tests.ssg_test_suite package

tests.ssg_test_suite.combined module

class tests.ssg_test_suite.combined.CombinedChecker(test_env)

Bases: RuleChecker

Combined mode works like pretty much like the Rule mode - for every rule selected in a profile:

• Alter the system.

• Run the scan, check that the result meets expectations. If the test scenario passed as requested, return True, if it failed or passed unexpectedly, return False.

The following sequence applies if the initial scan has failed as expected:

• If there are no remediations, return True.

• Run remediation, return False if it failed.

• Return result of the final scan of remediated system.

If a rule doesn’t have any test scenario, it is skipped. Skipped rules are reported at the end.

test_rule(state, rule, scenarios)

tests.ssg_test_suite.combined.perform_combined_check(options)

tests.ssg_test_suite.common module

class tests.ssg_test_suite.common.RuleResult(result_dict=None)

Bases: object

STAGE_STRINGS = {'final_scan', 'initial_scan', 'preparation', 'remediation'}

Result of a test suite testing rule under a scenario.

Supports ordering by success - the most successful run orders first.

load_from_dict(data)

record_stage_result(stage, successful)

relative_conditions_to(other)

save_to_dict()

class tests.ssg_test_suite.common.Scenario_conditions(backend, scanning_mode, remediated_by, datastream)

Bases: tuple

backend

Alias for field number 0

datastream

Alias for field number 3

remediated_by

Alias for field number 2

scanning_mode

Alias for field number 1

class tests.ssg_test_suite.common.Scenario_run(rule_id, script)

Bases: tuple

rule_id

Alias for field number 0

script

Alias for field number 1

class tests.ssg_test_suite.common.Stage

Bases: object

FINAL_SCAN = 4

INITIAL_SCAN = 2

NONE = 0

PREPARATION = 1

REMEDIATION = 3

tests.ssg_test_suite.common.cpe_to_platform(cpe)

tests.ssg_test_suite.common.cpes_to_platform(cpes)

tests.ssg_test_suite.common.create_tarball(test_content_by_rule_id)

Create a tarball which contains all test scenarios and additional content for every rule that is selected to be tested. The tarball contains directories with the test scenarios. The name of the directories is the same as short rule ID. There is no tree structure.

tests.ssg_test_suite.common.fetch_all_templated_tests_paths(rule_template)

Builds a dictionary of a test case relative path -> test case absolute path mapping.

Here, we want to know what the relative path on disk (under the tests/ subdirectory) is (such as “installed.pass.sh”), along with the actual absolute path.

tests.ssg_test_suite.common.fetch_local_tests_paths(tests_dir)

tests.ssg_test_suite.common.fetch_templated_tests_paths(rule_namedtuple, product_yaml)

tests.ssg_test_suite.common.file_known_as_useless(file_name)

tests.ssg_test_suite.common.get_cpe_of_tested_os(test_env, log_file)

tests.ssg_test_suite.common.get_prefixed_name(state_name)

tests.ssg_test_suite.common.get_product_context(product_id=None)

Returns a product YAML context if any product is specified. Hard-coded to assume a debug build.

tests.ssg_test_suite.common.get_test_dir_config(test_dir, product_yaml)

tests.ssg_test_suite.common.install_packages(test_env, packages)

tests.ssg_test_suite.common.load_local_tests(local_tests_paths, local_env_yaml)

tests.ssg_test_suite.common.load_rule_and_env(rule_dir_path, env_yaml, product=None)

Loads a rule and returns the combination of the RuleYAML class and the corresponding local environment for that rule.

tests.ssg_test_suite.common.load_templated_tests(templated_tests_paths, template, local_env_yaml)

tests.ssg_test_suite.common.load_test(absolute_path, rule_template, local_env_yaml)

tests.ssg_test_suite.common.retry_with_stdout_logging(command, args, log_file, max_attempts=5)

tests.ssg_test_suite.common.run_cmd_local(command, verbose_path, env=None)

tests.ssg_test_suite.common.run_with_stdout_logging(command, args, log_file)

tests.ssg_test_suite.common.select_templated_tests(test_dir_config, available_scenarios_basenames)

tests.ssg_test_suite.common.send_scripts(test_env, test_content_by_rule_id)

tests.ssg_test_suite.common.walk_through_benchmark_dirs(product=None)

tests.ssg_test_suite.common.write_rule_test_content_to_dir(rule_dir, test_content)

tests.ssg_test_suite.log module

class tests.ssg_test_suite.log.LogHelper

Bases: object

Provide focal point for logging. LOG_DIR is useful when output of script is saved into file. Log preloading is a way to log outcome before the output itself.

