forked from os-autoinst/os-autoinst-distri-opensuse
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenscaptest.pm
98 lines (77 loc) · 2.6 KB
/
openscaptest.pm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Copyright 2017-2020 SUSE LLC
# SPDX-License-Identifier: GPL-2.0-or-later
# Summary: Base module for openSCAP test cases
# Maintainer: QE Security <none@suse.de>
# Tags: poo#37006
package openscaptest;
use base Exporter;
use Exporter;
use consoletest;
use strict;
use warnings;
use testapi;
use utils;
use version_utils qw(is_leap is_sle);
our @EXPORT = qw(
$oval_result
$oval_result_single
$xccdf_result
$xccdf_result_single
$source_ds
$source_ds_result
$arf_result
oscap_get_test_file
validate_result
ensure_generated_file
prepare_remediate_validation
finish_remediate_validation
pre_run_hook
);
our $oval_result = "scan-oval-results.xml";
our $oval_result_single = "scan-oval-results-single.xml";
our $xccdf_result = "scan-xccdf-results.xml";
our $xccdf_result_single = "scan-xccdf-results-single.xml";
our $source_ds = 'source-ds.xml';
our $source_ds_result = 'source-ds-results.xml';
our $arf_result = "arf-results.xml";
sub oscap_get_test_file {
my ($source) = @_;
assert_script_run "wget --quiet " . data_url("openscap/$source");
}
sub validate_result {
my ($result_file, $match, $file_ext) = @_;
$file_ext //= 'xml';
my $xml_args = '';
if ($file_ext eq 'xml' || $file_ext eq 'html') {
$xml_args = '--html' if $file_ext eq 'html';
assert_script_run "xmllint --noout $xml_args $result_file";
}
validate_script_output "cat $result_file", sub { $match }, timeout => 300;
upload_logs($result_file);
}
sub ensure_generated_file {
my ($genfile) = @_;
my $failmsg = "Missing $genfile file. You should first to run related test accordingly";
assert_script_run("ls $genfile", fail_message => $failmsg);
}
sub prepare_remediate_validation {
if (is_sle('<16') || is_leap('<16.0')) {
validate_script_output "[ -f /etc/securetty ] && cat /etc/securetty || cat /usr/etc/securetty", sub { m/tty[1-6]/ };
} else {
# No securetty config at all
assert_script_run "! [ -f /usr/etc/securetty ] && ! [ -f /etc/securetty ]";
}
validate_script_output "cat /proc/sys/kernel/sysrq", sub { m/[1-9]+$/ };
assert_script_run "[ -f /etc/securetty ] && cp /etc/securetty /tmp/ || true";
assert_script_run "cp /proc/sys/kernel/sysrq /tmp/";
}
sub finish_remediate_validation {
# Revert /etc/securetty to old state (copy old content or remove if it didn't exist)
assert_script_run "if [ -f /tmp/securetty ]; then mv /tmp/securetty /etc/; else rm -f /etc/securetty; fi";
assert_script_run "cat /tmp/sysrq > /proc/sys/kernel/sysrq";
}
sub pre_run_hook {
my ($self) = @_;
select_console 'root-console';
}
1;