def test_migrate_spamd_config_write_failure():
# OSError (e.g. os.open)
facts = SpamassassinFacts(service_overriden=False, spamd_ssl_version='tlsv1')
fileops = MockFileOperations(write_error=make_OSError(errno.EACCES))
content = ('# foo\n' +
SYSCONFIG_VARIABLE + '="-c --ssl-version tlsv1 -hdx"\n' +
'# bar \n')
fileops.files[SYSCONFIG_SPAMASSASSIN] = content
backup_func = MockBackup()
lib_spamd.migrate_spamd_config(facts, fileops, backup_func)
# The main purpose of this test is to check that exceptions are handled
# properly. The following assertions are supplementary.
assert fileops.read_called == 1
assert fileops.write_called == 1
# IOError (e.g. builtin open)
facts = SpamassassinFacts(service_overriden=False, spamd_ssl_version='tlsv1')
fileops = MockFileOperations(write_error=make_IOError(errno.EACCES))
content = ('# foo\n' +
SYSCONFIG_VARIABLE + '="-c --ssl-version tlsv1 -hdx"\n' +
'# bar \n')
fileops.files[SYSCONFIG_SPAMASSASSIN] = content
backup_func = MockBackup()
lib_spamd.migrate_spamd_config(facts, fileops, backup_func)
assert fileops.read_called == 1
assert fileops.write_called == 1
def test_migrate_spamd_config_no_write_if_backup_fails():
# OSError (e.g. os.open)
facts = SpamassassinFacts(service_overriden=False, spamd_ssl_version='tlsv1')
fileops = MockFileOperations()
content = ('# foo\n' +
SYSCONFIG_VARIABLE + '="-c --ssl-version tlsv1 -hdx"\n' +
'# bar \n')
fileops.files[SYSCONFIG_SPAMASSASSIN] = content
backup_func = MockBackup(to_raise=make_OSError(errno.EACCES))
lib_spamd.migrate_spamd_config(facts, fileops, backup_func)
assert backup_func.called == 1
assert fileops.write_called == 0
# IOError (e.g. file.read)
facts = SpamassassinFacts(service_overriden=False, spamd_ssl_version='tlsv1')
fileops = MockFileOperations()
content = ('# foo\n' +
SYSCONFIG_VARIABLE + '="-c --ssl-version tlsv1 -hdx"\n' +
'# bar \n')
fileops.files[SYSCONFIG_SPAMASSASSIN] = content
backup_func = MockBackup(to_raise=make_IOError(errno.EACCES))
lib_spamd.migrate_spamd_config(facts, fileops, backup_func)
assert backup_func.called == 1
assert fileops.write_called == 0
def test_rewrite_spamd_config():
facts = SpamassassinFacts(spamd_ssl_version='tlsv1', service_overriden=False)
content = '# Options passed to spamd\n' \
'SPAMDOPTIONS="-c -d -m5 --ssl -H --ssl-version tlsv1"\n'
rewritten = lib_spamd._rewrite_spamd_config(facts, content)
assert rewritten == '# Options passed to spamd\n' \
'SPAMDOPTIONS="-c -m5 --ssl -H "\n'
def get_spamassassin_facts(read_func, listdir):
"""
Reads the spamc configuration file, the spamassassin sysconfig file and checks
whether the spamassassin service is overriden. Returns SpamassassinFacts.
"""
spamc_ssl_argument = spamassassinconfigread_spamc.get_spamc_ssl_argument(read_func)
service_overriden = spamassassinconfigread_spamd.spamassassin_service_overriden(listdir)
spamd_ssl_version = spamassassinconfigread_spamd.get_spamd_ssl_version(read_func)
return SpamassassinFacts(spamc_ssl_argument=spamc_ssl_argument,
service_overriden=service_overriden,
spamd_ssl_version=spamd_ssl_version)
def test_rewrite_spamd_config_service_overriden():
