def testEmptySourceData(self):
test_data = (b"# comment 1\n"
b"# deb http://security.debian.org/ wheezy/updates main\n"
b"URI :\n"
b"URI:\n"
b"# Trailing whitespace on purpose\n"
b"URI: \n"
b"\n"
b"URIs :\n"
b"URIs:\n"
b"# Trailing whitespace on purpose\n"
b"URIs: \n"
b"# comment 2\n")
file_obj = io.BytesIO(test_data)
pathspec = rdf_paths.PathSpec(path="/etc/apt/sources.list.d/test.list")
stat = rdf_client_fs.StatEntry(pathspec=pathspec)
parser = config_file.APTPackageSourceParser()
results = list(parser.Parse(stat, file_obj, None))
result = [
d for d in results if isinstance(d, rdf_protodict.AttributedDict)
][0]
self.assertEqual("/etc/apt/sources.list.d/test.list", result.filename)
self.assertEqual(0, len(result.uris))
def testPackageSourceData(self):
test_data = br"""
# Security updates
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src [arch=amd64,trusted=yes] ftp://security.debian.org/ wheezy/updates main contrib non-free
## Random comment
# Different transport protocols below
deb ssh://ftp.debian.org/debian wheezy main contrib non-free
deb-src file:/mnt/deb-sources-files/ wheezy main contrib non-free
# correct - referencing root file system
deb-src file:/
# incorrect
deb-src http://
# Bad lines below - these shouldn't get any URIs back
deb
deb-src [arch=i386]
deb-src abcdefghijklmnopqrstuvwxyz
"""
file_obj = io.BytesIO(test_data)
pathspec = rdf_paths.PathSpec(path="/etc/apt/sources.list")
stat = rdf_client_fs.StatEntry(pathspec=pathspec)
parser = config_file.APTPackageSourceParser()
results = list(parser.Parse(stat, file_obj, None))
result = [
d for d in results if isinstance(d, rdf_protodict.AttributedDict)
][0]
self.assertEqual("/etc/apt/sources.list", result.filename)
self.assertEqual(5, len(result.uris))
self.assertEqual("http", result.uris[0].transport)
self.assertEqual("security.debian.org", result.uris[0].host)
self.assertEqual("/", result.uris[0].path)
self.assertEqual("ftp", result.uris[1].transport)
self.assertEqual("security.debian.org", result.uris[1].host)
self.assertEqual("/", result.uris[1].path)
self.assertEqual("ssh", result.uris[2].transport)
self.assertEqual("ftp.debian.org", result.uris[2].host)
self.assertEqual("/debian", result.uris[2].path)
self.assertEqual("file", result.uris[3].transport)
self.assertEqual("", result.uris[3].host)
self.assertEqual("/mnt/deb-sources-files/", result.uris[3].path)
self.assertEqual("file", result.uris[4].transport)
self.assertEqual("", result.uris[4].host)
self.assertEqual("/", result.uris[4].path)
def testAPTDetectUnsupportedTransport(self):
artifact = "APTSources"
parser = config_file.APTPackageSourceParser()
# pylint: disable=line-too-long
sources = {
"/etc/apt/sources.list":
"""\
# APT sources.list providing the default Ubuntu packages
#
deb https://httpredir.debian.org/debian jessie-updates main
deb https://security.debian.org/ wheezy/updates main
# comment 2
""",
"/etc/apt/sources.list.d/test.list":
"""\
deb file:/tmp/debs/ distro main
deb [arch=amd64,blah=blah] [meh=meh] https://securitytestasdf.debian.org/ wheezy/updates main contrib non-free
deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
""",
"/etc/apt/sources.list.d/test2.list":
"""\
deb http://dl.google.com/linux/chrome/deb/ stable main
""",
"/etc/apt/sources.list.d/test3.list":
"""\
deb https://security.debian.org/ wheezy/updates main contrib non-free
""",
"/etc/apt/sources.list.d/file-test.list":
"""\
deb file:/mnt/debian/debs/ distro main
""",
"/etc/apt/sources.list.d/rfc822.list":
"""\
Type: deb deb-src
URI: http://security.example.com
https://dl.google.com
Suite: testing
Section: main contrib
""",
}
# pylint: enable=line-too-long
chk_id = "CIS-PKG-SOURCE-UNSUPPORTED-TRANSPORT"
sym = "Found: APT sources use unsupported transport."
