Skip to content

Commit

Permalink
Adjust test scenarios to use more generic approach.
Browse files Browse the repository at this point in the history 
Use rpm_verify_* rule changes as they are not expected to be templated
because of their specificity.
  • Loading branch information
@mildas
mildas committed Jan 31, 2024
1 parent a78fd0d commit 696df04
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 33 deletions.
16 changes: 8 additions & 8 deletions tests/ansible.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ prepare_repository


@test "Add comment line" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i "\$a# comment" "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand All @@ -21,7 +21,7 @@ prepare_repository
}

@test "Change metadata" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i 's/# reboot = false/# reboot = true/' "$file"
regex_check="build_product "

Expand All @@ -38,8 +38,8 @@ prepare_repository
}

@test "Change name" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
sed -i 's/- name: Disable.*/- name: some name/' "$file"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i 's/- name: .*/- name: some name/' "$file"

git add "$file" && git commit -m "test commit" &>/dev/null

Expand All @@ -54,10 +54,10 @@ prepare_repository
}

@test "Change remediation part" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
sed -i 's;path: .*;path: /some/path/;' "$file"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i 's/command: .*/command: ls/' "$file"
regex_check_1="build_product "
regex_check_2=".*test_suite\.py rule.*disable_prelink"
regex_check_2=".*test_suite\.py rule.*rpm_verify_permissions"

git add "$file" && git commit -m "test commit" &>/dev/null

Expand Down Expand Up @@ -98,7 +98,7 @@ prepare_repository
}

@test "Remove ansible remediation" {
file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
rm -f "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand Down
10 changes: 5 additions & 5 deletions tests/bash.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ prepare_repository


@test "Add comment line" {
file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh"
sed -i "\$a# comment" "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand Down Expand Up @@ -38,10 +38,10 @@ prepare_repository
}

@test "Change remediation" {
file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh"
sed -i "s/chmod 600/chmod 744/" "$file"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh"
sed -i "s/rpm//" "$file"
regex_check_1="build_product "
regex_check_2="test_suite\.py rule.*sssd_run_as_sssd_user"
regex_check_2="test_suite\.py rule.*rpm_verify_permissions"

git add "$file" && git commit -m "test commit" &>/dev/null

Expand Down Expand Up @@ -83,7 +83,7 @@ prepare_repository


@test "Remove bash remediation" {
file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh"
rm -f "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand Down
5 changes: 2 additions & 3 deletions tests/jinja.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,8 @@ prepare_repository
file="./shared/macros/10-bash.jinja"
sed -i "/macro bash_sshd_config_set/a echo 1" "$file"
regex_check_1="build_product"
regex_check_2="test_suite.py rule.*sshd_use_strong_macs"
regex_check_3="test_suite.py rule.*sshd_set_idle_timeout"
regex_check_4="test_suite.py rule.*sshd_use_priv_separation"
regex_check_2="test_suite.py rule.*sshd_set_"
regex_check_3="test_suite.py rule.*sshd_use_"

git add "$file" && git commit -m "test commit" &>/dev/null

Expand Down
16 changes: 8 additions & 8 deletions tests/json_ansible.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ prepare_repository


@test "Add comment line" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i "\$a# comment" "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand All @@ -21,7 +21,7 @@ prepare_repository
}

@test "Change metadata" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i 's/# reboot = false/# reboot = true/' "$file"
regex_check="build_product "

Expand All @@ -38,8 +38,8 @@ prepare_repository
}

@test "Change name" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
sed -i 's/- name: Disable.*/- name: some name/' "$file"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i 's/- name: .*/- name: some name/' "$file"

git add "$file" && git commit -m "test commit" &>/dev/null

Expand All @@ -54,9 +54,9 @@ prepare_repository
}

@test "Change remediation part" {
file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml"
sed -i 's;path: .*;path: /some/path/;' "$file"
regex_check='{.*"rules": \["disable_prelink"\].*"bash": "False".*"ansible": "True"}'
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
sed -i 's/command: .*/command: ls/' "$file"
regex_check='{.*"rules": \["rpm_verify_permissions"\].*"bash": "False".*"ansible": "True"}'

git add "$file" && git commit -m "test commit" &>/dev/null

Expand Down Expand Up @@ -88,7 +88,7 @@ prepare_repository
}

@test "Remove ansible remediation" {
file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml"
rm -f "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand Down
10 changes: 5 additions & 5 deletions tests/json_bash.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ prepare_repository


@test "Add comment line" {
file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh"
sed -i "\$a# comment" "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand Down Expand Up @@ -38,9 +38,9 @@ prepare_repository
}

@test "Change remediation" {
file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh"
sed -i "s/chmod 600/chmod 744/" "$file"
regex_check='{.*"rules": \["sssd_run_as_sssd_user"\].*"bash": "True".*"ansible": "False"}'
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh"
sed -i "s/rpm//" "$file"
regex_check='{.*"rules": \["rpm_verify_permissions"\].*"bash": "True".*"ansible": "False"}'

git add "$file" && git commit -m "test commit" &>/dev/null

Expand Down Expand Up @@ -73,7 +73,7 @@ prepare_repository


@test "Remove bash remediation" {
file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh"
file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh"
rm -f "$file"

git add "$file" && git commit -m "test commit" &>/dev/null
Expand Down
6 changes: 2 additions & 4 deletions tests/json_jinja.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,8 @@ prepare_repository
@test "Change sshd macro" {
file="./shared/macros/10-bash.jinja"
sed -i "/macro bash_sshd_config_set/a echo 1" "$file"
regex_check_1='{.*"rules": \[.*"sshd_use_strong_ciphers".*\].*"bash": "True".*"ansible": "False".*}'
regex_check_2='{.*"rules": \[.*"sshd_use_strong_macs".*\].*"bash": "True".*"ansible": "False".*}'
regex_check_3='{.*"rules": \[.*"sshd_set_keepalive".*\].*"bash": "True".*"ansible": "False".*}'
regex_check_4='{.*"rules": \[.*"sshd_set_idle_timeout".*\].*"bash": "True".*"ansible": "False".*}'
regex_check_1='{.*"rules": \[.*"sshd_use_.*".*\].*"bash": "True".*"ansible": "False".*}'
regex_check_2='{.*"rules": \[.*"sshd_set_.*".*\].*"bash": "True".*"ansible": "False".*}'

git add "$file" && git commit -m "test commit" &>/dev/null

Expand Down

0 comments on commit 696df04

Please sign in to comment.