def test_scan_worldwritable_files_owned_by_root(self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.walk.return_value = [
('/dir1', ('/dir1/subdir1', ),
('world_writable_owned_by_root',
'not_world_writable_owned_by_root')),
('/dir2', (), ()),
('/dir3', ('/dir3/subdir3', ),
('world_writable_not_owned_by_root', )),
]
test_subject.is_world_writable = MagicMock(
side_effect=[True, False, True])
test_subject.is_owned_by_root = MagicMock(side_effect=[True, False])
# Run test scenario
result = test_subject.scan_worldwritable_files_owned_by_root()
# Assertions
self.assertEqual(result, ['world_writable_owned_by_root'])
mock_os.walk.assert_called_once_with('/')
test_subject.is_world_writable.assert_has_calls([
call('world_writable_owned_by_root'),
call('not_world_writable_owned_by_root'),
call('world_writable_not_owned_by_root'),
])
test_subject.is_owned_by_root.assert_has_calls([
call('world_writable_owned_by_root'),
call('world_writable_not_owned_by_root'),
])
def test_scan_worldwritable_directories_with_no_sticky_bit_set(
self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.walk.return_value = [
('/world/writable/not/sticky', (), ()),
('/not/world/writable/not/sticky', (), ()),
('/world/writable/sticky', (), ()),
]
test_subject.is_world_writable = MagicMock(
side_effect=[True, False, True])
test_subject.is_sticky_bit_set = MagicMock(side_effect=[False, True])
# Run test scenario
result = test_subject.scan_worldwritable_directories_with_no_sticky_bit_set(
)
# Assertions
self.assertEqual(result, ['/world/writable/not/sticky'])
mock_os.walk.assert_called_once_with('/')
test_subject.is_world_writable.assert_has_calls([
call('/world/writable/not/sticky'),
call('/not/world/writable/not/sticky'),
call('/world/writable/sticky'),
])
test_subject.is_sticky_bit_set.assert_has_calls([
call('/world/writable/not/sticky'),
call('/world/writable/sticky'),
])
def test_scan_worldwritable_directories_with_no_sticky_bit_set(self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.walk.return_value = [
('/world/writable/not/sticky', (), ()),
('/not/world/writable/not/sticky', (), ()),
('/world/writable/sticky', (), ()),
]
test_subject.is_world_writable = MagicMock(side_effect=[True, False, True])
test_subject.is_sticky_bit_set = MagicMock(side_effect=[False, True])
# Run test scenario
result = test_subject.scan_worldwritable_directories_with_no_sticky_bit_set()
# Assertions
self.assertEqual(result, ['/world/writable/not/sticky'])
mock_os.walk.assert_called_once_with('/')
test_subject.is_world_writable.assert_has_calls(
[
call('/world/writable/not/sticky'),
call('/not/world/writable/not/sticky'),
call('/world/writable/sticky'),
]
)
test_subject.is_sticky_bit_set.assert_has_calls(
[
call('/world/writable/not/sticky'),
call('/world/writable/sticky'),
]
)
def test_scan_worldwritable_files_owned_by_root(self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.walk.return_value = [
('/dir1', ('/dir1/subdir1',), ('world_writable_owned_by_root', 'not_world_writable_owned_by_root')),
('/dir2', (), ()),
('/dir3', ('/dir3/subdir3',), ('world_writable_not_owned_by_root',)),
]
test_subject.is_world_writable = MagicMock(side_effect=[True, False, True])
test_subject.is_owned_by_root = MagicMock(side_effect=[True, False])
# Run test scenario
result = test_subject.scan_worldwritable_files_owned_by_root()
# Assertions
self.assertEqual(result, ['world_writable_owned_by_root'])
mock_os.walk.assert_called_once_with('/')
test_subject.is_world_writable.assert_has_calls(
[
call('world_writable_owned_by_root'),
call('not_world_writable_owned_by_root'),
call('world_writable_not_owned_by_root'),
]
)
test_subject.is_owned_by_root.assert_has_calls(
[
call('world_writable_owned_by_root'),
call('world_writable_not_owned_by_root'),
]
)
def test_get_scan_text_when_list_does_not_have_items(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
# Run test scenario
result = test_subject.get_scan_text('Check name', [])
# Assertions
self.assertEqual(result, 'Success: Check name')
def test_get_scan_text_when_list_has_items(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
# Run test scenario
result = test_subject.get_scan_text('Check name', ['file1', 'file2'])
# Assertions
self.assertEqual(result, 'Failure: Check name:\n\tfile1\n\tfile2')
def test_get_scan_text_when_list_does_not_have_items(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
# Run test scenario
result = test_subject.get_scan_text('Check name', [])
# Assertions
self.assertEqual(result, 'Success: Check name')
def test_get_scan_text_when_list_has_items(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
# Run test scenario
result = test_subject.get_scan_text('Check name', ['file1', 'file2'])
# Assertions
self.assertEqual(result, 'Failure: Check name:\n\tfile1\n\tfile2')
def test_is_starts_with_dot_when_empty_string(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
path = ''
# Run test scenario
result = test_subject.is_starts_with_dot(path)
# Assertions
self.assertFalse(result)
def test_is_starts_with_dot_when_empty_string(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
path = ''
# Run test scenario
result = test_subject.is_starts_with_dot(path)
# Assertions
self.assertFalse(result)
def test_is_starts_with_dot_when_does_not(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
path = '/does/not/start/with/dot'
# Run test scenario
result = test_subject.is_starts_with_dot(path)
# Assertions
self.assertFalse(result)
def test_is_starts_with_dot_when_does_not(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
path = '/does/not/start/with/dot'
# Run test scenario
result = test_subject.is_starts_with_dot(path)