found = [
"/etc/apt/sources.list.d/test.list: transport: file,https,https",
"/etc/apt/sources.list.d/test2.list: transport: http",
"/etc/apt/sources.list.d/file-test.list: transport: file",
"/etc/apt/sources.list.d/rfc822.list: transport: http,https"
]
results = self.GenResults([artifact], [sources], [parser])
self.assertCheckDetectedAnom(chk_id, results, sym, found)
def testRFC822StyleSourceDataParser(self):
"""Test source list formated as per rfc822 style."""
test_data = br"""
# comment comment comment
Types: deb deb-src
URIs: http://example.com/debian
http://1.example.com/debian1
http://2.example.com/debian2
http://willdetect.example.com/debian-strange
URIs : ftp://3.example.com/debian3
http://4.example.com/debian4
blahblahblahblahblahlbha
http://willdetect2.example.com/debian-w2
http://willdetect3.example.com/debian-w3
URI
URI : ssh://5.example.com/debian5
Suites: stable testing
Sections: component1 component2
Description: short
long long long
[option1]: [option1-value]
deb-src [arch=amd64,trusted=yes] ftp://security.debian.org/ wheezy/updates main contrib non-free
# comment comment comment
Types: deb
URI:ftp://another.example.com/debian2
Suites: experimental
Sections: component1 component2
Enabled: no
Description: http://debian.org
This URL shouldn't be picked up by the parser
[option1]: [option1-value]
"""
file_obj = io.BytesIO(test_data)
pathspec = rdf_paths.PathSpec(
path="/etc/apt/sources.list.d/rfc822.list")
stat = rdf_client_fs.StatEntry(pathspec=pathspec)
parser = config_file.APTPackageSourceParser()
results = list(parser.Parse(stat, file_obj, None))
result = [
d for d in results if isinstance(d, rdf_protodict.AttributedDict)
][0]
self.assertEqual("/etc/apt/sources.list.d/rfc822.list",
result.filename)
self.assertEqual(11, len(result.uris))
self.assertEqual("ftp", result.uris[0].transport)
self.assertEqual("security.debian.org", result.uris[0].host)
self.assertEqual("/", result.uris[0].path)
self.assertEqual("http", result.uris[1].transport)
self.assertEqual("example.com", result.uris[1].host)
self.assertEqual("/debian", result.uris[1].path)
self.assertEqual("http", result.uris[2].transport)
self.assertEqual("1.example.com", result.uris[2].host)
self.assertEqual("/debian1", result.uris[2].path)
self.assertEqual("http", result.uris[3].transport)
self.assertEqual("2.example.com", result.uris[3].host)
self.assertEqual("/debian2", result.uris[3].path)
self.assertEqual("http", result.uris[4].transport)
self.assertEqual("willdetect.example.com", result.uris[4].host)
self.assertEqual("/debian-strange", result.uris[4].path)
self.assertEqual("ftp", result.uris[5].transport)
self.assertEqual("3.example.com", result.uris[5].host)
self.assertEqual("/debian3", result.uris[5].path)
self.assertEqual("http", result.uris[6].transport)
self.assertEqual("4.example.com", result.uris[6].host)
self.assertEqual("/debian4", result.uris[6].path)
self.assertEqual("http", result.uris[7].transport)
self.assertEqual("willdetect2.example.com", result.uris[7].host)
self.assertEqual("/debian-w2", result.uris[7].path)
self.assertEqual("http", result.uris[8].transport)
self.assertEqual("willdetect3.example.com", result.uris[8].host)
self.assertEqual("/debian-w3", result.uris[8].path)
self.assertEqual("ssh", result.uris[9].transport)
self.assertEqual("5.example.com", result.uris[9].host)
self.assertEqual("/debian5", result.uris[9].path)
self.assertEqual("ftp", result.uris[10].transport)
self.assertEqual("another.example.com", result.uris[10].host)
self.assertEqual("/debian2", result.uris[10].path)
