-
Notifications
You must be signed in to change notification settings - Fork 385
/
Copy pathtest_common.sh.in
executable file
·389 lines (332 loc) · 9.38 KB
/
test_common.sh.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
#!/usr/bin/env bash
# Copyright 2009 Red Hat Inc., Durham, North Carolina.
# All Rights Reserved.
#
# OpenScap Testing Helpers.
#
# Authors:
# Ondrej Moris <[email protected]>
# Normalized path.
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
PREFERRED_PYTHON=@PREFERRED_PYTHON_PATH@
# Some of the tests rely on the "C" locale and would fail with some locales.
LC_ALL=C
export LC_ALL
MALLOC_CHECK_=3
export MALLOC_CHECK_
OSCAP_FULL_VALIDATION=1
export OSCAP_FULL_VALIDATION
if [ -z ${CUSTOM_OSCAP+x} ] ; then
export OSCAP_EXEC="@CMAKE_BINARY_DIR@/utils/oscap"
export RUN_WRAPPER="@CMAKE_BINARY_DIR@/run"
enable_valgrind="@ENABLE_VALGRIND@"
if [ $enable_valgrind != "OFF" ] ; then
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP="@CMAKE_SOURCE_DIR@/tests/valgrind_test.sh"
else
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP="bash $RUN_WRAPPER $OSCAP_EXEC"
fi
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP_CHROOTABLE_EXEC="@CMAKE_BINARY_DIR@/utils/oscap-chrootable"
[ -z "@CMAKE_BINARY_DIR@" ] || export OSCAP_CHROOTABLE="bash @CMAKE_BINARY_DIR@/run $OSCAP_CHROOTABLE_EXEC"
else
export OSCAP=${CUSTOM_OSCAP}
fi
export XMLDIFF="@CMAKE_SOURCE_DIR@/tests/xmldiff.pl"
if ! XPATH_ORIG=`command -v xpath 2>&1`; then
echo "I require xpath tool but it's not installed. Aborting." >&2
exit 1
fi
xpath_variant=$(perl -MXML::XPath -e 'print $XML::XPath::VERSION >= 1.34 ? "need_wrapper" : "standard"')
if [ "$xpath_variant" == "need_wrapper" ];
then
export XPATH_ORIG
xpath_wrapper() {
if [ "$#" == "1" ]; then
# read file from stdin
xpath_expr="$1"
"$XPATH_ORIG" -e "$xpath_expr"
elif [ "$#" == "2" ]; then
file="$1"
xpath_expr="$2"
"$XPATH_ORIG" -e "$xpath_expr" "$file"
else
echo "Parameters are not supported by xpath wrapper" >&2
exit 1
fi
}
export -f xpath_wrapper
export XPATH=xpath_wrapper
else
export XPATH="$XPATH_ORIG"
fi
# Overall test result.
result=0
# Set-up testing environment.
function test_init {
:
}
# Execute test and report its results.
function test_run {
printf "+ %-60s\n" "$1";
echo -e "TEST: $1" >&2;
shift
( exec 1>&2 ; eval "$@" )
ret_val=$?
if [ $ret_val -eq 0 ]; then
echo -e "RESULT: PASSED\n" >&2
return 0;
elif [ $ret_val -eq 1 ]; then
result=$(($result + $ret_val))
echo -e "RESULT: FAILED\n" >&2
return 1;
elif [ $ret_val -eq 255 ]; then
echo -e "RESULT: SKIPPED\n" >&2
return 0;
else
result=$(($result + $ret_val))
echo -e "RESULT: WARNING (unknown exist status $ret_val)\n" >&2
return 1;
fi
}
# Clean-up testing environment.
function test_exit {
if [ $# -eq 1 ]
then
( exec 1>&2 ; eval "$@" )
fi
[ $result -eq 0 ] && exit 0
exit 1
}
# Check if requirements are in a path, use it as follows:
# require 'program' || return 255
function require {
eval "which $1 > /dev/null 2>&1"
if [ ! $? -eq 0 ]; then
echo -e "No '$1' found in $PATH!\n"
return 1; # Test is not applicable.