# Assertions
self.assertFalse(result)
def test_is_owned_by_root_when_file_does_not_exist(self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.stat.side_effect = raise_file_not_found_error
path = '/does/not/actually/exist'
# Run test scenario
result = test_subject.is_owned_by_root(path)
# Assertions
self.assertFalse(result)
mock_os.stat.assert_called_once_with(path)
def test_is_owned_by_root_when_is(self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.stat.return_value = os.stat_result((0, 0, 0, 0, 0, 0, 0, 0, 0, 0))
path = '/does/not/actually/exist'
# Run test scenario
result = test_subject.is_owned_by_root(path)
# Assertions
self.assertTrue(result)
mock_os.stat.assert_called_once_with(path)
def test_is_owned_by_root_when_file_does_not_exist(self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.stat.side_effect = raise_file_not_found_error
path = '/does/not/actually/exist'
# Run test scenario
result = test_subject.is_owned_by_root(path)
# Assertions
self.assertFalse(result)
mock_os.stat.assert_called_once_with(path)
def test_is_owned_by_root_when_is(self, mock_os):
# Prepare data and mocks
test_subject = WorldWritable(None)
mock_os.stat.return_value = os.stat_result(
(0, 0, 0, 0, 0, 0, 0, 0, 0, 0))
path = '/does/not/actually/exist'
# Run test scenario
result = test_subject.is_owned_by_root(path)
# Assertions
self.assertTrue(result)
mock_os.stat.assert_called_once_with(path)
def main():
"""
Runs the program
"""
config = get_config()
scanners = []
if config['enabled']['openports']:
scanners.append(OpenPorts(config))
if config['enabled']['root']:
scanners.append(Root(config))
if config['enabled']['ssh']:
scanners.append(Ssh(config))
if config['enabled']['umask']:
scanners.append(Umask(config))
if config['enabled']['update']:
scanners.append(Update(config))
if config['enabled']['worldwritable']:
scanners.append(WorldWritable(config))
for scanner in scanners:
print('-' * 79)
print('Running:', scanner.__class__.__name__)
result = scanner.scan()
print('Status:', result[0])
print('Message:', result[1])
print()
def test_scan_when_success(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
test_subject.scan_worldwritable_files_starting_with_dot = MagicMock(return_value=[])
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set = MagicMock(return_value=[])
test_subject.scan_worldwritable_files_owned_by_root = MagicMock(return_value=[])
# Run test scenario
result = test_subject.scan()
# Assertions
test_subject.scan_worldwritable_files_starting_with_dot.assert_called_once_with()
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set.assert_called_once_with()
test_subject.scan_worldwritable_files_owned_by_root.assert_called_once_with()
self.assertEqual(result[0], ScanStatus.success)
self.assertEqual(result[1], '')
def test_scan_when_two_failures(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
test_subject.scan_worldwritable_files_starting_with_dot = MagicMock(
return_value=[])
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set = MagicMock(
return_value=['/some/failure'])
test_subject.scan_worldwritable_files_owned_by_root = MagicMock(
return_value=['/other/failure'])
test_subject.get_scan_text = MagicMock(
side_effect=['Test2 Failed', 'Test3 Failed'])
# Run test scenario
result = test_subject.scan()
# Assertions
test_subject.get_scan_text.assert_has_calls([
call('World writable directories with no sticky bit set',
['/some/failure']),
call('World writable files owned by root', ['/other/failure']),
])
test_subject.scan_worldwritable_files_starting_with_dot.assert_called_once_with(
)
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set.assert_called_once_with(
)
test_subject.scan_worldwritable_files_owned_by_root.assert_called_once_with(
)
self.assertEqual(result[0], ScanStatus.fail)
self.assertEqual(result[1], 'Test2 Failed\nTest3 Failed')
def test_scan_when_success(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
test_subject.scan_worldwritable_files_starting_with_dot = MagicMock(
return_value=[])
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set = MagicMock(
return_value=[])
test_subject.scan_worldwritable_files_owned_by_root = MagicMock(
return_value=[])
# Run test scenario
result = test_subject.scan()
# Assertions
test_subject.scan_worldwritable_files_starting_with_dot.assert_called_once_with(
)
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set.assert_called_once_with(
)
test_subject.scan_worldwritable_files_owned_by_root.assert_called_once_with(
)
self.assertEqual(result[0], ScanStatus.success)
self.assertEqual(result[1], '')
def test_scan_when_two_failures(self):
# Prepare data and mocks
test_subject = WorldWritable(None)
test_subject.scan_worldwritable_files_starting_with_dot = MagicMock(return_value=[])
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set = MagicMock(return_value=['/some/failure'])
test_subject.scan_worldwritable_files_owned_by_root = MagicMock(return_value=['/other/failure'])
test_subject.get_scan_text = MagicMock(side_effect=['Test2 Failed', 'Test3 Failed'])
# Run test scenario
result = test_subject.scan()
# Assertions
test_subject.get_scan_text.assert_has_calls(
[
call('World writable directories with no sticky bit set', ['/some/failure']),
call('World writable files owned by root', ['/other/failure']),
]
)
test_subject.scan_worldwritable_files_starting_with_dot.assert_called_once_with()
test_subject.scan_worldwritable_directories_with_no_sticky_bit_set.assert_called_once_with()
test_subject.scan_worldwritable_files_owned_by_root.assert_called_once_with()
self.assertEqual(result[0], ScanStatus.fail)
self.assertEqual(result[1], 'Test2 Failed\nTest3 Failed')