def test_roles(self): "Test system roles dictionary" sp = SystemCompliance() # testing adding a role name = "SOME VALUE" my_dict = {"name": "SOME VALUE", "other_key": "some value"} sp.add_system_dict('roles', name, my_dict) self.assertTrue(sp.roles() == ["SOME VALUE"])
def test_certifications(self): "Test system certifications dictionary" sp = SystemCompliance() # testing adding a certification name = "FRed-RAMP-Low" my_dict = {"name": "FRed-RAMP-Low", "other_key": "some value"} sp.add_system_dict('certifications', name, my_dict) self.assertTrue(sp.certifications() == ["FRed-RAMP-Low"])
def test_components(self): "Test system component dictionary" sp = SystemCompliance() # test necessary dictionaries created self.assertTrue(sp.system is not None) # test adding in components oc_component_file = os.path.join(os.path.dirname(__file__), '../data/UAA_component.yaml') print(oc_component_file) ocfileurl = "file://%s" % oc_component_file test_component_dict = yaml.safe_load(urlopen(ocfileurl)) sp.system_component_add(test_component_dict['name'], test_component_dict) print("system components are %s " % sp.system['components'].keys()) print( len(sp.system['components'] ['User Account and Authentication (UAA) Server']['satisfies'])) self.assertTrue( list(sp.system['components'])[0] == "User Account and Authentication (UAA) Server") self.assertTrue( len(sp.system['components'] ['User Account and Authentication (UAA) Server']['satisfies']) == 26) # add second component file and test list of components oc_component_file = os.path.join(os.path.dirname(__file__), '../data/AU_policy_component.yaml') print(oc_component_file) ocfileurl = "file://%s" % oc_component_file # this is where we add the component dictionary test_component_dict = yaml.safe_load(urlopen(ocfileurl)) sp.system_component_add(test_component_dict['name'], test_component_dict) # test method to get list of system components print(sp.components()) self.assertTrue('Audit Policy' in sp.components()) self.assertTrue( 'User Account and Authentication (UAA) Server' in sp.components()) self.assertFalse('Wrong Name' in sp.components())
def test_create_system_dictionary(self): "Test system dictionary created" sp = SystemCompliance() # test empty oc self.assertTrue(len(sp.ocfiles) == 0) # test necessary dictionaries created self.assertTrue(sp.system is not None) self.assertTrue(sp.system['components'] is not None) # test that empty system object exists self.assertTrue(sp.system['name'] == "")
def test_add_component_from_url(self): "Test method 'add_component_from_url'" sp = SystemCompliance() ocfileurl = 'https://raw.githubusercontent.com/pburkholder/freedonia-compliance/master/AU_policy/component.yaml' sp.add_component_from_url(ocfileurl) print(sp.components()) self.assertTrue(sp.components() == ['Audit Policy'])
def test_narrative_extraction(self): "Test control method correctly extracts narrative for different cases of data format" # comp_contribution['narative'] is a string, like this: # Ex: {'control_key': 'AC-4', 'standard_key': 'NIST-800-53', 'covered_by': [], 'implementation_status': 'none', 'narrative': 'Cloud.Gov enforces security groups and other network traffic rules in a strict priority order. Cloud.Gov returns an allow... dir_path = os.path.dirname(os.path.realpath(__file__)) repo_url = "file://{}/{}".format(dir_path, "test_data/repo2") print("repo_url_narrative_extraction:", repo_url) # reduce log noise for this test ocf = compliancelib.OpenControlFiles() ocf.logger.setLevel("CRITICAL") sp = SystemCompliance() sp.load_system_from_opencontrol_repo(repo_url) print("****************** AU-1") #print(sp.control_ssp_text('AU-1')) ck = "AU-1" ci = sp.control(ck) print(ci.components_dict[ci.components[0]][0]['narrative'][0]['text'] [0:23]) self.assertTrue( type(ci.components_dict[ci.components[0]][0]['narrative']) is list) self.assertTrue(ci.components_dict[ci.components[0]][0]['narrative'][0] ['text'][0:23] == "This text describes how") print("****************** AU-3") ck = "AU-3" ci = sp.control(ck) print(ci.components_dict[ci.components[0]][0]['narrative'][0:23]) self.assertTrue( type(ci.components_dict[ci.components[0]][0]['narrative']) is str) self.assertTrue(ci.components_dict[ci.components[0]][0]['narrative'] [0:23] == "This is a sample contro")
def test_standards(self): "Test system standards dictionary" sp = SystemCompliance() # testing adding a standard standard_name = "FRIST-800-53" standard_dict = {"name": "FRIST-800-53", "other_key": "some value"} sp.add_system_dict('standards', standard_name, standard_dict) print(sp.standards()) self.assertTrue(sp.standards() == ["FRIST-800-53"])
def test_load_system_from_opencontrol_repo_localfile(self): "Test load system details and control implementation from a repo on local file system" # test with local repo dir_path = os.path.dirname(os.path.realpath(__file__)) repo_url = "file://{}/{}".format(dir_path, "test_data/repo2") print("repo_url3:", repo_url) # reduce log noise for this test ocf = compliancelib.OpenControlFiles() ocf.logger.setLevel("CRITICAL") sp = SystemCompliance() sp.load_system_from_opencontrol_repo(repo_url) print("components3: ", sp.components()) print("standards3: ", sp.standards()) print("certifications3: ", sp.certifications()) print("systems3", sp.systems()) self.assertTrue('Audit Policy' in sp.components()) self.assertTrue('Cloud Formation' in sp.components()) self.assertTrue(sp.standards() == ['FRIST-800-53']) self.assertTrue('FredRAMP-low' in sp.certifications()) self.assertTrue('LATO' in sp.certifications())