FORMATTER = <logging.Formatter object>

INTERMEDIATE_LOGS = {'fail': [], 'notapplicable': [], 'pass': []}

LOG_DIR = None

LOG_FILE = None

classmethod add_console_logger(logger, level)

Convenience function to set defaults for console logger

classmethod add_logging_dir(logger, _dirname)

Convenience function to set default logging into file.

Also sets LOG_DIR and LOG_FILE

static find_name(original_path, suffix='')

Find file name which is still not present in given directory

Returns path – original_path + number + suffix

classmethod log_preloaded(log_target)

Log messages preloaded in one of the named buffers. Wipe out all buffers afterwards.

classmethod preload_log(log_level, log_line, log_target=None)

Save log for later use. Fill named buffer `log_target`with the log line for later use.

Special case: If log_target is default, i.e. None, all buffers will be filled with the same log line.

tests.ssg_test_suite.oscap module

class tests.ssg_test_suite.oscap.AnsibleProfileRunner(environment, profile, datastream, benchmark_id)

Bases: ProfileRunner

initial()

remediation()

class tests.ssg_test_suite.oscap.AnsibleRuleRunner(environment, profile, datastream, benchmark_id, rule_id, script_name, dont_clean, no_reports, manual_debug)

Bases: RuleRunner

initial()

remediation()

class tests.ssg_test_suite.oscap.BashProfileRunner(environment, profile, datastream, benchmark_id)

Bases: ProfileRunner

initial()

remediation()

class tests.ssg_test_suite.oscap.BashRuleRunner(environment, profile, datastream, benchmark_id, rule_id, script_name, dont_clean, no_reports, manual_debug)

Bases: RuleRunner

initial()

remediation()

class tests.ssg_test_suite.oscap.Checker(test_env)

Bases: object

finalize()

run_test_for_all_profiles(profiles, test_data=None)

start()

test_target()

class tests.ssg_test_suite.oscap.GenericRunner(environment, profile, datastream, benchmark_id)

Bases: object

analyze(stage)

final()

property get_command

initial()

make_oscap_call()

prepare_online_scanning_arguments()

remediation()

run_stage(stage)

class tests.ssg_test_suite.oscap.OscapProfileRunner(environment, profile, datastream, benchmark_id)

Bases: ProfileRunner

remediation()

class tests.ssg_test_suite.oscap.OscapRuleRunner(environment, profile, datastream, benchmark_id, rule_id, script_name, dont_clean, no_reports, manual_debug)

Bases: RuleRunner

final()

There is no need to run final scan again - result won’t be different to what we already have in remediation step.

remediation()

class tests.ssg_test_suite.oscap.ProfileRunner(environment, profile, datastream, benchmark_id)

Bases: GenericRunner

final()

make_oscap_call()

class tests.ssg_test_suite.oscap.RuleRunner(environment, profile, datastream, benchmark_id, rule_id, script_name, dont_clean, no_reports, manual_debug)

Bases: GenericRunner

final()

make_oscap_call()

run_stage_with_context(stage, context)

tests.ssg_test_suite.oscap.analysis_to_serializable(analysis)

tests.ssg_test_suite.oscap.find_result_id_in_output(output)

tests.ssg_test_suite.oscap.generate_fixes_remotely(test_env, formatting, verbose_path)

tests.ssg_test_suite.oscap.get_file_remote(test_env, verbose_path, local_dir, remote_path)

Download a file from VM.

tests.ssg_test_suite.oscap.get_result_id_from_arf(arf_path, verbose_path)

tests.ssg_test_suite.oscap.is_virtual_oscap_profile(profile)

Test if the profile belongs to the so called category virtual from OpenSCAP available profiles. It can be (all) or other id we might come up in the future, it just needs to be encapsulated with parenthesis for example “(custom_profile)”.

tests.ssg_test_suite.oscap.process_profile_id(profile)

tests.ssg_test_suite.oscap.run_stage_remediation_ansible(run_type, test_env, formatting, verbose_path)

Returns False on error, or True in case of successful Ansible playbook run.

tests.ssg_test_suite.oscap.run_stage_remediation_bash(run_type, test_env, formatting, verbose_path)

