def assertValidCheckFile(self, path):
"""Tests whether a check definition has a valid configuration."""
# Figure out the relative path of the check files.
prefix = os.path.commonprefix(config.CONFIG["Checks.config_dir"])
relpath = os.path.relpath(path, prefix)
# If the config can't load fail immediately.
try:
configs = checks.LoadConfigsFromFile(path)
except yaml.error.YAMLError as e:
self.fail("File %s could not be parsed: %s\n" % (relpath, e))
# Otherwise, check all the configs and pass/fail at the end.
errors = collections.OrderedDict()
for check_id, check_spec in configs.iteritems():
check_errors = self.GetCheckErrors(check_spec)
if check_errors:
msg = errors.setdefault(relpath, ["check_id: %s" % check_id])
msg.append(check_errors)
if errors:
message = ""
for k, v in errors.iteritems():
message += "File %s errors:\n" % k
message += " %s\n" % v[0]
for err in v[1]:
message += " %s\n" % err
self.fail(message)
def testLoadToDict(self):
result = checks.LoadConfigsFromFile(os.path.join(CHECKS_DIR, "sshd.yaml"))
self.assertItemsEqual(["SSHD-CHECK", "SSHD-PERMS"], result)
# Start with basic check attributes.
result_check = result["SSHD-CHECK"]
self.assertEqual("SSHD-CHECK", result_check["check_id"])
self.assertEqual("NONE", result_check["match"])
# Now dive into the method.
result_method = result_check["method"][0]
self.assertEqual({"os": ["Linux", "Darwin"]}, result_method["target"])
self.assertEqual(["ANY"], result_method["match"])
expect_hint = {
"problem": "Sshd allows protocol 1.",
"format": "Configured protocols: {config.protocol}"
}
self.assertDictEqual(expect_hint, result_method["hint"])
# Now dive into the probe.
result_probe = result_method["probe"][0]
self.assertEqual("SshdConfigFile", result_probe["artifact"])
self.assertEqual(["ANY"], result_probe["match"])
# Now dive into the filters.
expect_filters = {
"type": "ObjectFilter",
"expression": "config.protocol contains 1"
}
result_filters = result_probe["filters"][0]
self.assertDictEqual(expect_filters, result_filters)
# Make sure any specified probe context is set.
result_check = result["SSHD-PERMS"]
probe = result_check["method"][0]["probe"][0]
result_context = str(probe["result_context"])
self.assertItemsEqual("RAW", result_context)
def testLoadToDict(self):
expect = {
"SSHD-CHECK": {
"check_id":
"SSHD-CHECK",
"method": [{
"probe": [{
"artifact":
"SshdConfigFile",
"match": ["ANY"],
"filters": [{
"type": "ObjectFilter",
"expression": "config.protocol contains 1"
}]
}],
"target": {
"os": ["Linux", "Darwin"]
},
"match": ["ANY"],
"hint": {
"problem": "Sshd allows protocol 1.",
"summary": "sshd parameter",
"format": "Configured protocols: {config.protocol}"
}
}],
"match":
"NONE"
}
}
result = checks.LoadConfigsFromFile(
os.path.join(CHECKS_DIR, "sshd.yaml"))
self.assertEqual(expect.keys(), result.keys())
# Start with basic check attributes.
expect_check = expect["SSHD-CHECK"]
result_check = result["SSHD-CHECK"]
self.assertEqual(expect_check["check_id"], result_check["check_id"])
self.assertEqual(expect_check["match"], result_check["match"])
# Now dive into the method.
expect_method = expect_check["method"][0]
result_method = result_check["method"][0]
self.assertEqual(expect_method["target"], result_method["target"])
self.assertEqual(expect_method["match"], result_method["match"])
self.assertDictEqual(expect_method["hint"], result_method["hint"])
# Now dive into the probe.
expect_probe = expect_method["probe"][0]
result_probe = result_method["probe"][0]
self.assertEqual(expect_probe["artifact"], result_probe["artifact"])
self.assertEqual(expect_probe["match"], result_probe["match"])
# Now dive into the filters.
expect_filters = expect_probe["filters"][0]
result_filters = result_probe["filters"][0]
self.assertDictEqual(expect_filters, result_filters)
def _LoadCheck(cfg_file, check_id):
configs = checks.LoadConfigsFromFile(os.path.join(CHECKS_DIR, cfg_file))
cfg = configs.get(check_id)
return checks.Check(**cfg)
