|
1
|
|
|
import os |
|
2
|
|
|
import tempfile |
|
3
|
|
|
|
|
4
|
|
|
import yaml |
|
5
|
|
|
import pytest |
|
6
|
|
|
|
|
7
|
|
|
import ssg.build_yaml |
|
8
|
|
|
|
|
9
|
|
|
|
|
10
|
|
|
PROJECT_ROOT = os.path.join(os.path.dirname(__file__), "..", "..", "..", ) |
|
11
|
|
|
|
|
12
|
|
|
|
|
13
|
|
|
def test_serialize_rule(): |
|
14
|
|
|
filename = PROJECT_ROOT + "/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml" |
|
15
|
|
|
rule_ds = ssg.build_yaml.Rule.from_yaml(filename) |
|
16
|
|
|
rule_as_dict = rule_ds.to_contents_dict() |
|
17
|
|
|
|
|
18
|
|
|
with tempfile.NamedTemporaryFile("w+", delete=True) as f: |
|
19
|
|
|
yaml.dump(rule_as_dict, f) |
|
20
|
|
|
rule_ds_reloaded = ssg.build_yaml.Rule.from_yaml(f.name) |
|
21
|
|
|
|
|
22
|
|
|
reloaded_dict = rule_ds_reloaded.to_contents_dict() |
|
23
|
|
|
|
|
24
|
|
|
# Those two should be really equal if there are no jinja macros in the rule def. |
|
25
|
|
|
assert rule_as_dict == reloaded_dict |
|
26
|
|
|
|
|
27
|
|
|
|
|
28
|
|
|
TEST_TEMPLATE_DICT = { |
|
29
|
|
|
"backends": { |
|
30
|
|
|
"anaconda": True, |
|
31
|
|
|
"anaconda@rhel7": False, |
|
32
|
|
|
}, |
|
33
|
|
|
"vars": { |
|
34
|
|
|
"filesystem": "tmpfs", |
|
35
|
|
|
"filesystem@rhel7": "" |
|
36
|
|
|
}, |
|
37
|
|
|
} |
|
38
|
|
|
|
|
39
|
|
|
|
|
40
|
|
|
def test_make_items_product_specific(): |
|
41
|
|
|
rule = ssg.build_yaml.Rule("something") |
|
42
|
|
|
|
|
43
|
|
|
rule.identifiers = { |
|
44
|
|
|
"cce@rhel6": "27100-7", |
|
45
|
|
|
"cce@rhel7": "27445-6", |
|
46
|
|
|
"cce@rhel8": "80901-2", |
|
47
|
|
|
} |
|
48
|
|
|
|
|
49
|
|
|
rule.template = TEST_TEMPLATE_DICT.copy() |
|
50
|
|
|
|
|
51
|
|
|
rule.normalize("rhel7") |
|
52
|
|
|
assert "cce@rhel7" not in rule.identifiers |
|
53
|
|
|
assert "cce@rhel8" not in rule.identifiers |
|
54
|
|
|
assert rule.identifiers["cce"] == "27445-6" |
|
55
|
|
|
|
|
56
|
|
|
assert "filesystem@rhel7" not in rule.template["vars"] |
|
57
|
|
|
assert rule.template["vars"]["filesystem"] == "" |
|
58
|
|
|
assert "anaconda@rhel7" not in rule.template["backends"] |
|
59
|
|
|
assert not rule.template["backends"]["anaconda"] |
|
60
|
|
|
|
|
61
|
|
|
rule.identifiers = { |
|
62
|
|
|
"cce": "27100-7", |
|
63
|
|
|
"cce@rhel7": "27445-6", |
|
64
|
|
|
} |
|
65
|
|
|
with pytest.raises(Exception) as exc: |
|
66
|
|
|
rule.normalize("rhel7") |
|
67
|
|
|
assert "'cce'" in str(exc) |
|
68
|
|
|
assert "identifiers" in str(exc) |
|
69
|
|
|
|
|
70
|
|
|
rule.identifiers = { |
|
71
|
|
|
"cce@rhel7": "27445-6", |
|
72
|
|
|
"cce": "27445-6", |
|
73
|
|
|
} |
|
74
|
|
|
rule.normalize("rhel7") |
|
75
|
|
|
assert "cce@rhel7" not in rule.identifiers |
|
76
|
|
|
assert rule.identifiers["cce"] == "27445-6" |
|
77
|
|
|
|
|
78
|
|
|