Returns False on error, or True in case of successful bash scripts run.

tests.ssg_test_suite.oscap.save_analysis_to_json(analysis, output_fname)

tests.ssg_test_suite.oscap.send_arf_to_remote_machine_and_generate_remediations_there(run_type, test_env, formatting, verbose_path)

tests.ssg_test_suite.oscap.single_quote_string(input)

tests.ssg_test_suite.oscap.triage_xml_results(fname)

tests.ssg_test_suite.profile module

class tests.ssg_test_suite.profile.ProfileChecker(test_env)

Bases: Checker

Iterate over profiles in data stream and perform scanning of unaltered system using every profile according to input. Also perform remediation run. Return value not defined, textual output and generated reports is the result.

tests.ssg_test_suite.profile.perform_profile_check(options)

tests.ssg_test_suite.rule module

class tests.ssg_test_suite.rule.Rule(directory, id, short_id, template, local_env_yaml, rule)

Bases: tuple

directory

Alias for field number 0

id

Alias for field number 1

local_env_yaml

Alias for field number 4

rule

Alias for field number 5

short_id

Alias for field number 2

template

Alias for field number 3

class tests.ssg_test_suite.rule.RuleChecker(test_env)

Bases: Checker

Rule checks generally work like this - for every profile that supports that rule:

• Alter the system.

• Run the scan, check that the result meets expectations. If the test scenario passed as requested, return True, if it failed or passed unexpectedly, return False.

The following sequence applies if the initial scan has failed as expected:

• If there are no remediations, return True.

• Run remediation, return False if it failed.

• Return result of the final scan of remediated system.

copy_of_datastream(new_filename=None)

finalize()

test_rule(state, rule, scenarios)

class tests.ssg_test_suite.rule.RuleTestContent(scenarios, other_content)

Bases: tuple

other_content

Alias for field number 1

scenarios

Alias for field number 0

class tests.ssg_test_suite.rule.Scenario(script, script_contents)

Bases: object

matches_check(rule_checks)

matches_platform(product)

matches_regex(scenarios_regex)

matches_regex_and_check_and_platform(scenarios_regex, checks, product)

override_profile(scenarios_profile)

tests.ssg_test_suite.rule.generate_xslt_change_value_template(value_short_id, new_value)

tests.ssg_test_suite.rule.get_viable_profiles(selected_profiles, datastream, benchmark, script=None)

Read data stream, and return set intersection of profiles of given benchmark and those provided in selected_profiles parameter.

tests.ssg_test_suite.rule.perform_rule_check(options)

tests.ssg_test_suite.test_env module

class tests.ssg_test_suite.test_env.ContainerTestEnv(scanning_mode, image_name)

Bases: TestEnv

property current_container

property current_image

finalize()

Perform the environment cleanup and shut it down.

get_ip_address()

get_ssh_additional_options()

get_ssh_port()

image_stem2fqn(stem)

offline_scan(args, verbose_path)

reset_state_to(state_name, new_running_state_name)

run_container(image_name, container_name='running')

start()

Run the environment and ensure that the environment will not be permanently modified by subsequent procedures.

class tests.ssg_test_suite.test_env.DockerTestEnv(mode, image_name)

Bases: ContainerTestEnv

get_ip_address()

name = 'docker-based'

class tests.ssg_test_suite.test_env.PodmanTestEnv(scanning_mode, image_name)

Bases: ContainerTestEnv

extract_port_map(podman_network_data)

get_ip_address()

name = 'podman-based'

class tests.ssg_test_suite.test_env.SavedState(environment, name)

Bases: object

classmethod create_from_environment(environment, state_name)

map_on_top(function, args_list)

class tests.ssg_test_suite.test_env.TestEnv(scanning_mode)

Bases: object

arf_to_html(arf_filename)

check_sce_support()

execute_ssh_command(command, log_file, error_msg_template=None)

Args:

• command: Command to execute remotely as a single string

• log_file

• error_msg_template: A string that can contain references to:

  command, remote_dest, rc, and stderr

finalize()

Perform the environment cleanup and shut it down.

get_ip_address()

get_ssh_additional_options()

get_ssh_port()

offline_scan(args, verbose_path)

online_scan(args, verbose_path)

refresh_connection_parameters()

reset_state_to(state_name, new_running_state_name)

save_state(state_name)

scan(args, verbose_path)

scp_download_file(source, destination, log_file, error_msg=None)

scp_transfer_file(source, destination, log_file, error_msg=None)

scp_upload_file(source, destination, log_file, error_msg=None)

start()

