|
|
fa2dd6 |
From 8645604c8e5285c5b5bec538a50d3b4f6b13c9a5 Mon Sep 17 00:00:00 2001
|
|
|
fa2dd6 |
From: Matus Marhefka <mmarhefk@redhat.com>
|
|
|
fa2dd6 |
Date: Tue, 14 May 2019 15:38:50 +0200
|
|
|
fa2dd6 |
Subject: [PATCH] Add test for DS session and SCAP 1.3 remote resources
|
|
|
fa2dd6 |
|
|
|
fa2dd6 |
* Test for PR#1324 which verifies that DS session does not quit
|
|
|
fa2dd6 |
when SCAP 1.3 content contains remote component but
|
|
|
fa2dd6 |
`--fetch-remote-resources` option is not provided. The test is
|
|
|
fa2dd6 |
also extended to verify that scans utilizing SCAP 1.2 and 1.3
|
|
|
fa2dd6 |
datastreams produce the same results.
|
|
|
fa2dd6 |
---
|
|
|
fa2dd6 |
tests/DS/Makefile.am | 2 +
|
|
|
fa2dd6 |
.../remote_content_1.2.ds.xml | 87 ++++++++++++++++++
|
|
|
fa2dd6 |
.../remote_content_1.3.ds.xml | 89 +++++++++++++++++++
|
|
|
fa2dd6 |
tests/DS/test_ds.sh | 17 ++++
|
|
|
fa2dd6 |
4 files changed, 195 insertions(+)
|
|
|
fa2dd6 |
create mode 100644 tests/DS/ds_continue_without_remote_resources/remote_content_1.2.ds.xml
|
|
|
fa2dd6 |
create mode 100644 tests/DS/ds_continue_without_remote_resources/remote_content_1.3.ds.xml
|
|
|
fa2dd6 |
|
|
|
fa2dd6 |
diff --git a/tests/DS/Makefile.am b/tests/DS/Makefile.am
|
|
|
fa2dd6 |
index 616f24d24..ea742386d 100644
|
|
|
fa2dd6 |
--- a/tests/DS/Makefile.am
|
|
|
fa2dd6 |
+++ b/tests/DS/Makefile.am
|
|
|
fa2dd6 |
@@ -11,6 +11,8 @@ TESTS_ENVIRONMENT= \
|
|
|
fa2dd6 |
TESTS = test_ds.sh
|
|
|
fa2dd6 |
|
|
|
fa2dd6 |
EXTRA_DIST = test_ds.sh \
|
|
|
fa2dd6 |
+ ds_continue_without_remote_resources/remote_content_1.2.ds.xml \
|
|
|
fa2dd6 |
+ ds_continue_without_remote_resources/remote_content_1.3.ds.xml \
|
|
|
fa2dd6 |
eval_invalid/sds.xml \
|
|
|
fa2dd6 |
eval_invalid/sds-oval.xml \
|
|
|
fa2dd6 |
eval_simple/sds.xml \
|
|
|
fa2dd6 |
diff --git a/tests/DS/ds_continue_without_remote_resources/remote_content_1.2.ds.xml b/tests/DS/ds_continue_without_remote_resources/remote_content_1.2.ds.xml
|
|
|
fa2dd6 |
new file mode 100644
|
|
|
fa2dd6 |
index 000000000..31d4fc770
|
|
|
fa2dd6 |
--- /dev/null
|
|
|
fa2dd6 |
+++ b/tests/DS/ds_continue_without_remote_resources/remote_content_1.2.ds.xml
|
|
|
fa2dd6 |
@@ -0,0 +1,87 @@
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" id="scap_org.open-scap_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.2">
|
|
|
fa2dd6 |
+<ds:data-stream id="scap_org.open-scap_datastream_from_xccdf_test_single_rule.xccdf.xml" scap-version="1.2" use-case="OTHER">
|
|
|
fa2dd6 |
+ <ds:checklists>
|
|
|
fa2dd6 |
+ <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.xccdf.xml">
|
|
|
fa2dd6 |
+ <cat:catalog>
|
|
|
fa2dd6 |
+ <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.open-scap_cref_test_single_rule.oval.xml"/>
|
|
|
fa2dd6 |
+ </cat:catalog>
|
|
|
fa2dd6 |
+ </ds:component-ref>
|
|
|
fa2dd6 |
+ </ds:checklists>
|
|
|
fa2dd6 |
+ <ds:checks>
|
|
|
fa2dd6 |
+ <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.oval.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.oval.xml"/>
|
|
|
fa2dd6 |
+ </ds:checks>
|
|
|
fa2dd6 |
+</ds:data-stream>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+<ds:component id="scap_org.open-scap_comp_test_single_rule.oval.xml" timestamp="2017-06-09T07:07:38">
|
|
|
fa2dd6 |
+<oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
|
|
|
fa2dd6 |
+ <generator>
|
|
|
fa2dd6 |
+ <oval:schema_version>5.10</oval:schema_version>
|
|
|
fa2dd6 |
+ <oval:timestamp>2009-01-12T10:41:00-05:00</oval:timestamp>
|
|
|
fa2dd6 |
+ </generator>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <definitions>