fi
return 0
}
# Check if Python module is available. For example:
# require_python_module 'dbusmock' || return 255
function require_python_module {
eval "python3 -c \"import $1\" >/dev/null 2>&1"
if [ $? -gt 0 ]; then
echo -e "No '$1' Python module found!\n"
return 255 # Test is not applicable.
fi
}
# Check if D-Bus service is present. Arguments are:
# Args:
# $1: 'system' or 'session' keyword
# $2: Bus name (e.g. 'org.domain.foo')
# $3: Object (e.g. '/')
# require_dbus 'system' 'org.freedesktop.fwupd' '/' || return 255
function require_dbus {
require "gdbus" || return 255
eval "gdbus introspect --$1 -d $2 -o $3 >/dev/null 2>&1"
if [ $? -gt 0 ]; then
echo -e "No '$2' ($1) D-Bus bus found!\n"
return 255 # Test is not applicable.
fi
}
# Check if probe exists, use it as follows:
# probecheck 'probe' || return 255
function probecheck {
if ! $OSCAP --version | grep "\<"$1"\>" >/dev/null ; then
echo -e "Probe $1 does not exist!\n"
return 255 # Test is not applicable.
fi
return 0
}
# Check for package names and return a version number
function package_version {
# loop through multiple potential package names
# return first version number found
for package in $@; do
ver=""
# check rpm for package version first
if [ -f "/usr/bin/rpm" ]; then
ver=$(rpm -q $package --qf="%{version}" 2> /dev/null)
# rpm returns error messages on stdout, check return code
if [ ! "$?" -eq "0" ]; then
ver=""
fi
fi
# fall back to dpkg for debian systems
if [ "${ver}" == "" ] && [ -f "/usr/bin/dpkg-query" ]; then
# for Debian-based systems, return the upstream version
ver="$(dpkg-query -f '${source:Upstream-Version}' -W $package 2> /dev/null)"
fi
# return the first match found
if [ "${ver}" != "" ]; then
echo "${ver}"
return 0
fi
done
# package not found
if [ "${ver}" == "" ]; then
return 255
fi
}
function require_internet {
[ -s /etc/resolv.conf ] || return 255
}
function require_non_chroot {
awk 'BEGIN{exit_code=1} $2 == "/" {exit_code=0} END{exit exit_code}' /proc/mounts || return 255
}
function verify_results {
require "grep" || return 255
local ret_val=0;
local TYPE="$1"
local CONTENT="$2"
local RESULTS="$3"
local COUNT="$4"
local FULLTYPE="definition"
[ $TYPE == "tst" ] && FULLTYPE="test"
ID=1
while [ $ID -le $COUNT ]; do
CON_ITEM=`grep "id=\"oval:[[:digit:]]\+:${TYPE}:${ID}\"" $CONTENT`
RES_ITEM=`grep "${FULLTYPE}_id=\"oval:[[:digit:]]\+:${TYPE}:${ID}\"" $RESULTS`
OVAL_ID=`echo ${CON_ITEM} | grep -o "oval:[[:digit:]]\+:${TYPE}:${ID}"`
if (echo $RES_ITEM | grep "result=\"true\"") >/dev/null; then
RES="TRUE"
elif (echo $RES_ITEM | grep "result=\"false\"" >/dev/null); then
RES="FALSE"
else
RES="ERROR"
fi
if (echo $CON_ITEM | grep "comment=\"true\"" >/dev/null); then
CMT="TRUE"
elif (echo $CON_ITEM | grep "comment=\"false\"" >/dev/null); then
CMT="FALSE"
else
CMT="ERROR"
fi
if [ ! $RES = $CMT ]; then
echo "Result of ${OVAL_ID} should be ${CMT} and is ${RES}"
ret_val=$(($ret_val + 1))
fi
ID=$(($ID+1))
done
return $([ $ret_val -eq 0 ])
}
assert_exists() {