# If the service is overriden, the service type (simple/forking) remains
# the same after upgrade. So we must not remove the -d option.
facts = SpamassassinFacts(spamd_ssl_version='sslv3', service_overriden=True)
content = '# Options to spamd\n' \
'SPAMDOPTIONS="-c -d -m5 --ssl -H --ssl-version sslv3"\n'
rewritten = lib_spamd._rewrite_spamd_config(facts, content)
assert rewritten == '# Options to spamd\n' \
'SPAMDOPTIONS="-c -d -m5 --ssl -H "\n'
def test_check_spamd_config_service_type_service_not_overriden():
facts = SpamassassinFacts(service_overriden=False)
report_func = create_report_mocked()
library._check_spamd_config_service_type(facts, report_func)
assert report_func.called == 1
report_fields = report_func.report_fields
assert 'type of the spamassassin systemd service' in report_fields['title']
assert 'The type of spamassassin.service' in report_fields['summary']
assert 'will be updated' in report_fields['summary']
assert report_fields['severity'] == 'medium'
def test_migrate_spamd_config_nothing_to_migrate():
facts = SpamassassinFacts(service_overriden=True, spamd_ssl_version=None)
fileops = MockFileOperations()
content = ('# foo\n' +
SYSCONFIG_VARIABLE + '="-c -hdx"\n' +
'# bar \n')
fileops.files[SYSCONFIG_SPAMASSASSIN] = content
backup_func = MockBackup()
lib_spamd.migrate_spamd_config(facts, fileops, backup_func)
assert fileops.read_called == 0
assert fileops.write_called == 0
assert backup_func.called == 0
def test_migrate_spamd_config_no_writes_with_unmodified_config():
# Test that no writes are performed if the sysconfig file is in its
# default state and thus gets replaced during the RPM upgrade.
facts = SpamassassinFacts(service_overriden=False, spamd_ssl_version='tlsv1')
# Content of the sysconfig file from RHEL-8
content = ('# Options to spamd\n'
'SPAMDOPTIONS="-c -m5 -H --razor-home-dir=\'/var/lib/razor/\' --razor-log-file=\'sys-syslog\'"\n')
fileops = MockFileOperations()
fileops.files[SYSCONFIG_SPAMASSASSIN] = content
backup_func = MockBackup()
lib_spamd.migrate_spamd_config(facts, fileops, backup_func)
assert backup_func.called == 0
assert fileops.read_called == 1
assert fileops.write_called == 0
def test_check_spamd_config_ssl_correct_config():
facts = SpamassassinFacts(spamd_ssl_version=None, service_overriden=False)
report_func = create_report_mocked()
library._check_spamd_config_ssl(facts, report_func)
assert report_func.called == 1
report_fields = report_func.report_fields
assert 'specifying the TLS version' in report_fields['title']
assert 'SSLv3' in report_fields['title']
assert '--ssl-version' in report_fields['summary']
assert 'SSLv3' in report_fields['summary']
assert 'sysconfig' not in report_fields['summary']
assert all('update your scripts' in r['remediations']['context']
for r in report_fields['remediations'])
assert report_fields['severity'] == 'medium'
def test_check_spamc_config_tlsv1():
facts = SpamassassinFacts(spamc_ssl_argument='tlsv1', service_overriden=False)
report_func = create_report_mocked()
library._check_spamc_config(facts, report_func)
assert report_func.called == 1
report_fields = report_func.report_fields
assert 'specifying the TLS version' in report_fields['title']
assert 'SSLv3' in report_fields['title']
assert '--ssl' in report_fields['summary']
assert 'SSLv3' in report_fields['summary']
assert 'spamc configuration file' in report_fields['summary']
assert '--ssl tlsv1' in report_fields['summary']
assert all('update your scripts' in r['remediations']['context']
for r in report_fields['remediations'])
assert report_fields['severity'] == 'medium'
def test_actor_basic(current_actor_context):
facts = SpamassassinFacts(service_overriden=False)
current_actor_context.feed(facts)
current_actor_context.run()
reports = current_actor_context.consume(Report)
assert len(reports) == 4
report = reports[0]
assert '--ssl' in report.report['summary']
assert 'spamc' in report.report['summary']
report = reports[1]
assert '--ssl-version' in report.report['summary']
assert 'spamd' in report.report['summary']
report = reports[2]
assert 'spamassassin.service' in report.report['summary']
report = reports[3]
assert 'sa-update no longer supports SHA1' in report.report['summary']
def test_migrate_spamd_config():
facts = SpamassassinFacts(service_overriden=False, spamd_ssl_version='tlsv1')
fileops = MockFileOperations()
content = ('# foo\n' +
SYSCONFIG_VARIABLE + '="-c --ssl-version tlsv1 -hdx"\n' +
'# bar \n')
fileops.files[SYSCONFIG_SPAMASSASSIN] = content
backup_func = MockBackup()
lib_spamd.migrate_spamd_config(facts, fileops, backup_func)
assert backup_func.called == 1
assert backup_func.paths[0] == SYSCONFIG_SPAMASSASSIN
expected_content = ('# foo\n' +
SYSCONFIG_VARIABLE + '="-c --ssl -hx"\n' +
'# bar \n')
assert fileops.files[SYSCONFIG_SPAMASSASSIN] == expected_content
assert fileops.read_called == 1
assert fileops.files_read[SYSCONFIG_SPAMASSASSIN] == 1
assert fileops.write_called == 1
assert fileops.files_written[SYSCONFIG_SPAMASSASSIN] == 1