|
|
|
fa2dd6 |
+ <definition class="compliance" id="oval:test-pass:def:1" version="1">
|
|
|
fa2dd6 |
+ <metadata>
|
|
|
fa2dd6 |
+ <title>PASS</title>
|
|
|
fa2dd6 |
+ <description>pass</description>
|
|
|
fa2dd6 |
+ </metadata>
|
|
|
fa2dd6 |
+ <criteria>
|
|
|
fa2dd6 |
+ <criterion comment="PASS test" test_ref="oval:x:tst:1"/>
|
|
|
fa2dd6 |
+ </criteria>
|
|
|
fa2dd6 |
+ </definition>
|
|
|
fa2dd6 |
+ </definitions>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <tests>
|
|
|
fa2dd6 |
+ <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="always pass" version="1">
|
|
|
fa2dd6 |
+ <object object_ref="oval:x:obj:1"/>
|
|
|
fa2dd6 |
+ </variable_test>
|
|
|
fa2dd6 |
+ </tests>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <objects>
|
|
|
fa2dd6 |
+ <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
|
|
|
fa2dd6 |
+ <var_ref>oval:x:var:1</var_ref>
|
|
|
fa2dd6 |
+ </variable_object>
|
|
|
fa2dd6 |
+ </objects>
|
|
|
fa2dd6 |
+</oval_definitions>
|
|
|
fa2dd6 |
+</ds:component>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+<ds:component id="scap_org.open-scap_comp_test_single_rule.xccdf.xml" timestamp="2017-06-09T09:15:45">
|
|
|
fa2dd6 |
+<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_com.example.www_benchmark_dummy" xml:lang="en-US">
|
|
|
fa2dd6 |
+ <status>accepted</status>
|
|
|
fa2dd6 |
+ <version>1.0</version>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <Profile id="xccdf_com.example.www_profile_test_remote_res">
|
|
|
fa2dd6 |
+ <title>xccdf_test_profile</title>
|
|
|
fa2dd6 |
+ <description>This profile is for testing.</description>
|
|
|
fa2dd6 |
+ <select idref="xccdf_com.example.www_rule_test-pass" selected="true"/>
|
|
|
fa2dd6 |
+ <select idref="xccdf_com.example.www_rule_test-remote_res" selected="true"/>
|
|
|
fa2dd6 |
+ </Profile>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <Value id="xccdf_com.example.www_value_val1" type="number" operator="equals" interactive="0">
|
|
|
fa2dd6 |
+ <title>test value</title>
|
|
|
fa2dd6 |
+ <description>foo</description>
|
|
|
fa2dd6 |
+ <value selector="bar_1">50</value>
|
|
|
fa2dd6 |
+ <value selector="bar_2">100</value>
|
|
|
fa2dd6 |
+ </Value>
|
|
|
fa2dd6 |
+ <Rule selected="true" id="xccdf_com.example.www_rule_test-pass">
|
|
|
fa2dd6 |
+ <title>This rule always pass</title>
|
|
|
fa2dd6 |
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
|
|
|
fa2dd6 |
+ <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
|
|
|
fa2dd6 |
+ </check>
|
|
|
fa2dd6 |
+ </Rule>
|
|
|
fa2dd6 |
+ <Rule selected="true" id="xccdf_com.example.www_rule_test-remote_res">
|
|
|
fa2dd6 |
+ <title>This rule checks remote resource</title>
|
|
|
fa2dd6 |
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
|
|
|
fa2dd6 |
+ <check-content-ref href="https://www.example.com/security/data/oval/oval.xml.bz2"/>
|
|
|
fa2dd6 |
+ </check>
|
|
|
fa2dd6 |
+ </Rule>
|
|
|
fa2dd6 |
+ <Rule selected="true" id="xccdf_com.example.www_rule_test-pass2">
|
|
|
fa2dd6 |
+ <title>This rule always pass</title>
|
|
|
fa2dd6 |
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
|
|
|
fa2dd6 |
+ <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
|
|
|
fa2dd6 |
+ </check>
|
|
|
fa2dd6 |
+ </Rule>
|
|
|
fa2dd6 |
+</Benchmark>
|
|
|
fa2dd6 |
+</ds:component>
|
|
|
fa2dd6 |
+</ds:data-stream-collection>
|
|
|
fa2dd6 |
diff --git a/tests/DS/ds_continue_without_remote_resources/remote_content_1.3.ds.xml b/tests/DS/ds_continue_without_remote_resources/remote_content_1.3.ds.xml
|
|
|
fa2dd6 |
new file mode 100644
|
|
|
fa2dd6 |
index 000000000..3cf15f8df
|
|
|
