|
1
|
|
|
import pytest |
|
2
|
|
|
from lxml import etree |
|
3
|
|
|
|
|
4
|
|
|
from openscap_report.scap_results_parser.parsers import FullTextParser |
|
5
|
|
|
|
|
6
|
|
|
from ..test_utils import BASIC_REPORT, REPORT_REPRODUCING_DANGLING_REFERENCE_TO |
|
7
|
|
|
|
|
8
|
|
|
REF_VALUES = { |
|
9
|
|
|
"id-1234": "text1", |
|
10
|
|
|
"1234": 'echo "nwm"' |
|
11
|
|
|
} |
|
12
|
|
|
FULL_TEXT_PARSER = FullTextParser(REF_VALUES) |
|
13
|
|
|
|
|
14
|
|
|
|
|
15
|
|
|
@pytest.mark.unit_test |
|
16
|
|
|
@pytest.mark.parametrize("tag, return_data", [ |
|
17
|
|
|
(etree.Element("sub", idref="id-1234"), "text1"), |
|
18
|
|
|
(etree.Element("sub", idref="1234"), 'echo "nwm"'), |
|
19
|
|
|
( |
|
20
|
|
|
etree.Element("sub", idref="hello-ID"), |
|
21
|
|
|
"<span class='error-id-ref'>Sub tag reference does not exist: hello-ID</span>" |
|
22
|
|
|
), |
|
23
|
|
|
]) |
|
24
|
|
|
def test_replace_sub_tag(tag, return_data): |
|
25
|
|
|
assert FULL_TEXT_PARSER.replace_sub_tag(tag) == return_data |
|
26
|
|
|
|
|
27
|
|
|
|
|
28
|
|
|
@pytest.mark.unit_test |
|
29
|
|
|
@pytest.mark.parametrize("report, rule_id, expected_data", [ |
|
30
|
|
|
( |
|
31
|
|
|
REPORT_REPRODUCING_DANGLING_REFERENCE_TO, |
|
32
|
|
|
"xccdf_org.ssgproject.content_rule_grub2_l1tf_argument", |
|
33
|
|
|
( |
|
34
|
|
|
"L1 Terminal Fault (L1TF) is a hardware vulnerability which allows unprivileged\n" |
|
35
|
|
|
"speculative access to data which is available in the Level 1 Data Cache when\n" |
|
36
|
|
|
"the page table entry isn't present.\n\nSelect the appropriate mitigation by" |
|
37
|
|
|
" adding the argument\n<code>l1tf=<span class='error-id-ref'>" |
|
38
|
|
|
"Sub tag reference does not exist: dangling reference to !</span>" |
|
39
|
|
|
"</code> to the default\nGRUB 2 command line for the Linux operating system.\n" |
|
40
|
|
|
"Configure the default Grub2 kernel command line to contain " |
|
41
|
|
|
"l1tf=xccdf_value(var_l1tf_options) as follows:\n" |
|
42
|
|
|
"<pre># grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) " |
|
43
|
|
|
"l1tf=xccdf_value(var_l1tf_options)"</pre>\n\nSince Linux Kernel 4.19 " |
|
44
|
|
|
"you can check the L1TF vulnerability state with the\n" |
|
45
|
|
|
"following command:\n<code>cat /sys/devices/system/cpu/vulnerabilities/l1tf</code>" |
|
46
|
|
|
) |
|
47
|
|
|
), |
|
48
|
|
|
( |
|
49
|
|
|
BASIC_REPORT, |
|
50
|
|
|
"xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias", |
|
51
|
|
|
( |
|
52
|
|
|
"Make sure that mails delivered to root user are forwarded to a monitored\n" |
|
53
|
|
|
"email address. Make sure that the address\[email protected] is" |
|
54
|
|
|
" a valid email address\nreachable from the system in question. Use the following" |
|
55
|
|
|
" command to\nconfigure the alias:\n<pre>$ sudo echo "root: " |
|
56
|
|
|
"[email protected]" >> /etc/aliases\n$ sudo newaliases</pre>" |
|
57
|
|
|
) |
|
58
|
|
|
), |
|
59
|
|
|
( |
|
60
|
|
|
REPORT_REPRODUCING_DANGLING_REFERENCE_TO, |
|
61
|
|
|
"xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias", |
|
62
|
|
|
( |
|
63
|
|
|
"Make sure that mails delivered to root user are forwarded to a monitored\n" |
|
64
|
|
|
"email address. Make sure that the address\[email protected] is" |
|
65
|
|
|
" a valid email address\nreachable from the system in question. Use the following" |
|
66
|
|
|
" command to\nconfigure the alias:\n<pre>$ sudo echo "root: " |
|
67
|
|
|
"[email protected]" >> /etc/aliases\n$ sudo newaliases</pre>" |
|
68
|
|
|
) |
|
69
|
|
|
), |
|
70
|
|
|
]) |
|
71
|
|
|
def test_parsing_of_text(report, rule_id, expected_data): |
|
72
|
|
|
assert report.rules[rule_id].description == expected_data |
|
73
|
|
|
|
OpenSCAP /
openscap-report
