Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate Automatus Metadata #12059

Merged
merged 8 commits into from
Jun 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash
# platfrom = multi_platfrom_ubuntu
# platform = multi_platform_ubuntu
# packages = libpam-pkcs11

if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# package = ufw
# packages = ufw

systemctl enable --now ufw
ufw allow ssh
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# package = ufw
# packages = ufw
# remediation = none

systemctl enable --now ufw
Expand Down
8 changes: 8 additions & 0 deletions tests/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -376,3 +376,11 @@ if(PYTHON_VERSION_MAJOR GREATER 2)
set_tests_properties("utils-build_control_from_reference_sanity" PROPERTIES FIXTURES_REQUIRED "rule-dir-json")
set_tests_properties("utils-build_control_from_reference_sanity" PROPERTIES DEPENDS "test-rule-dir-json")
endif()

if(PYTHON_VERSION_MAJOR GREATER 2 AND PYTHON_VERSION_MINOR GREATER 9)
add_test(
NAME "validate_automatus_metadata"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/validate_automatus_metadata.py" "--root" "${CMAKE_SOURCE_DIR}"
)
mypy_test("tests/validate_automatus_metadata.py" "normal")
endif()
66 changes: 66 additions & 0 deletions tests/validate_automatus_metadata.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/usr/bin/python3

import argparse
import os
import glob
import sys

SSG_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), ".."))
VALID_FIELDS = ['check', 'packages', 'platform', 'profiles', 'remediation', 'templates',
'variables']
VALID_STATES = ['pass', 'fail', 'notapplicable']


def _parse_args() -> argparse.Namespace:
parser = argparse.ArgumentParser()
parser.add_argument("-r", "--root", required=False, default=SSG_ROOT,
help="Root directory of the project")
return parser.parse_args()


def get_files(root: str):
result = glob.glob("linux_os/**/tests/*.sh", recursive=True, root_dir=root)
return result


def _test_filename_valid(test_file: str) -> bool:
filename = os.path.basename(test_file)
end_state = filename.split('.')
if len(end_state) == 3 and end_state[1] not in VALID_STATES:
print(f"Invalid expected state '{end_state[1]}' in {test_file}", file=sys.stderr)
return False
return True


def _has_invalid_param(root: str, test_file: str) -> bool:
full_path = os.path.join(root, test_file)
with open(full_path, "r") as f:
for line in f:
if not line.startswith("#"):
break
line = line.removeprefix('#')
line = line.strip()
parts = line.split('=')
if len(parts) != 2:
continue
param_name = parts[0].strip()
if param_name not in VALID_FIELDS:
print(f"Invalid field '{param_name}' in {test_file}", file=sys.stderr)
return False
return True


def main() -> int:
args = _parse_args()
test_files = get_files(args.root)
return_value = 0
for test_file in test_files:
if not _test_filename_valid(test_file):
return_value = 1
if not _has_invalid_param(args.root, test_file):
return_value = 1
return return_value


if __name__ == "__main__":
raise SystemExit(main())
Loading