adamwill / rpms / openscap

Forked from rpms/openscap 4 years ago
Clone

Blame SOURCES/openscap-1.2.17-filehash58_probe_test.patch

61636c
diff --git a/tests/probes/filehash58/check_filehash_simple.xml b/tests/probes/filehash58/check_filehash_simple.xml
61636c
new file mode 100644
61636c
index 000000000..2f6fa877e
61636c
--- /dev/null
61636c
+++ b/tests/probes/filehash58/check_filehash_simple.xml
61636c
@@ -0,0 +1,40 @@
61636c
+<ns0:oval_definitions xmlns:ns0="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ns2="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:ns3="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:ns4="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:ns5="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
61636c
+  <ns0:generator>
61636c
+    <ns2:product_name>combine_ovals.py from SCAP Security Guide</ns2:product_name>
61636c
+    <ns2:product_version>ssg: [0, 1, 40], python: 3.6.5</ns2:product_version>
61636c
+    <ns2:schema_version>5.11</ns2:schema_version>
61636c
+    <ns2:timestamp>2018-07-20T09:33:24</ns2:timestamp>
61636c
+  </ns0:generator>
61636c
+  <ns0:definitions>
61636c
+    <ns0:definition class="compliance" id="oval:ssg-oval_test_has_hash:def:1" version="1">
61636c
+      <ns0:metadata>
61636c
+        <ns0:title>Verify that hash of a file that should contain just "foo\n".</ns0:title>
61636c
+        <ns0:affected family="unix">
61636c
+          <ns0:platform>Red Hat Enterprise Linux 7</ns0:platform>
61636c
+        </ns0:affected>
61636c
+        <ns0:description>This description in OVALs is mandatory, but the most important is to have description in XCCDF.</ns0:description>
61636c
+      <reference ref_id="oval_test_has_hash" source="ssg" /></ns0:metadata>
61636c
+      <ns0:criteria>
61636c
+        <ns0:criterion comment="Check file hash of /oval-test" test_ref="oval:ssg-oval_test_hash_matches:tst:1" />
61636c
+      </ns0:criteria>
61636c
+    </ns0:definition>
61636c
+  </ns0:definitions>
61636c
+  <ns0:tests>
61636c
+    <ns3:filehash58_test check="all" comment="-" id="oval:ssg-oval_test_hash_matches:tst:1" version="1">
61636c
+      <ns3:object object_ref="oval:ssg-concerned_file:obj:1" />
61636c
+      <ns3:state state_ref="oval:ssg-hash_value:ste:1" />
61636c
+    </ns3:filehash58_test>
61636c
+  </ns0:tests>
61636c
+  <ns0:objects>
61636c
+    <ns3:filehash58_object id="oval:ssg-concerned_file:obj:1" version="1">
61636c
+      <ns3:filepath>/oval-test</ns3:filepath>
61636c
+      <ns3:hash_type>SHA-1</ns3:hash_type>
61636c
+    </ns3:filehash58_object>
61636c
+  </ns0:objects>
61636c
+  <ns0:states>
61636c
+    <ns3:filehash58_state id="oval:ssg-hash_value:ste:1" version="1">
61636c
+      <ns3:hash_type>SHA-1</ns3:hash_type>
61636c
+      <ns3:hash>f1d2d2f924e986ac86fdf7b36c94bcdf32beec15</ns3:hash>
61636c
+    </ns3:filehash58_state>
61636c
+  </ns0:states>
61636c
+</ns0:oval_definitions>
61636c
diff -r -U3 op0/tests/probes/filehash58/Makefile.in op1/tests/probes/filehash58/Makefile.in
61636c
--- op0/tests/probes/filehash58/Makefile.in	2018-08-14 10:45:06.065438575 +0200
61636c
+++ op1/tests/probes/filehash58/Makefile.in	2018-08-14 10:53:57.248937836 +0200
61636c
@@ -1106,7 +1106,7 @@
61636c
 		$(top_builddir)/run
61636c
 
61636c
 TESTS = test_probes_filehash58.sh
61636c
-EXTRA_DIST = test_probes_filehash58.sh test_probes_filehash58.xml.sh
61636c
+EXTRA_DIST = test_probes_filehash58.sh test_probes_filehash58.xml.sh check_filehash_simple.xml
61636c
 all: all-am
61636c
 
61636c
 .SUFFIXES:
61636c
diff -r -U3 op0/tests/probes/filehash58/test_probes_filehash58.sh op1/tests/probes/filehash58/test_probes_filehash58.sh
61636c
--- op0/tests/probes/filehash58/test_probes_filehash58.sh	2018-08-14 10:36:09.914512125 +0200
61636c
+++ op1/tests/probes/filehash58/test_probes_filehash58.sh	2018-08-14 10:53:32.366536647 +0200
61636c
@@ -38,15 +38,69 @@
61636c
 	ret_val=1
61636c
     fi
61636c
 
61636c
+    # The file was created as a side-effect of test_probes_filehash58.xml.sh
61636c
     [ $ret_val -eq 0 ] && rm -f /tmp/test_probes_filehash58.tmp
61636c
 
61636c
     return $ret_val
61636c
 }
61636c
 
61636c
+
61636c
+# $1: The chroot directory
61636c
+function test_probes_filehash58_chroot {
61636c
+
61636c
+    probecheck "filehash58" || return 255
61636c
+    require "sha1sum" || return 255
61636c
+
61636c
+    local ret_val=0;
61636c
+    local DF="$srcdir/check_filehash_simple.xml"
61636c
+
61636c
+    absolute_probe_root=$(cd "$1" && pwd)
61636c
+
61636c
+    # oscap-chroot is not readily available during test run, so we use oscap + env var setting.
61636c
+    result_keyword=$(OSCAP_PROBE_ROOT="$absolute_probe_root" "$OSCAP" oval eval "$DF" | grep oval_test_has_hash | grep -o '\w*$')
61636c
+    
61636c
+    [ "$result_keyword" == "$2" ] && return 0
61636c
+    # vvv This is more a test error than a failure or "warning" vvv
61636c
+    [ "$result_keyword" == "" ] && return 2
61636c
+    return 1
61636c
+}
61636c
+
61636c
+
61636c
+function test_probes_filehash58_chroot_pass {
61636c
+	local ret_val=0
61636c
+
61636c
+	mkdir -p pass
61636c
+	echo foo > pass/oval-test
61636c
+
61636c
+	test_probes_filehash58_chroot pass true
61636c
+	ret_val=$?
61636c
+	rm -rf pass
61636c
+
61636c
+	return $ret_val
61636c
+}
61636c
+
61636c
+
61636c
+function test_probes_filehash58_chroot_fail {
61636c
+	local ret_val=0
61636c
+
61636c
+	mkdir -p fail
61636c
+	echo bar > fail/oval-test
61636c
+
61636c
+	test_probes_filehash58_chroot fail false
61636c
+	ret_val=$?
61636c
+	rm -rf fail
61636c
+
61636c
+	return $ret_val
61636c
+}
61636c
+
61636c
 # Testing.
61636c
 
61636c
 test_init "test_probes_filehash58.log"
61636c
 
61636c
 test_run "test_probes_filehash58" test_probes_filehash58
61636c
 
61636c
+test_run "test_probes_filehash58_chroot_fail" test_probes_filehash58_chroot_fail
61636c
+
61636c
+test_run "test_probes_filehash58_chroot_pass" test_probes_filehash58_chroot_pass
61636c
+
61636c
 test_exit