From f2ee90505205d0ad84a87f8524f85ee4435e11eb Mon Sep 17 00:00:00 2001 From: Milan Lysonek Date: Wed, 31 Jan 2024 13:16:44 +0100 Subject: [PATCH] Adjust test scenarios to use more generic approach. Use rpm_verify_* rule changes as they are not expected to be templated because of their specificity. --- tests/ansible.bats | 16 ++++++++-------- tests/bash.bats | 10 +++++----- tests/jinja.bats | 5 ++--- tests/json_ansible.bats | 16 ++++++++-------- tests/json_bash.bats | 10 +++++----- tests/json_jinja.bats | 6 ++---- 6 files changed, 30 insertions(+), 33 deletions(-) diff --git a/tests/ansible.bats b/tests/ansible.bats index ca07207..8f6e727 100644 --- a/tests/ansible.bats +++ b/tests/ansible.bats @@ -5,7 +5,7 @@ prepare_repository @test "Add comment line" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" sed -i "\$a# comment" "$file" git add "$file" && git commit -m "test commit" &>/dev/null @@ -21,7 +21,7 @@ prepare_repository } @test "Change metadata" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" sed -i 's/# reboot = false/# reboot = true/' "$file" regex_check="build_product " @@ -38,8 +38,8 @@ prepare_repository } @test "Change name" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" - sed -i 's/- name: Disable.*/- name: some name/' "$file" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" + sed -i 's/- name: .*/- name: some name/' "$file" git add "$file" && git commit -m "test commit" &>/dev/null @@ -54,10 +54,10 @@ prepare_repository } @test "Change remediation part" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" - sed -i 's;path: .*;path: /some/path/;' "$file" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" + sed -i 's/command: .*/command: ls/' "$file" regex_check_1="build_product " - regex_check_2=".*test_suite\.py rule.*disable_prelink" + regex_check_2=".*test_suite\.py rule.*rpm_verify_permissions" git add "$file" && git commit -m "test commit" &>/dev/null @@ -98,7 +98,7 @@ prepare_repository } @test "Remove ansible remediation" { - file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" rm -f "$file" git add "$file" && git commit -m "test commit" &>/dev/null diff --git a/tests/bash.bats b/tests/bash.bats index 00d4d92..c565a24 100644 --- a/tests/bash.bats +++ b/tests/bash.bats @@ -5,7 +5,7 @@ prepare_repository @test "Add comment line" { - file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh" sed -i "\$a# comment" "$file" git add "$file" && git commit -m "test commit" &>/dev/null @@ -38,10 +38,10 @@ prepare_repository } @test "Change remediation" { - file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh" - sed -i "s/chmod 600/chmod 744/" "$file" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh" + sed -i "s/rpm//" "$file" regex_check_1="build_product " - regex_check_2="test_suite\.py rule.*sssd_run_as_sssd_user" + regex_check_2="test_suite\.py rule.*rpm_verify_permissions" git add "$file" && git commit -m "test commit" &>/dev/null @@ -83,7 +83,7 @@ prepare_repository @test "Remove bash remediation" { - file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh" rm -f "$file" git add "$file" && git commit -m "test commit" &>/dev/null diff --git a/tests/jinja.bats b/tests/jinja.bats index 0166a66..1e06118 100644 --- a/tests/jinja.bats +++ b/tests/jinja.bats @@ -8,9 +8,8 @@ prepare_repository file="./shared/macros/10-bash.jinja" sed -i "/macro bash_sshd_config_set/a echo 1" "$file" regex_check_1="build_product" - regex_check_2="test_suite.py rule.*sshd_use_strong_macs" - regex_check_3="test_suite.py rule.*sshd_set_idle_timeout" - regex_check_4="test_suite.py rule.*sshd_use_priv_separation" + regex_check_2="test_suite.py rule.*sshd_set_" + regex_check_3="test_suite.py rule.