def test_archive_content_paths():
data = PolicyData()
data.content_type = "archive"
data.content_url = "http://example.com/oscap_content.tar"
data.content_path = "oscap/xccdf.xml"
data.profile_id = "Web Server"
data.content_path = "oscap/xccdf.xml"
data.tailoring_path = "oscap/tailoring.xml"
assert common.get_content_name(data) == "oscap_content.tar"
expected_path = "/tmp/openscap_data/oscap_content.tar"
assert common.get_raw_preinst_content_path(data) == expected_path
expected_path = "/tmp/openscap_data/oscap/xccdf.xml"
assert common.get_preinst_content_path(data) == expected_path
expected_path = "/root/openscap_data/oscap/xccdf.xml"
assert common.get_postinst_content_path(data) == expected_path
expected_path = "/tmp/openscap_data/oscap/tailoring.xml"
assert common.get_preinst_tailoring_path(data) == expected_path
expected_path = "/root/openscap_data/oscap/tailoring.xml"
assert common.get_postinst_tailoring_path(data) == expected_path
def configure_with_tasks(self):
"""Return configuration tasks.
:return: a list of tasks
"""
if not self.installation_enabled:
log.debug(
"OSCAP Addon: The installation is disabled. Skip the configuration."
)
return []
tasks = [
PrepareValidContent(
policy_data=self.policy_data,
file_path=common.get_raw_preinst_content_path(
self.policy_data),
content_path=common.get_preinst_content_path(self.policy_data),
),
EvaluateRulesTask(
policy_data=self.policy_data,
content_path=common.get_preinst_content_path(self.policy_data),
tailoring_path=common.get_preinst_tailoring_path(
self.policy_data),
),
]
self._cancel_tasks_on_error(tasks)
return tasks
def test_datastream_content_paths():
data = PolicyData()
data.content_type = "datastream"
data.content_url = "https://example.com/hardening.xml"
data.datastream_id = "id_datastream_1"
data.xccdf_id = "id_xccdf_new"
data.content_path = "/usr/share/oscap/testing_ds.xml"
data.cpe_path = "/usr/share/oscap/cpe.xml"
data.tailoring_path = "/usr/share/oscap/tailoring.xml"
data.profile_id = "Web Server"
assert common.get_content_name(data) == "hardening.xml"
expected_path = "/tmp/openscap_data/hardening.xml"
assert common.get_raw_preinst_content_path(data) == expected_path
expected_path = "/tmp/openscap_data/hardening.xml"
assert common.get_preinst_content_path(data) == expected_path
expected_path = "/root/openscap_data/hardening.xml"
assert common.get_postinst_content_path(data) == expected_path
expected_path = "/tmp/openscap_data/usr/share/oscap/tailoring.xml"
assert common.get_preinst_tailoring_path(data) == expected_path
expected_path = "/root/openscap_data/usr/share/oscap/tailoring.xml"
assert common.get_postinst_tailoring_path(data) == expected_path
def install_with_tasks(self):
"""Return installation tasks.
:return: a list of tasks
"""
if not self.installation_enabled:
log.debug(
"OSCAP Addon: The installation is disabled. Skip the installation."
)
return []
tasks = []
tasks.append(
InstallContentTask(
sysroot=conf.target.system_root,
policy_data=self.policy_data,
file_path=common.get_raw_preinst_content_path(
self.policy_data),
content_path=common.get_preinst_content_path(self.policy_data),
tailoring_path=common.get_preinst_tailoring_path(
self.policy_data),
target_directory=common.TARGET_CONTENT_DIR))
if self.policy_data.remediate in ("", "post", "both"):
tasks.append(
RemediateSystemTask(
sysroot=conf.target.system_root,
policy_data=self.policy_data,
target_content_path=common.get_postinst_content_path(
self.policy_data),
target_tailoring_path=common.get_postinst_tailoring_path(
self.policy_data)))
if self.policy_data.remediate in ("firstboot", "both"):
tasks.append(
ScheduleFirstbootRemediationTask(
sysroot=conf.target.system_root,
policy_data=self.policy_data,
target_content_path=common.get_postinst_content_path(
self.policy_data),
target_tailoring_path=common.get_postinst_tailoring_path(
self.policy_data)))
self._cancel_tasks_on_error(tasks)
return tasks
def _select_profile(self, profile_id):
"""Selects the given profile."""