rule.references = { |
|
79
|
|
|
"stigid@rhel6": "000237", |
|
80
|
|
|
"stigid@rhel7": "040370", |
|
81
|
|
|
"stigid": "tralala", |
|
82
|
|
|
} |
|
83
|
|
|
with pytest.raises(ValueError) as exc: |
|
84
|
|
|
rule.make_refs_and_identifiers_product_specific("rhel7") |
|
85
|
|
|
assert "stigid" in str(exc) |
|
86
|
|
|
|
|
87
|
|
|
rule.references = { |
|
88
|
|
|
"stigid@rhel6": "000237", |
|
89
|
|
|
"stigid@rhel7": "040370", |
|
90
|
|
|
} |
|
91
|
|
|
rule.normalize("rhel7") |
|
92
|
|
|
assert rule.references["stigid"] == "RHEL-07-040370" |
|
93
|
|
|
|
|
94
|
|
|
rule.references = { |
|
95
|
|
|
"stigid@rhel6": "000237", |
|
96
|
|
|
"stigid@rhel7": "040370", |
|
97
|
|
|
} |
|
98
|
|
|
rule.template = TEST_TEMPLATE_DICT.copy() |
|
99
|
|
|
|
|
100
|
|
|
rule.normalize("rhel6") |
|
101
|
|
|
assert rule.references["stigid"] == "RHEL-06-000237" |
|
102
|
|
|
assert "stigid@rhel6" not in rule.references |
|
103
|
|
|
assert rule.identifiers["cce"] == "27445-6" |
|
104
|
|
|
|
|
105
|
|
|
assert "filesystem@rhel7" not in rule.template["vars"] |
|
106
|
|
|
assert rule.template["vars"]["filesystem"] == "tmpfs" |
|
107
|
|
|
assert "anaconda@rhel7" not in rule.template["backends"] |
|
108
|
|
|
assert rule.template["backends"]["anaconda"] |
|
109
|
|
|
|
|
110
|
|
|
rule.references = { |
|
111
|
|
|
"stigid@rhel6": "000237", |
|
112
|
|
|
"stigid@rhel7": "040370,057364", |
|
113
|
|
|
} |
|
114
|
|
|
with pytest.raises(ValueError, match="Rules can not have multiple STIG IDs."): |
|
115
|
|
|
rule.make_refs_and_identifiers_product_specific("rhel7") |
|
116
|
|
|
|
|
117
|
|
|
|
|
118
|
|
|
def test_priority_ordering(): |
|
119
|
|
|
ORDER = ["ga", "be", "al"] |
|
120
|
|
|
to_order = ["alpha", "beta", "gamma"] |
|
121
|
|
|
ordered = ssg.build_yaml.reorder_according_to_ordering(to_order, ORDER) |
|
122
|
|
|
assert ordered == ["gamma", "beta", "alpha"] |
|
123
|
|
|
|
|
124
|
|
|
to_order = ["alpha", "beta", "gamma", "epsilon"] |
|
125
|
|
|
ordered = ssg.build_yaml.reorder_according_to_ordering(to_order, ORDER) |
|
126
|
|
|
assert ordered == ["gamma", "beta", "alpha", "epsilon"] |
|
127
|
|
|
|
|
128
|
|
|
to_order = ["alpha"] |
|
129
|
|
|
ordered = ssg.build_yaml.reorder_according_to_ordering(to_order, ORDER) |
|
130
|
|
|
assert ordered == ["alpha"] |
|
131
|
|
|
|
|
132
|
|
|
to_order = ["x"] |
|
133
|
|
|
ordered = ssg.build_yaml.reorder_according_to_ordering(to_order, ORDER) |
|
134
|
|
|
assert ordered == ["x"] |
|
135
|
|
|
|
|
136
|
|
|
to_order = ["alpha", "beta", "alnum", "gaha"] |
|
137
|
|
|
ordered = ssg.build_yaml.reorder_according_to_ordering( |
|
138
|
|
|
to_order, ORDER + ["gaha"], regex=".*ha") |
|
139
|
|
|
assert ordered[:2] == ["gaha", "alpha"] |
|
140
|
|
|
|
ComplianceAsCode /
content
