "/usr/share/xml/scap/ssg-fedora-ds-tailoring/ssg-fedora-ds.xml",
    "/usr/share/xml/scap/ssg-fedora-ds-tailoring/tailoring-xccdf.xml",
    ]


def test_extract_tailoring_rpm():
    temp_path = tempfile.mkdtemp(prefix="rpm")

    extracted_files = common._extract_rpm(
            TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
            temp_path)

    assert len(rpm_tailoring_file_list) == len(extracted_files)
    for rpm_file in rpm_tailoring_file_list:
        assert temp_path + rpm_file in extracted_files

    shutil.rmtree(temp_path)


def test_extract_tailoring_rpm_ensure_filepath_there():
    temp_path = tempfile.mkdtemp(prefix="rpm")

    extracted_files = common._extract_rpm(
            TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
            temp_path,
            ["/usr/share/xml/scap/ssg-fedora-ds-tailoring/ssg-fedora-ds.xml"])

    assert len(rpm_tailoring_file_list) == len(extracted_files)
    for rpm_file in rpm_tailoring_file_list:
        assert temp_path + rpm_file in extracted_files

    shutil.rmtree(temp_path)


def test_extract_tailoring_rpm_ensure_filename_there():
    temp_path = tempfile.mkdtemp(prefix="rpm")

    with pytest.raises(common.ExtractionError) as excinfo:
        extracted_files = common._extract_rpm(
                TESTING_FILES_PATH + "/ssg-fedora-ds-tailoring-1-1.noarch.rpm",
                temp_path,
                ["ssg-fedora-ds.xml"])

    assert "File 'ssg-fedora-ds.xml' not found in the archive" \
           in str(excinfo.value)

    shutil.rmtree(temp_path)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation