|
|
61636c |
diff --git a/tests/probes/filehash58/check_filehash_simple.xml b/tests/probes/filehash58/check_filehash_simple.xml
|
|
|
61636c |
new file mode 100644
|
|
|
61636c |
index 000000000..2f6fa877e
|
|
|
61636c |
--- /dev/null
|
|
|
61636c |
+++ b/tests/probes/filehash58/check_filehash_simple.xml
|
|
|
61636c |
@@ -0,0 +1,40 @@
|
|
|
61636c |
+<ns0:oval_definitions xmlns:ns0="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ns2="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:ns3="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:ns4="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:ns5="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
|
|
|
61636c |
+ <ns0:generator>
|
|
|
61636c |
+ <ns2:product_name>combine_ovals.py from SCAP Security Guide</ns2:product_name>
|
|
|
61636c |
+ <ns2:product_version>ssg: [0, 1, 40], python: 3.6.5</ns2:product_version>
|
|
|
61636c |
+ <ns2:schema_version>5.11</ns2:schema_version>
|
|
|
61636c |
+ <ns2:timestamp>2018-07-20T09:33:24</ns2:timestamp>
|
|
|
61636c |
+ </ns0:generator>
|
|
|
61636c |
+ <ns0:definitions>
|
|
|
61636c |
+ <ns0:definition class="compliance" id="oval:ssg-oval_test_has_hash:def:1" version="1">
|
|
|
61636c |
+ <ns0:metadata>
|
|
|
61636c |
+ <ns0:title>Verify that hash of a file that should contain just "foo\n".</ns0:title>
|
|
|
61636c |
+ <ns0:affected family="unix">
|
|
|
61636c |
+ <ns0:platform>Red Hat Enterprise Linux 7</ns0:platform>
|
|
|
61636c |
+ </ns0:affected>
|
|
|
61636c |
+ <ns0:description>This description in OVALs is mandatory, but the most important is to have description in XCCDF.</ns0:description>
|
|
|
61636c |
+ <reference ref_id="oval_test_has_hash" source="ssg" /></ns0:metadata>
|
|
|
61636c |
+ <ns0:criteria>
|
|
|
61636c |
+ <ns0:criterion comment="Check file hash of /oval-test" test_ref="oval:ssg-oval_test_hash_matches:tst:1" />
|
|
|
61636c |
+ </ns0:criteria>
|
|
|
61636c |
+ </ns0:definition>
|
|
|
61636c |
+ </ns0:definitions>
|
|
|
61636c |
+ <ns0:tests>
|
|
|
61636c |
+ <ns3:filehash58_test check="all" comment="-" id="oval:ssg-oval_test_hash_matches:tst:1" version="1">
|
|
|
61636c |
+ <ns3:object object_ref="oval:ssg-concerned_file:obj:1" />
|
|
|
61636c |
+ <ns3:state state_ref="oval:ssg-hash_value:ste:1" />
|
|
|
61636c |
+ </ns3:filehash58_test>
|
|
|
61636c |
+ </ns0:tests>
|
|
|
61636c |
+ <ns0:objects>
|
|
|
61636c |
+ <ns3:filehash58_object id="oval:ssg-concerned_file:obj:1" version="1">
|
|
|
61636c |
+ <ns3:filepath>/oval-test</ns3:filepath>
|
|
|
61636c |
+ <ns3:hash_type>SHA-1</ns3:hash_type>
|
|
|
61636c |
+ </ns3:filehash58_object>
|
|
|
61636c |
+ </ns0:objects>
|
|
|
61636c |
+ <ns0:states>
|
|
|
61636c |
+ <ns3:filehash58_state id="oval:ssg-hash_value:ste:1" version="1">
|
|
|
61636c |
+ <ns3:hash_type>SHA-1</ns3:hash_type>
|
|
|
61636c |
+ <ns3:hash>f1d2d2f924e986ac86fdf7b36c94bcdf32beec15</ns3:hash>
|
|
|
61636c |
+ </ns3:filehash58_state>
|
|
|
61636c |
+ </ns0:states>
|
|
|
61636c |
+</ns0:oval_definitions>
|
|
|
61636c |
diff -r -U3 op0/tests/probes/filehash58/Makefile.in op1/tests/probes/filehash58/Makefile.in
|
|
|
61636c |
--- op0/tests/probes/filehash58/Makefile.in 2018-08-14 10:45:06.065438575 +0200
|
|
|
61636c |
+++ op1/tests/probes/filehash58/Makefile.in 2018-08-14 10:53:57.248937836 +0200
|
|
|
61636c |
@@ -1106,7 +1106,7 @@
|
|
|
61636c |
$(top_builddir)/run
|
|
|
61636c |
|
|
|
61636c |
TESTS = test_probes_filehash58.sh
|
|
|
61636c |
-EXTRA_DIST = test_probes_filehash58.sh test_probes_filehash58.xml.sh
|
|
|
61636c |
+EXTRA_DIST = test_probes_filehash58.sh test_probes_filehash58.xml.sh check_filehash_simple.xml
|
|
|
61636c |
all: all-am
|
|
|
61636c |
|
|
|
61636c |
.SUFFIXES:
|
|
|
61636c |
diff -r -U3 op0/tests/probes/filehash58/test_probes_filehash58.sh op1/tests/probes/filehash58/test_probes_filehash58.sh
|
|
|
61636c |
--- op0/tests/probes/filehash58/test_probes_filehash58.sh 2018-08-14 10:36:09.914512125 +0200
|
|
|
61636c |
+++ op1/tests/probes/filehash58/test_probes_filehash58.sh 2018-08-14 10:53:32.366536647 +0200
|
|
|
61636c |
@@ -38,15 +38,69 @@
|
|
|
61636c |
ret_val=1
|
|
|
61636c |
fi
|
|
|
61636c |
|
|
|
61636c |
+ # The file was created as a side-effect of test_probes_filehash58.xml.sh
|
|
|
61636c |
[ $ret_val -eq 0 ] && rm -f /tmp/test_probes_filehash58.tmp
|
|
|
61636c |
|
|
|
61636c |
return $ret_val
|
|
|
61636c |
}
|
|
|
61636c |
|
|
|
61636c |
+
|
|
|
61636c |
+# $1: The chroot directory
|
|
|
61636c |
+function test_probes_filehash58_chroot {
|
|
|
61636c |
+
|
|
|
61636c |
+ probecheck "filehash58" || return 255
|
|
|
61636c |
+ require "sha1sum" || return 255
|
|
|
61636c |
+
|
|
|
61636c |
+ local ret_val=0;
|
|
|
61636c |
+ local DF="$srcdir/check_filehash_simple.xml"
|
|
|
61636c |
+
|
|
|
61636c |
+ absolute_probe_root=$(cd "$1" && pwd)
|
|
|
61636c |
+
|
|
|
61636c |
+ # oscap-chroot is not readily available during test run, so we use oscap + env var setting.
|
|
|
61636c |
+ result_keyword=$(OSCAP_PROBE_ROOT="$absolute_probe_root" "$OSCAP" oval eval "$DF" | grep oval_test_has_hash | grep -o '\w*$')
|
|
|
61636c |
+
|
|
|
61636c |
+ [ "$result_keyword" == "$2" ] && return 0
|
|
|
61636c |
+ # vvv This is more a test error than a failure or "warning" vvv
|
|
|
61636c |
+ [ "$result_keyword" == "" ] && return 2
|
|
|
61636c |
+ return 1
|
|
|
61636c |
+}
|
|
|
61636c |
+
|
|
|
61636c |
+
|
|
|
61636c |
+function test_probes_filehash58_chroot_pass {
|
|
|
61636c |
+ local ret_val=0
|
|
|
61636c |
+
|
|
|
61636c |
+ mkdir -p pass
|
|
|
61636c |
+ echo foo > pass/oval-test
|
|
|
61636c |
+
|
|
|
61636c |
+ test_probes_filehash58_chroot pass true
|
|
|
61636c |
+ ret_val=$?
|
|
|
61636c |
+ rm -rf pass
|
|
|
61636c |
+
|
|
|
61636c |
+ return $ret_val
|
|
|
61636c |
+}
|
|
|
61636c |
+
|
|
|
61636c |
+
|
|
|
61636c |
+function test_probes_filehash58_chroot_fail {
|
|
|
61636c |
+ local ret_val=0
|
|
|
61636c |
+
|
|
|
61636c |
+ mkdir -p fail
|
|
|
61636c |
+ echo bar > fail/oval-test
|
|
|
61636c |
+
|
|
|
61636c |
+ test_probes_filehash58_chroot fail false
|
|
|
61636c |
+ ret_val=$?
|
|
|
61636c |
+ rm -rf fail
|
|
|
61636c |
+
|
|
|
61636c |
+ return $ret_val
|
|
|
61636c |
+}
|
|
|
61636c |
+
|
|
|
61636c |
# Testing.
|
|
|
61636c |
|
|
|
61636c |
test_init "test_probes_filehash58.log"
|
|
|
61636c |
|
|
|
61636c |
test_run "test_probes_filehash58" test_probes_filehash58
|
|
|
61636c |
|
|
|
61636c |
+test_run "test_probes_filehash58_chroot_fail" test_probes_filehash58_chroot_fail
|
|
|
61636c |
+
|
|
|
61636c |
+test_run "test_probes_filehash58_chroot_pass" test_probes_filehash58_chroot_pass
|
|
|
61636c |
+
|
|
|
61636c |
test_exit
|