fa2dd6 |
--- /dev/null
|
|
|
fa2dd6 |
+++ b/tests/DS/ds_continue_without_remote_resources/remote_content_1.3.ds.xml
|
|
|
fa2dd6 |
@@ -0,0 +1,89 @@
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" id="scap_org.open-scap_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.3">
|
|
|
fa2dd6 |
+<ds:data-stream id="scap_org.open-scap_datastream_from_xccdf_test_single_rule.xccdf.xml" scap-version="1.3" use-case="OTHER">
|
|
|
fa2dd6 |
+ <ds:checklists>
|
|
|
fa2dd6 |
+ <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.xccdf.xml">
|
|
|
fa2dd6 |
+ <cat:catalog>
|
|
|
fa2dd6 |
+ <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.open-scap_cref_test_single_rule.oval.xml"/>
|
|
|
fa2dd6 |
+ <cat:uri name="security-data-oval.xml.bz2" uri="#scap_org.open-scap_cref_security-data-oval.xml.bz2"/>
|
|
|
fa2dd6 |
+ </cat:catalog>
|
|
|
fa2dd6 |
+ </ds:component-ref>
|
|
|
fa2dd6 |
+ </ds:checklists>
|
|
|
fa2dd6 |
+ <ds:checks>
|
|
|
fa2dd6 |
+ <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.oval.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.oval.xml"/>
|
|
|
fa2dd6 |
+ <ds:component-ref id="scap_org.open-scap_cref_security-data-oval.xml.bz2" xlink:href="https://www.example.com/security/data/oval/oval.xml.bz2"/>
|
|
|
fa2dd6 |
+ </ds:checks>
|
|
|
fa2dd6 |
+</ds:data-stream>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+<ds:component id="scap_org.open-scap_comp_test_single_rule.oval.xml" timestamp="2017-06-09T07:07:38">
|
|
|
fa2dd6 |
+<oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
|
|
|
fa2dd6 |
+ <generator>
|
|
|
fa2dd6 |
+ <oval:schema_version>5.11</oval:schema_version>
|
|
|
fa2dd6 |
+ <oval:timestamp>2009-01-12T10:41:00-05:00</oval:timestamp>
|
|
|
fa2dd6 |
+ </generator>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <definitions>
|
|
|
fa2dd6 |
+ <definition class="compliance" id="oval:test-pass:def:1" version="1">
|
|
|
fa2dd6 |
+ <metadata>
|
|
|
fa2dd6 |
+ <title>PASS</title>
|
|
|
fa2dd6 |
+ <description>pass</description>
|
|
|
fa2dd6 |
+ </metadata>
|
|
|
fa2dd6 |
+ <criteria>
|
|
|
fa2dd6 |
+ <criterion comment="PASS test" test_ref="oval:x:tst:1"/>
|
|
|
fa2dd6 |
+ </criteria>
|
|
|
fa2dd6 |
+ </definition>
|
|
|
fa2dd6 |
+ </definitions>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <tests>
|
|
|
fa2dd6 |
+ <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="always pass" version="1">
|
|
|
fa2dd6 |
+ <object object_ref="oval:x:obj:1"/>
|
|
|
fa2dd6 |
+ </variable_test>
|
|
|
fa2dd6 |
+ </tests>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <objects>
|
|
|
fa2dd6 |
+ <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
|
|
|
fa2dd6 |
+ <var_ref>oval:x:var:1</var_ref>
|
|
|
fa2dd6 |
+ </variable_object>
|
|
|
fa2dd6 |
+ </objects>
|
|
|
fa2dd6 |
+</oval_definitions>
|
|
|
fa2dd6 |
+</ds:component>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+<ds:component id="scap_org.open-scap_comp_test_single_rule.xccdf.xml" timestamp="2017-06-09T09:15:45">
|
|
|
fa2dd6 |
+<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_com.example.www_benchmark_dummy" xml:lang="en-US">
|
|
|
fa2dd6 |
+ <status>accepted</status>
|
|
|
fa2dd6 |
+ <version>1.0</version>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <Profile id="xccdf_com.example.www_profile_test_remote_res">
|
|
|
fa2dd6 |
+ <title>xccdf_test_profile</title>
|
|
|
fa2dd6 |
+ <description>This profile is for testing.</description>
|
|
|
fa2dd6 |
+ <select idref="xccdf_com.example.www_rule_test-pass" selected="true"/>
|
|
|
fa2dd6 |
+ <select idref="xccdf_com.example.www_rule_test-remote_res" selected="true"/>