*sshd_use_" git add "$file" && git commit -m "test commit" &>/dev/null diff --git a/tests/json_ansible.bats b/tests/json_ansible.bats index 437c45f..7f81d7c 100644 --- a/tests/json_ansible.bats +++ b/tests/json_ansible.bats @@ -5,7 +5,7 @@ prepare_repository @test "Add comment line" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" sed -i "\$a# comment" "$file" git add "$file" && git commit -m "test commit" &>/dev/null @@ -21,7 +21,7 @@ prepare_repository } @test "Change metadata" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" sed -i 's/# reboot = false/# reboot = true/' "$file" regex_check="build_product " @@ -38,8 +38,8 @@ prepare_repository } @test "Change name" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" - sed -i 's/- name: Disable.*/- name: some name/' "$file" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" + sed -i 's/- name: .*/- name: some name/' "$file" git add "$file" && git commit -m "test commit" &>/dev/null @@ -54,9 +54,9 @@ prepare_repository } @test "Change remediation part" { - file="./linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml" - sed -i 's;path: .*;path: /some/path/;' "$file" - regex_check='{.*"rules": \["disable_prelink"\].*"bash": "False".*"ansible": "True"}' + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" + sed -i 's/command: .*/command: ls/' "$file" + regex_check='{.*"rules": \["rpm_verify_permissions"\].*"bash": "False".*"ansible": "True"}' git add "$file" && git commit -m "test commit" &>/dev/null @@ -88,7 +88,7 @@ prepare_repository } @test "Remove ansible remediation" { - file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml" rm -f "$file" git add "$file" && git commit -m "test commit" &>/dev/null diff --git a/tests/json_bash.bats b/tests/json_bash.bats index 4edcc6e..43bb5ae 100644 --- a/tests/json_bash.bats +++ b/tests/json_bash.bats @@ -5,7 +5,7 @@ prepare_repository @test "Add comment line" { - file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh" sed -i "\$a# comment" "$file" git add "$file" && git commit -m "test commit" &>/dev/null @@ -38,9 +38,9 @@ prepare_repository } @test "Change remediation" { - file="./linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh" - sed -i "s/chmod 600/chmod 744/" "$file" - regex_check='{.*"rules": \["sssd_run_as_sssd_user"\].*"bash": "True".*"ansible": "False"}' + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh" + sed -i "s/rpm//" "$file" + regex_check='{.*"rules": \["rpm_verify_permissions"\].*"bash": "True".*"ansible": "False"}' git add "$file" && git commit -m "test commit" &>/dev/null @@ -73,7 +73,7 @@ prepare_repository @test "Remove bash remediation" { - file="./linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh" + file="./linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh" rm -f "$file" git add "$file" && git commit -m "test commit" &>/dev/null diff --git a/tests/json_jinja.bats b/tests/json_jinja.bats index 20a4421..18000af 100644 --- a/tests/json_jinja.bats +++ b/tests/json_jinja.bats @@ -7,10 +7,8 @@ prepare_repository @test "Change sshd macro" { file="./shared/macros/10-bash.jinja" sed -i "/macro bash_sshd_config_set/a echo 1" "$file" - regex_check_1='{.*"rules": \[.*"sshd_use_strong_ciphers".*\].*"bash": "True".*"ansible": "False".*}' - regex_check_2='{.*"rules": \[.*"sshd_use_strong_macs".*\].*"bash": "True".*"ansible": "False".*}' - regex_check_3='{.*"rules": \[.*"sshd_set_keepalive".*\].*"bash": "True".*"ansible": "False".*}' - regex_check_4='{.*"rules": \[.*"sshd_set_idle_timeout".*\].*"bash": "True".*"ansible": "False".*}' + regex_check_1='{.*"rules": \[.*"sshd_use_.*".*\].*"bash": "True".*"ansible": "False".*}' + regex_check_2='{.*"rules": \[.*"sshd_set_.*".*\].*"bash": "True".*"ansible": "False".*}' git add "$file" && git commit -m "test commit" &>/dev/null