def test_load_system_from_opencontrol_repo(self): "Test load system details and control implementation from a repo" # test with other repo repo_url = 'https://github.com/opencontrol/freedonia-compliance' # reduce log noise for this test ocf = compliancelib.OpenControlFiles() ocf.logger.setLevel("CRITICAL") sp = SystemCompliance() sp.load_system_from_opencontrol_repo(repo_url) print("components: ", sp.components()) print("standards: ", sp.standards()) print("certifications: ", sp.certifications()) print("systems: ", sp.systems()) # self.assertTrue(sp.components() == ['Audit Policy']) # only local component(s) # self.assertTrue(sp.components() == ['Audit Policy', 'AWS Core', 'AWS Implementation']) self.assertTrue('Audit Policy' in sp.components()) self.assertTrue('AWS Core' in sp.components()) self.assertTrue('AWS Implementation' in sp.components()) # check dependency values self.assertTrue(sp.standards() == ['FRIST-800-53']) self.assertTrue(sp.certifications() == ['FredRAMP-low']) self.assertTrue(sp.systems() == ['freedonia-aws'])
def test_control(self): "Test the control implementation object" # instantiate SystemCompliance object and populate to test sp = SystemCompliance() sp.system['name'] = "GovReady WordPress Dashboard" my_components = [ '../data/UAA_component.yaml', '../data/AU_policy_component.yaml' ] [ sp.add_component_from_url( "file://%s" % os.path.join(os.path.dirname(__file__), ocfileurl)) for ocfileurl in my_components ] standard_name = "FRIST-800-53" standard_dict = {"name": "FRIST-800-53", "other_key": "some value"} sp.add_system_dict('standards', standard_name, standard_dict) name = "FRed-RAMP-Low" my_dict = {"name": "FRed-RAMP-Low", "other_key": "some value"} sp.add_system_dict('certifications', name, my_dict) # # System instantiated, let's test displaying control information # # report when a control is not found ck = "AC-200" # no such control ci = sp.control(ck) print("%s info is %s " % (ck, ci.title)) print("\n") self.assertTrue(ci.id == "AC-200") self.assertTrue(ci.title == None) self.assertTrue(ci.description == None) self.assertTrue(ci.responsible == None) self.assertTrue(ci.components_dict == {}) # TODO Test implementation_status # TODO Test implementation_status_details ck = "AU-1" ci = sp.control(ck) print(ci.id) print(ci.title) print(ci.description) print("\nSystem control implmentation details") print("-------------------------------------") print(ci.components) print(ci.implementation_narrative) self.assertTrue(ci.id == "AU-1") self.assertTrue( ci.title == 'AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES') self.assertTrue(ci.description == """The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: a.1. An audit and accountability policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and a.2. Procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls; and b. Reviews and updates the current: b.1. Audit and accountability policy [Assignment: organization-defined frequency]; and b.2. Audit and accountability procedures [Assignment: organization-defined frequency].""" ) self.assertTrue(ci.responsible == 'organization') self.assertTrue(ci.components == ['Audit Policy']) # report when a control is found ck = "AC-4" ci = sp.control(ck) print(ci.id) print(ci.title) print(ci.description) print("\nSystem control implmentation details") print("-------------------------------------") print(ci.components) print(ci.implementation_narrative) self.assertTrue(ci.id == "AC-4") self.assertTrue(ci.title == 'INFORMATION FLOW ENFORCEMENT') self.assertTrue( ci.description == 'The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies].' ) self.assertTrue(ci.responsible == 'information system') self.assertTrue( ci.components == ['User Account and Authentication (UAA) Server']) # test control enhancement id ck = "AC-2 (1)" ci = sp.control(ck) print(ci.id) print(ci.title) print(ci.description) print("\nSystem control implmentation details") print("-------------------------------------") print(ci.components) print(ci.implementation_narrative) self.assertTrue(ci.id == "AC-2 (1)") self.assertTrue(ci.title == 'AUTOMATED SYSTEM ACCOUNT MANAGEMENT') self.assertTrue( ci.description == 'The organization employs automated mechanisms to support the management of information system accounts.' ) self.assertTrue(ci.responsible == None) self.assertTrue( ci.components == ['User Account and Authentication (UAA) Server'])
def test_summary(self): "Test outputting basic system compliance profile" sp = SystemCompliance() # set system name sp.system['name'] = "GovReady WordPress Dashboard" # add system components my_components = [ '../data/UAA_component.yaml', '../data/AU_policy_component.yaml' ] [ sp.add_component_from_url( "file://%s" % os.path.join(os.path.dirname(__file__), ocfileurl)) for ocfileurl in my_components ] # add system standard standard_name = "FRIST-800-53" standard_dict = {"name": "FRIST-800-53", "other_key": "some value"} sp.add_system_dict('standards', standard_name, standard_dict) # add system certifications name = "FRed-RAMP-Low" my_dict = {"name": "FRed-RAMP-Low", "other_key": "some value"} sp.add_system_dict('certifications', name, my_dict) # Test system compliance profile print("System compliance summary %s" % sp.summary()) print(sp.summary()['components']) print("********") self.assertTrue(sp.summary()['standards'] == ['FRIST-800-53']) self.assertTrue(sp.summary()['certifications'] == ['FRed-RAMP-Low']) self.assertTrue('Audit Policy' in sp.summary()['components']) self.assertTrue('User Account and Authentication (UAA) Server' in sp.summary()['components']) self.assertTrue(sp.summary()['name'] == 'GovReady WordPress Dashboard')