if not profile_id:
# no profile specified, nothing to do
return False
ds = None
xccdf = None
if self._using_ds:
ds = self._current_ds_id
xccdf = self._current_xccdf_id
if not all((ds, xccdf, profile_id)):
# something is not set -> do nothing
return False
# get pre-install fix rules from the content
try:
self._rule_data = rule_handling.get_rule_data_from_content(
profile_id, common.get_preinst_content_path(self._policy_data),
ds, xccdf, common.get_preinst_tailoring_path(self._policy_data))
except common.OSCAPaddonError as exc:
log.error(
"OSCAP Addon: Failed to get rules for the profile '{}': {}"
.format(profile_id, str(exc)))
self._set_error(
"Failed to get rules for the profile '{}'"
.format(profile_id))
return False
itr = self._profiles_store.get_iter_first()
while itr:
if self._profiles_store[itr][0] == profile_id:
self._profiles_store.set_value(itr, 2, True)
itr = self._profiles_store.iter_next(itr)
# remember the active profile
self._active_profile = profile_id
return True
def test_scap_security_guide_paths():
data = PolicyData()
data.content_type = "scap-security-guide"
data.profile_id = "Web Server"
data.content_path = "/usr/share/xml/scap/ssg/content.xml"
expected_msg = "Using scap-security-guide, no single content file"
with pytest.raises(ValueError, match=expected_msg):
common.get_content_name(data)
expected_path = None
assert common.get_raw_preinst_content_path(data) == expected_path
expected_path = "/usr/share/xml/scap/ssg/content.xml"
assert common.get_preinst_content_path(data) == expected_path
expected_path = "/usr/share/xml/scap/ssg/content.xml"
assert common.get_postinst_content_path(data) == expected_path
expected_path = ""
assert common.get_preinst_tailoring_path(data) == expected_path
expected_path = ""
assert common.get_postinst_tailoring_path(data) == expected_path
def _init_after_data_fetch(self, wait_for):
"""
Waits for data fetching to be finished, extracts it (if needed),
populates the stores and evaluates pre-installation fixes from the
content and marks the spoke as ready in the end.
:param wait_for: name of the thread to wait for (if any)
:type wait_for: str or None
"""
def update_progress_label(msg):
fire_gtk_action(self._progress_label.set_text(msg))
content_path = None
actually_fetched_content = wait_for is not None
if actually_fetched_content:
content_path = common.get_raw_preinst_content_path(self._policy_data)
content = self.content_bringer.finish_content_fetch(
wait_for, self._policy_data.fingerprint, update_progress_label,
content_path, self._handle_error)
if not content:
with self._fetch_flag_lock:
self._fetching = False
return
fire_gtk_action(self._progress_spinner.stop)
fire_gtk_action(
self._progress_label.set_text,
_("Fetch complete, analyzing data."))
try:
if actually_fetched_content:
self.content_bringer.use_downloaded_content(content)
preinst_content_path = common.get_preinst_content_path(self._policy_data)
preinst_tailoring_path = common.get_preinst_tailoring_path(self._policy_data)
msg = f"Opening SCAP content at {preinst_content_path}"
if self._policy_data.tailoring_path:
msg += f" with tailoring {preinst_tailoring_path}"
else:
msg += " without considering tailoring"
log.info("OSCAP Addon: " + msg)
self._content_handler = scap_content_handler.SCAPContentHandler(
preinst_content_path,
preinst_tailoring_path)
except Exception as e:
log.error(str(e))
self._invalid_content()
# fetching done
with self._fetch_flag_lock:
self._fetching = False
return
log.info("OSCAP Addon: Done with analysis")
self._ds_checklists = self._content_handler.get_data_streams_checklists()
if self._using_ds:
# populate the stores from items from the content
add_ds_ids = GtkActionList()
add_ds_ids.add_action(self._ds_store.clear)
for dstream in self._ds_checklists.keys():
add_ds_ids.add_action(self._add_ds_id, dstream)
add_ds_ids.fire()
self._update_ids_visibility()
# refresh UI elements
self._refresh_ui()
# let all initialization and configuration happen before we evaluate
# the setup
if not self._anaconda_spokes_initialized.is_set():
# only wait (and log the messages) if the event is not set yet
log.debug("OSCAP addon: waiting for all Anaconda spokes to be initialized")
self._anaconda_spokes_initialized.wait()
log.debug("OSCAP addon: all Anaconda spokes have been initialized - continuing")
# try to switch to the chosen profile (if any)
selected = self._switch_profile()
if self._policy_data.profile_id and not selected:
# profile ID given, but it was impossible to select it -> invalid
# profile ID given
self._invalid_profile_id()
return
# update the message store with the messages
self._update_message_store()
# all initialized, we can now let user set parameters
fire_gtk_action(self._main_notebook.set_current_page, SET_PARAMS_PAGE)
# and use control buttons
fire_gtk_action(really_show, self._control_buttons)
# fetching done
with self._fetch_flag_lock:
self._fetching = False
# no error
self._set_error(None)
def preinst_tailoring_path(self) -> str:
return common.get_preinst_tailoring_path(self.policy_data)
