updated rule_1_1 test (#76)

netpicker · mailsanjayhere · web-flow · commit 120d0f4cae0b · 2024-07-10T23:43:54.000+05:30
* updated rule_1_1 test

* fixing flake8 reported errors

* fixing flake8 errors for all vendors

* fixed some more flake8

---------

Co-authored-by: mailsanjayhere &lt;mailsanjayhere@gmail.com&gt;
diff --git a/CIS/Checkpoint/1_password_policy/rule_1_10_ensure_force_users_to_change_password_at_first_login.py b/CIS/Checkpoint/1_password_policy/rule_1_10_ensure_force_users_to_change_password_at_first_login.py
@@ -2,9 +2,9 @@
 
 
 @medium(
-      name='rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected',
+      name='rule_1_10_ensure_force_users_to_change_password_at_first_login',
       platform=['checkpoint'],
       commands=dict(chk_cmd='')
 )
-def rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected(commands, ref):
+def rule_1_10_ensure_force_users_to_change_password_at_first_login(commands, ref):
     assert '' in commands.chk_cmd, ref
diff --git a/CIS/Checkpoint/1_password_policy/rule_1_10_ensure_force_users_to_change_password_at_first_login.ref b/CIS/Checkpoint/1_password_policy/rule_1_10_ensure_force_users_to_change_password_at_first_login.ref
@@ -1,4 +1,4 @@
-.rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected
+.rule_1_10_ensure_force_users_to_change_password_at_first_login
 
 Reference: 
 Remediation: Run the following command to set force-change-when setting.
@@ -14,4 +14,4 @@ changed from Users page' setting.
 
 
 
-.
+.
diff --git a/CIS/Cisco_nxos/1_management_plane/1_4_password_rules/rule_1_4_3_set_password_lifetime,_warning_time_and_grace_time_for_local_credentials.py b/CIS/Cisco_nxos/1_management_plane/1_4_password_rules/rule_1_4_3_set_password_lifetime,_warning_time_and_grace_time_for_local_credentials.py
diff --git a/CIS/Cisco_nxos/1_management_plane/1_4_password_rules/rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials.py b/CIS/Cisco_nxos/1_management_plane/1_4_password_rules/rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/CIS/Cisco_nxos/1_management_plane/1_4_password_rules/rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials.ref b/CIS/Cisco_nxos/1_management_plane/1_4_password_rules/rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials.ref
@@ -1,4 +1,4 @@
-.rule_1_4_3_set_password_lifetime,_warning_time_and_grace_time_for_local_credentials
+.rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials
 
 Reference: 
 Remediation: To set passphrase timers globally:
@@ -16,4 +16,4 @@ example
 switch(config)# username test passphrase lifetime 180 warntime 10 gracetime
 10
 
-.
+.
diff --git a/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use,_use_a_complex_community_string.py b/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use,_use_a_complex_community_string.py
diff --git a/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string.py b/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string.ref b/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string.ref
@@ -1,6 +1,6 @@
-.rule_1_5_1_if_snmpv2_is_in_use,_use_a_complex_community_string
+.rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string
 
 Reference: 
 Remediation: switch(config)# snmp-server community <SomeComplexString> ro
 
-.
+.
diff --git a/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use,_set_restrictions_on_access.py b/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use,_set_restrictions_on_access.py
diff --git a/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access.py b/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access.ref b/CIS/Cisco_nxos/1_management_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access.ref
@@ -1,4 +1,4 @@
-.rule_1_5_2_if_snmpv2_is_in_use,_set_restrictions_on_access
+.rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access
 
 Reference: 
 Remediation: Create the ACL:
@@ -15,4 +15,4 @@ OR an IPv6 ACL can be applied to a given SNMP community string, not both.
 In releases prior to Cisco NX-OS Release 7.0(3)I4(1), this CLI command includes use-
 acl rather than use-ipv4acl.
 
-.
+.
diff --git a/CIS/Cisco_nxos/1_management_plane/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used,_configure_daylight_savings.py b/CIS/Cisco_nxos/1_management_plane/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used,_configure_daylight_savings.py
diff --git a/CIS/Cisco_nxos/1_management_plane/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings.py b/CIS/Cisco_nxos/1_management_plane/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/CIS/Cisco_nxos/1_management_plane/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings.ref b/CIS/Cisco_nxos/1_management_plane/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings.ref
@@ -1,4 +1,4 @@
-.rule_1_7_3_if_a_local_time_zone_is_used,_configure_daylight_savings
+.rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings
 
 Reference: 
 Remediation: In most cases, just the name of the DST timezone name is sufficient. NX-OS assumes 1
@@ -17,4 +17,4 @@ day2, month2, time2 define the end of the DST period
 
 
 
-.
+.
diff --git a/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_2_bgp/rule_3_1_2_2_if_possible,_limit_the_bgp_routes_accepted_from_peers.py b/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_2_bgp/rule_3_1_2_2_if_possible,_limit_the_bgp_routes_accepted_from_peers.py
diff --git a/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_2_bgp/rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers.py b/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_2_bgp/rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers.py
@@ -0,0 +1,10 @@
+from comfy.compliance import low
+
+
+@low(
+      name='rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_2_bgp/rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers.ref b/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_2_bgp/rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers.ref
@@ -1,4 +1,4 @@
-.rule_3_1_2_2_if_possible,_limit_the_bgp_routes_accepted_from_peers
+.rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers
 