real_cnt="$($XPATH $result 'count('"$2"')' 2>/dev/null)"
if [ "$real_cnt" != "$1" ]; then
echo "Failed: expected count: $1, real count: $real_cnt, xpath: '$2'"
return 1
fi
}
# $1: The chroot directory
set_chroot_offline_test_mode() {
if test -n "$_OSCAP_BEFORE"; then
echo "Already in offline test mode!" >&2
return
fi
if test -x "$OSCAP_CHROOTABLE_EXEC"; then
if ! getcap "$OSCAP_CHROOTABLE_EXEC" | grep -q -P 'cap_sys_chroot[=+]+ep'; then
echo "Skipping test '${FUNCNAME[1]}' as '$OSCAP_CHROOTABLE_EXEC' doesn't have the chroot capability." >&2
return 255
fi
_OSCAP_BEFORE="$OSCAP"
OSCAP="$OSCAP_CHROOTABLE"
elif test $(id -u) -eq 0; then
: # Running offline tests as root is acceptable too
else
echo "Skipping test '${FUNCNAME[1]}' as '$OSCAP_CHROOTABLE_EXEC' oscap which is supposed to have chroot capability doesn't exist." >&2
return 255
fi
set_offline_chroot_dir "$1"
return 0
}
# $1: The chroot directory. If empty, unset the OSCAP_PROBE_ROOT variable
set_offline_chroot_dir() {
if test -n "$1"; then
export OSCAP_PROBE_ROOT="$1"
else
unset OSCAP_PROBE_ROOT
fi
}
unset_chroot_offline_test_mode() {
if test -n "$_OSCAP_BEFORE"; then
OSCAP="$_OSCAP_BEFORE"
_OSCAP_BEFORE=
fi
set_offline_chroot_dir ""
}
# Wrapper functions to deal with differences across platforms
make_temp_dir() {
PARENT_DIR=${1}
TEMP_NAME=${2}
[ -z "$PARENT_DIR" ] && PARENT_DIR=$(pwd)
[ -z "$TEMP_NAME" ] && TEMP_NAME="tmp"
TEMP_NAME="${TEMP_NAME}.XXXXXX"
case $(uname) in
FreeBSD)
mktemp -d ${PARENT_DIR}/${TEMP_NAME}
;;
*)
mktemp -d -p ${PARENT_DIR} -t ${TEMP_NAME}
;;
esac
}
make_temp_file() {
PARENT_DIR=${1}
TEMP_NAME=${2}
[ -z "$PARENT_DIR" ] && PARENT_DIR=$(pwd)
[ -z "$TEMP_NAME" ] && TEMP_NAME="tmp"
TEMP_NAME="${TEMP_NAME}.XXXXXX"
case $(uname) in
FreeBSD)
mktemp ${PARENT_DIR}/${TEMP_NAME}
;;
*)
mktemp -p ${PARENT_DIR} -t ${TEMP_NAME}
;;
esac
}
xsed() {
case $(uname) in
FreeBSD)
gsed "$@"
;;
*)
sed "$@"
;;
esac
}
# Args:
# $1: The text string to print to stderr
# $2: The return code (optional, default is 1)
log_and_fail() {
printf '%s' "$1" >&2
return ${2:-1}
}
# Args: Same as with log_and_fail
die() {
log_and_fail "$1" "$2"
exit $?
}
# See https://github.com/martinpitt/python-dbusmock
# Args:
# $1: The name of the mock template file without extension.
init_dbus_mock() {
require_python_module "dbusmock" || return 255
require "gdbus" || return 255
printf "%s\n" "Initializing D-Bus mock from template: $1.py"
python3 -m dbusmock --template "${srcdir}/$1.py" &
# We have to replace system bus address because mock D-Bus
# endpoint is created inside the user session
export DBUS_SYSTEM_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS
}
# Args:
# $1: The name of the mock service bus
clean_dbus_mock() {
require "gdbus" || return 255
printf "%s\n" "Shutting down D-Bus mock: $1"
gdbus call --session -d "$1" -o / -m "$1.Exit" >/dev/null 2>&1 || true
export DBUS_SYSTEM_BUS_ADDRESS=
}
export -f assert_exists
export OPENSCAP_ENABLE_MD5="@OPENSCAP_ENABLE_MD5@"
export OPENSCAP_ENABLE_SHA1="@OPENSCAP_ENABLE_SHA1@"