|
|
|
fa2dd6 |
+ </Profile>
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ <Value id="xccdf_com.example.www_value_val1" type="number" operator="equals" interactive="0">
|
|
|
fa2dd6 |
+ <title>test value</title>
|
|
|
fa2dd6 |
+ <description>foo</description>
|
|
|
fa2dd6 |
+ <value selector="bar_1">50</value>
|
|
|
fa2dd6 |
+ <value selector="bar_2">100</value>
|
|
|
fa2dd6 |
+ </Value>
|
|
|
fa2dd6 |
+ <Rule selected="true" id="xccdf_com.example.www_rule_test-pass">
|
|
|
fa2dd6 |
+ <title>This rule always pass</title>
|
|
|
fa2dd6 |
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
|
|
|
fa2dd6 |
+ <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
|
|
|
fa2dd6 |
+ </check>
|
|
|
fa2dd6 |
+ </Rule>
|
|
|
fa2dd6 |
+ <Rule selected="true" id="xccdf_com.example.www_rule_test-remote_res">
|
|
|
fa2dd6 |
+ <title>This rule checks remote resource</title>
|
|
|
fa2dd6 |
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" multi-check="true">
|
|
|
fa2dd6 |
+ <check-content-ref href="security-data-oval.xml.bz2"/>
|
|
|
fa2dd6 |
+ </check>
|
|
|
fa2dd6 |
+ </Rule>
|
|
|
fa2dd6 |
+ <Rule selected="true" id="xccdf_com.example.www_rule_test-pass2">
|
|
|
fa2dd6 |
+ <title>This rule always pass</title>
|
|
|
fa2dd6 |
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
|
|
|
fa2dd6 |
+ <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
|
|
|
fa2dd6 |
+ </check>
|
|
|
fa2dd6 |
+ </Rule>
|
|
|
fa2dd6 |
+</Benchmark>
|
|
|
fa2dd6 |
+</ds:component>
|
|
|
fa2dd6 |
+</ds:data-stream-collection>
|
|
|
fa2dd6 |
diff --git a/tests/DS/test_ds.sh b/tests/DS/test_ds.sh
|
|
|
fa2dd6 |
index 22cafe6c9..1383ad87a 100755
|
|
|
fa2dd6 |
--- a/tests/DS/test_ds.sh
|
|
|
fa2dd6 |
+++ b/tests/DS/test_ds.sh
|
|
|
fa2dd6 |
@@ -414,6 +414,21 @@ function test_sds_tailoring {
|
|
|
fa2dd6 |
rm -f "$result"
|
|
|
fa2dd6 |
}
|
|
|
fa2dd6 |
|
|
|
fa2dd6 |
+function test_ds_continue_without_remote_resources() {
|
|
|
fa2dd6 |
+ local DS="${srcdir}/$1"
|
|
|
fa2dd6 |
+ local PROFILE="$2"
|
|
|
fa2dd6 |
+ local result=$(mktemp)
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ $OSCAP xccdf eval --profile "$PROFILE" --results "$result" "$DS"
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ assert_exists 1 '//rule-result[@idref="xccdf_com.example.www_rule_test-pass"]/result[text()="pass"]'
|
|
|
fa2dd6 |
+ assert_exists 1 '//rule-result[@idref="xccdf_com.example.www_rule_test-remote_res"]/result[text()="notchecked"]'
|
|
|
fa2dd6 |
+ assert_exists 1 '//rule-result[@idref="xccdf_com.example.www_rule_test-pass2"]/result[text()="pass"]'
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+ rm -f "$result"
|
|
|
fa2dd6 |
+}
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
+
|
|
|
fa2dd6 |
# Testing.
|
|
|
fa2dd6 |
test_init "test_ds.log"
|
|
|
fa2dd6 |
|
|
|
fa2dd6 |
@@ -454,6 +469,8 @@ test_run "rds_split_simple" test_rds_split rds_split_simple report-request.xml r
|
|
|
fa2dd6 |
|
|
|
fa2dd6 |
test_run "test_eval_complex" test_eval_complex
|
|
|
fa2dd6 |
test_run "sds_add_multiple_oval_twice_in_row" sds_add_multiple_twice
|
|
|
fa2dd6 |
+test_run "test_ds_1_2_continue_without_remote_resources" test_ds_continue_without_remote_resources ds_continue_without_remote_resources/remote_content_1.2.ds.xml xccdf_com.example.www_profile_test_remote_res
|
|
|
fa2dd6 |
+test_run "test_ds_1_3_continue_without_remote_resources" test_ds_continue_without_remote_resources ds_continue_without_remote_resources/remote_content_1.3.ds.xml xccdf_com.example.www_profile_test_remote_res
|
|
|
fa2dd6 |
|
|
|
fa2dd6 |
test_exit
|
|
|
fa2dd6 |
|