 Reference: os/unicast/configuration/guide/l3_cli_nxos/l3_bgp.html
 
@@ -30,4 +30,4 @@ switch(config-router-neighbor)#     remote-as 65521
 switch(config-router-neighbor)#     address-family ipv4 unicast
 switch(config-router-neighbor-af)#      route-map RM_BGP_PEERNAME_IN in
 
-.
+.
diff --git a/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_4_protocol_independent_routing_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses,_configure_anti_spoofing___ingress_filtering_protections.py b/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_4_protocol_independent_routing_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses,_configure_anti_spoofing___ingress_filtering_protections.py
diff --git a/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_4_protocol_independent_routing_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing.py b/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_4_protocol_independent_routing_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_4_protocol_independent_routing_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing.ref b/CIS/Cisco_nxos/3_data_plane/3_1_secure_routing_protocols/3_1_4_protocol_independent_routing_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing.ref
@@ -1,4 +1,4 @@
-.rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses,_configure_anti_spoofing___ingress_filtering_protections
+.rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing
 
 Reference: 
 Remediation: Apply the command "ip verify unicast source reachable-via rx" to all VLAN interfaces
@@ -10,4 +10,4 @@ command variant has no affect.
 switch(config)# interface Vlan X
 switch(config-if)# ip verify unicast source reachable-via rx
 
-.
+.
diff --git a/CIS/Cisco_xr/1_management_plane/1_1_authetnication_authorization_accounting_rules/rule_1_1_5_local_users_groups_and_tasks.py b/CIS/Cisco_xr/1_management_plane/1_1_authetnication_authorization_accounting_rules/rule_1_1_5_local_users_groups_and_tasks.py
@@ -2,9 +2,9 @@
 
 
 @low(
-      name='rule_1_1_5_local_users,_groups_and_tasks',
+      name='rule_1_1_5_local_users_groups_and_tasks',
       platform=['cisco_xr'],
       commands=dict(chk_cmd='')
 )
-def rule_1_1_5_local_users,_groups_and_tasks(commands, ref):
+def rule_1_1_5_local_users_groups_and_tasks(commands, ref):
     assert '' in commands.chk_cmd, ref
diff --git a/CIS/Cisco_xr/1_management_plane/1_1_authetnication_authorization_accounting_rules/rule_1_1_5_local_users_groups_and_tasks.ref b/CIS/Cisco_xr/1_management_plane/1_1_authetnication_authorization_accounting_rules/rule_1_1_5_local_users_groups_and_tasks.ref
@@ -1,4 +1,4 @@
-.rule_1_1_5_local_users,_groups_and_tasks
+.rule_1_1_5_local_users_groups_and_tasks
 
 Reference: system-setup-cg-ncs5000-62x/b-system-setup-cg-ncs5000-
 62x_chapter_0101.html#id_134674
@@ -11,4 +11,4 @@ IOSXR(config)#username {username}
 IOSXR(config-un)#secret {password}
 IOSXR(config-un)#group {user_group}
 
-.
+.
diff --git a/CIS/Cisco_xr/1_management_plane/1_2_ssh/rule_1_2_1_set_the_hostname.py b/CIS/Cisco_xr/1_management_plane/1_2_ssh/rule_1_2_1_set_the_hostname.py
@@ -4,7 +4,7 @@
 @medium(
       name='rule_1_2_1_set_the_hostname',
       platform=['cisco_xr'],
-     # commands=dict(chk_cmd='sh run | incl hostname')
+      # commands=dict(chk_cmd='sh run | incl hostname')
 )
 def rule_1_2_1_set_the_hostname(configuration, ref):
     assert 'hostname' in configuration, ref
diff --git a/CIS/Junos/1_general_recommendations/rule_1_1_ensure_device_is_running_current_junos_software.py b/CIS/Junos/1_general_recommendations/rule_1_1_ensure_device_is_running_current_junos_software.py
@@ -4,7 +4,7 @@
 @medium(
       name='rule_1_1_ensure_device_is_running_current_junos_software',
       platform=['juniper'],
-      commands=dict(chk_cmd='')
+      commands=dict(chk_cmd='show version | match JUNOS')
 )
 def rule_1_1_ensure_device_is_running_current_junos_software(commands, ref):
-    assert '' in commands.chk_cmd, ref
+    assert '15.1X49-D150.2' in commands.chk_cmd, ref

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-.rule_1_4_3_set_password_lifetime,_warning_time_and_grace_time_for_local_credentials`
	`1`	`+.rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials`
`2`	`2`
`3`	`3`	`Reference:`
`4`	`4`	`Remediation: To set passphrase timers globally:`
`@@ -16,4 +16,4 @@ example`
`16`	`16`	`switch(config)# username test passphrase lifetime 180 warntime 10 gracetime`
`17`	`17`	`10`
`18`	`18`
`19`		`-.`
	`19`	`+.`