def assertValidCheckFile(self, path): """Tests whether a check definition has a valid configuration.""" # Figure out the relative path of the check files. prefix = os.path.commonprefix(config.CONFIG["Checks.config_dir"]) relpath = os.path.relpath(path, prefix) # If the config can't load fail immediately. try: configs = checks.LoadConfigsFromFile(path) except yaml.error.YAMLError as e: self.fail("File %s could not be parsed: %s\n" % (relpath, e)) # Otherwise, check all the configs and pass/fail at the end. errors = collections.OrderedDict() for check_id, check_spec in configs.iteritems(): check_errors = self.GetCheckErrors(check_spec) if check_errors: msg = errors.setdefault(relpath, ["check_id: %s" % check_id]) msg.append(check_errors) if errors: message = "" for k, v in errors.iteritems(): message += "File %s errors:\n" % k message += " %s\n" % v[0] for err in v[1]: message += " %s\n" % err self.fail(message)
def testLoadToDict(self): result = checks.LoadConfigsFromFile(os.path.join(CHECKS_DIR, "sshd.yaml")) self.assertItemsEqual(["SSHD-CHECK", "SSHD-PERMS"], result) # Start with basic check attributes. result_check = result["SSHD-CHECK"] self.assertEqual("SSHD-CHECK", result_check["check_id"]) self.assertEqual("NONE", result_check["match"]) # Now dive into the method. result_method = result_check["method"][0] self.assertEqual({"os": ["Linux", "Darwin"]}, result_method["target"]) self.assertEqual(["ANY"], result_method["match"]) expect_hint = { "problem": "Sshd allows protocol 1.", "format": "Configured protocols: {config.protocol}" } self.assertDictEqual(expect_hint, result_method["hint"]) # Now dive into the probe. result_probe = result_method["probe"][0] self.assertEqual("SshdConfigFile", result_probe["artifact"]) self.assertEqual(["ANY"], result_probe["match"]) # Now dive into the filters. expect_filters = { "type": "ObjectFilter", "expression": "config.protocol contains 1" } result_filters = result_probe["filters"][0] self.assertDictEqual(expect_filters, result_filters) # Make sure any specified probe context is set. result_check = result["SSHD-PERMS"] probe = result_check["method"][0]["probe"][0] result_context = str(probe["result_context"]) self.assertItemsEqual("RAW", result_context)
def testLoadToDict(self): expect = { "SSHD-CHECK": { "check_id": "SSHD-CHECK", "method": [{ "probe": [{ "artifact": "SshdConfigFile", "match": ["ANY"], "filters": [{ "type": "ObjectFilter", "expression": "config.protocol contains 1" }] }], "target": { "os": ["Linux", "Darwin"] }, "match": ["ANY"], "hint": { "problem": "Sshd allows protocol 1.", "summary": "sshd parameter", "format": "Configured protocols: {config.protocol}" } }], "match": "NONE" } } result = checks.LoadConfigsFromFile( os.path.join(CHECKS_DIR, "sshd.yaml")) self.assertEqual(expect.keys(), result.keys()) # Start with basic check attributes. expect_check = expect["SSHD-CHECK"] result_check = result["SSHD-CHECK"] self.assertEqual(expect_check["check_id"], result_check["check_id"]) self.assertEqual(expect_check["match"], result_check["match"]) # Now dive into the method. expect_method = expect_check["method"][0] result_method = result_check["method"][0] self.assertEqual(expect_method["target"], result_method["target"]) self.assertEqual(expect_method["match"], result_method["match"]) self.assertDictEqual(expect_method["hint"], result_method["hint"]) # Now dive into the probe. expect_probe = expect_method["probe"][0] result_probe = result_method["probe"][0] self.assertEqual(expect_probe["artifact"], result_probe["artifact"]) self.assertEqual(expect_probe["match"], result_probe["match"]) # Now dive into the filters. expect_filters = expect_probe["filters"][0] result_filters = result_probe["filters"][0] self.assertDictEqual(expect_filters, result_filters)
def _LoadCheck(cfg_file, check_id): configs = checks.LoadConfigsFromFile(os.path.join(CHECKS_DIR, cfg_file)) cfg = configs.get(check_id) return checks.Check(**cfg)