Run the environment and ensure that the environment will not be permanently modified by subsequent procedures.

class tests.ssg_test_suite.test_env.VMTestEnv(mode, hypervisor, domain_name, keep_snapshots)

Bases: TestEnv

finalize()

Perform the environment cleanup and shut it down.

get_ip_address()

has_test_suite_prefix(snapshot_name)

name = 'libvirt-based'

offline_scan(args, verbose_path)

reboot()

reset_state_to(state_name, new_running_state_name)

snapshot_lookup(snapshot_name)

snapshots_cleanup()

start()

Run the environment and ensure that the environment will not be permanently modified by subsequent procedures.

tests.ssg_test_suite.virt module

class tests.ssg_test_suite.virt.SnapshotStack(domain)

Bases: object

CREATE_FLAGS = 128

REVERT_FLAGS = 4

SNAPSHOT_BASE = '<domainsnapshot>  <name>{name}</name>  <description>     Full snapshot by Automatus  </description></domainsnapshot>'

clear()

create(snapshot_name)

delete(snapshot=None)

revert(delete=True)

revert_forced(snapshot)

tests.ssg_test_suite.virt.connect_domain(hypervisor, domain_name)

tests.ssg_test_suite.virt.determine_ip(domain)

tests.ssg_test_suite.virt.reboot_domain(domain, domain_ip, ssh_port)

tests.ssg_test_suite.virt.start_domain(domain)

tests.ssg_test_suite.xml_operations module

tests.ssg_test_suite.xml_operations.add_platform_to_benchmark(root, cpe_regex)

tests.ssg_test_suite.xml_operations.benchmark_get_applicable_platforms(datastream, benchmark_id, logging=None)

Returns a set of CPEs the given benchmark is applicable to.

tests.ssg_test_suite.xml_operations.datastream_root(ds_location, save_location=None)

tests.ssg_test_suite.xml_operations.find_checks_in_rule(datastream, benchmark_id, rule_id)

Return check types for given rule from benchmark.

tests.ssg_test_suite.xml_operations.find_elements(root, element_spec=None)

tests.ssg_test_suite.xml_operations.find_fix_in_benchmark(datastream, benchmark_id, rule_id, fix_type='bash', logging=None)

Return fix from benchmark. None if not found.

tests.ssg_test_suite.xml_operations.find_rule_in_benchmark(datastream, benchmark_id, rule_id, logging=None)

Returns rule node from the given benchmark.

tests.ssg_test_suite.xml_operations.get_all_profiles_in_benchmark(datastream, benchmark_id, logging=None)

tests.ssg_test_suite.xml_operations.get_all_rule_ids_in_profile(datastream, benchmark_id, profile_id, logging=None)

tests.ssg_test_suite.xml_operations.get_all_rule_selections_in_profile(datastream, benchmark_id, profile_id, logging=None)

tests.ssg_test_suite.xml_operations.get_all_rules_in_benchmark(datastream, benchmark_id, logging=None)

Returns all rule IDs in the given benchmark.

tests.ssg_test_suite.xml_operations.get_all_xccdf_ids_in_datastream(datastream)

tests.ssg_test_suite.xml_operations.get_oscap_supported_cpes()

Obtain a list of CPEs that the scanner supports

tests.ssg_test_suite.xml_operations.infer_benchmark_id_from_component_ref_id(datastream, ref_id)

tests.ssg_test_suite.xml_operations.instance_in_platforms(inst, platforms)

tests.ssg_test_suite.xml_operations.make_applicable_in_containers(root)

tests.ssg_test_suite.xml_operations.remove_ansible_machine_remediation_condition(root)

tests.ssg_test_suite.xml_operations.remove_bash_machine_remediation_condition(root)

tests.ssg_test_suite.xml_operations.remove_fips_certified(root)

tests.ssg_test_suite.xml_operations.remove_machine_platform(root)

tests.ssg_test_suite.xml_operations.remove_machine_remediation_condition(root)

tests.ssg_test_suite.xml_operations.remove_ocp4_platforms(root)

tests.ssg_test_suite.xml_operations.remove_platforms(root)

tests.ssg_test_suite.xml_operations.remove_platforms_from_element(root, element_spec=None, platforms=None)

Module contents