-
Notifications
You must be signed in to change notification settings - Fork 375
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
115 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_org.openscap.www_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.3" xsi:schemaLocation="http://scap.nist.gov/schema/scap/source/1.2 https://scap.nist.gov/schema/scap/1.3/scap-source-data-stream_1.3.xsd"> | ||
| <ds:data-stream id="scap_org.openscap.www_datastream_simple" scap-version="1.3" use-case="OTHER"> | ||
| <ds:checklists> | ||
| <ds:component-ref id="scap_org.openscap.www_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.openscap.www_comp_test_single_rule.xccdf.xml"> | ||
| <cat:catalog> | ||
| <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.openscap.www_cref_test_single_rule.oval.xml"/> | ||
| </cat:catalog> | ||
| </ds:component-ref> | ||
| </ds:checklists> | ||
| <ds:checks> | ||
| <ds:component-ref id="scap_org.openscap.www_cref_test_single_rule.oval.xml" xlink:href="#scap_org.openscap.www_comp_test_single_rule.oval.xml"/> | ||
| </ds:checks> | ||
| </ds:data-stream> | ||
| <ds:component id="scap_org.openscap.www_comp_test_single_rule.oval.xml" timestamp="2021-02-01T08:07:06+01:00"> | ||
| <oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd"> | ||
| <generator> | ||
| <oval:schema_version>5.11.2</oval:schema_version> | ||
| <oval:timestamp>2021-02-01T08:07:06+01:00</oval:timestamp> | ||
| </generator> | ||
| <definitions> | ||
| <definition class="compliance" id="oval:org.openscap.www:def:1" version="1"> | ||
| <metadata> | ||
| <title>PASS</title> | ||
| <description>pass</description> | ||
| </metadata> | ||
| <criteria> | ||
| <criterion comment="PASS test" test_ref="oval:org.openscap.www:tst:1"/> | ||
| </criteria> | ||
| </definition> | ||
| </definitions> | ||
| <tests> | ||
| <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:org.openscap.www:tst:1" check="all" comment="always pass" version="1"> | ||
| <object object_ref="oval:org.openscap.www:obj:1"/> | ||
| </variable_test> | ||
| </tests> | ||
| <objects> | ||
| <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:org.openscap.www:obj:1" version="1" comment="x"> | ||
| <var_ref>oval:org.openscap.www:var:1</var_ref> | ||
| </variable_object> | ||
| </objects> | ||
| <variables> | ||
| <constant_variable id="oval:org.openscap.www:var:1" version="1" comment="x" datatype="int"> | ||
| <value>100</value> | ||
| </constant_variable> | ||
| </variables> | ||
| </oval_definitions> | ||
| </ds:component> | ||
| <ds:component id="scap_org.openscap.www_comp_test_single_rule.xccdf.xml" timestamp="2021-02-01T08:07:06+01:00"> | ||
| <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_org.openscap.www_benchmark_test"> | ||
| <status>accepted</status> | ||
| <version>1.0</version> | ||
| <Profile id="xccdf_org.openscap.www_profile_common"> | ||
| <title>Common hardening profile</title> | ||
| <description>This is a very cool profile</description> | ||
| <select idref="xccdf_org.openscap.www_rule_1" selected="true"/> | ||
| <select idref="xccdf_org.openscap.www_rule_2" selected="true"/> | ||
| <select idref="xccdf_org.openscap.www_rule_3" selected="true"/> | ||
| <select idref="xccdf_org.openscap.www_rule_4" selected="true"/> | ||
| </Profile> | ||
| <Rule selected="false" id="xccdf_org.openscap.www_rule_1"> | ||
| <title>Rule 1: Install rsyslog package</title> | ||
| <fix system="urn:xccdf:fix:script:bootc"> | ||
| package install rsyslog | ||
| </fix> | ||
| </Rule> | ||
| <Rule selected="false" id="xccdf_org.openscap.www_rule_2"> | ||
| <title>Rule 2: Remove USBGuard</title> | ||
| <fix system="urn:xccdf:fix:script:bootc"> | ||
| package remove usbguard | ||
| </fix> | ||
| </Rule> | ||
| <Rule selected="false" id="xccdf_org.openscap.www_rule_3"> | ||
| <title>Rule 3: Install reboot package</title> | ||
| <fix system="urn:xccdf:fix:script:bootc"> | ||
| package install reboot | ||
| </fix> | ||
| </Rule> | ||
| <Rule selected="false" id="xccdf_org.openscap.www_rule_4"> | ||
| <title>Rule 4: Install podman package</title> | ||
| <fix system="urn:xccdf:fix:script:bootc"> | ||
| package install podman | ||
| </fix> | ||
| </Rule> | ||
| </Benchmark> | ||
| </ds:component> | ||
| </ds:data-stream-collection> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| #!/usr/bin/env bash | ||
| . $builddir/tests/test_common.sh | ||
|
|
||
| set -e | ||
| set -o pipefail | ||
|
|
||
| name=$(basename $0 .sh) | ||
| result=$(mktemp) | ||
| stderr=$(mktemp) | ||
|
|
||
| echo "Result file = $result" | ||
| echo "Stderr file = $stderr" | ||
|
|
||
| $OSCAP xccdf generate fix --fix-type bootc --profile common "$srcdir/test_remediation_bootc.ds.xml" > "$result" 2> "$stderr" | ||
| [ -e $stderr ] | ||
|
|
||
| diff -u "$srcdir/test_remediation_bootc_expected_output.sh" "$result" | ||
|
|
||
| rm -rf "$stdout" "$stderr" "$result" |
8 changes: 8 additions & 0 deletions
8
tests/API/XCCDF/unittests/test_remediation_bootc_expected_output.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| #!/bin/bash | ||
| dnf -y install \ | ||
| rsyslog \ | ||
| reboot \ | ||
| podman | ||
|
|
||
| dnf -y remove \ | ||
| usbguard |