def setUp(self, *args, **kwargs):
super(NfsExportsTests, self).setUp(*args, **kwargs)
if not NfsExportsTests.results:
parser = config_file.NfsExportsParser()
host_data = self.SetKnowledgeBase()
with open(self.TestDataPath("exports"), "rb") as export_fd:
parsed = list(parser.Parse(None, export_fd, None))
host_data["NfsExportsFile"] = self.SetArtifactData(parsed=parsed)
NfsExportsTests.results = self.RunChecks(host_data)
def testNfsExportsCheck(self):
"""Ensure NFS export checks work as expected."""
check_id = "CCE-4350-5"
self.LoadCheck("nfs.yaml")
host_data = self.SetKnowledgeBase()
parser = config_file.NfsExportsParser()
with open(self.TestDataPath("exports")) as export_fd:
parsed = list(parser.Parse(None, export_fd, None))
host_data["NfsExportsFile"] = self.SetArtifactData(parsed=parsed)
results = self.RunChecks(host_data)
exp = "Found: Default r/w NFS exports are too permissive."
found = [
"/path/to/foo: defaults:rw,sync hosts:host1,host2 options:ro",
("/path/to/bar: defaults:rw hosts:*.example.org,192.168.1.0/24 "
"options:all_squash,ro")
]
self.assertCheckDetectedAnom(check_id, results, exp, found)
def testParseNfsExportFile(self):
test_data = r"""
/path/to/foo -rw,sync host1(ro) host2
/path/to/bar *.example.org(all_squash,ro) \
192.168.1.0/24 (rw) # Mistake here - space makes this default.
"""
exports = StringIO.StringIO(test_data)
parser = config_file.NfsExportsParser()
results = list(parser.Parse(None, exports, None))
self.assertEqual("/path/to/foo", results[0].share)
self.assertItemsEqual(["rw", "sync"], results[0].defaults)
self.assertEqual("host1", results[0].clients[0].host)
self.assertItemsEqual(["ro"], results[0].clients[0].options)
self.assertEqual("host2", results[0].clients[1].host)
self.assertItemsEqual([], results[0].clients[1].options)
self.assertEqual("/path/to/bar", results[1].share)
self.assertItemsEqual(["rw"], results[1].defaults)
self.assertEqual("*.example.org", results[1].clients[0].host)
self.assertItemsEqual(["all_squash", "ro"], results[1].clients[0].options)
self.assertEqual("192.168.1.0/24", results[1].clients[1].host)
self.assertItemsEqual([], results[1].clients[1].options)
def testNfsExportsCheck(self):
"""Ensure NFS export checks work as expected."""
self.LoadCheck("nfs.yaml")
# Create some host_data..
host_data = {}
self.SetKnowledgeBase("test.example.com", "Linux", host_data)
parser = config_file.NfsExportsParser()
with open(self.TestDataPath("exports")) as export_fd:
host_data["NfsExportsFile"] = list(parser.Parse(None, export_fd, None))
results = self.RunChecks(host_data)
anom = rdfvalue.Anomaly(
explanation="Found: Default r/w NFS exports are too permissive.",
finding=["/path/to/foo: defaults:rw,sync hosts:host1,host2 options:ro",
("/path/to/bar: defaults:rw "
"hosts:*.example.org,192.168.1.0/24 "
"options:all_squash,ro")],
type="ANALYSIS_ANOMALY")
expected = rdfvalue.CheckResult(check_id="CCE-4350-5", anomaly=anom)
self.assertResultEqual(expected, results["CCE-4350-5"])