def test_x86_enabled_documentation():
"""
Here we test the examples in the documentation automatically using
doctest. We set up an environment which is similar to what a rule
writer might see - a '/sys/devices/system/cpu/vulnerabilities/*' output
that has been passed in as a parameter to the rule declaration.
"""
parser1 = CpuVulns(INPUT1)
parser2 = CpuVulns(INPUT2)
env = {'cvb': CpuVulnsAll([parser1, parser2])}
failed, total = doctest.testmod(cpu_vulns_all, globs=env)
assert failed == 0
def test_cpu_vulns_meltdown_exp1():
"""
Here test the examples cause expections
"""
with pytest.raises(SkipException) as sc1:
CpuVulns(context_wrap('', path='/sys/devices/system/cpu/vulnerabilities/meltdown'))
assert "Input content is empty" in str(sc1)
def test_cpu_vulns_spectre_v2_exp1():
"""
Here test the examples cause expections
"""
with pytest.raises(SkipException) as sc1:
CpuVulns(context_wrap(''))
assert "Input content is empty" in str(sc1)
def test_cpu_vulns_spectre_v2_rhel6():
"""
Here test the examples for spectre_v2
"""
spectre = CpuVulns(context_wrap(INPUT_SPECTRE_V2_RHEL_6, path='/sys/devices/system/cpu/vulnerabilities/spectre_v2'))
assert spectre.value == INPUT_SPECTRE_V2_RHEL_6
assert spectre.file_name == 'spectre_v2'
def test_cpu_vulns_documentation():
"""
Here we test the examples in the documentation automatically using doctest.
We set up an environment which is similar to what a rule writer might see -
a '/sys/devices/system/cpu/vulnerabilities/*' output that has been
passed in as a parameter to the rule declaration.
"""
env = {
'sp_v1': CpuVulns(context_wrap(INPUT_SPECTRE_V1,
path='/sys/devices/system/cpu/vulnerabilities/spectre_v1')),
'sp_v2': CpuVulns(context_wrap(INPUT_SPECTRE_V2_RHEL_7,
path='/sys/devices/system/cpu/vulnerabilities/spectre_v2')),
'md': CpuVulns(context_wrap(INPUT_MELTDOWN,
path='/sys/devices/system/cpu/vulnerabilities/meltdown')),
'ssb': CpuVulns(context_wrap(INPUT_SPEC_STORE_BYPASS,
path='/sys/devices/system/cpu/vulnerabilities/spec_store_bypass'))}
failed, total = doctest.testmod(cpu_vulns, globs=env)
assert failed == 0
def test_cpu_vulns_spec_store_bypass_3():
spectre = CpuVulns(context_wrap(INPUT_SPEC_STORE_BYPASS_3, path='/sys/devices/system/cpu/vulnerabilities/spec_store_bypass'))
assert spectre.value == INPUT_SPEC_STORE_BYPASS_3
assert spectre.file_name == 'spec_store_bypass'
def test_cpu_vulns_meltdown():
spectre = CpuVulns(context_wrap(INPUT_MELTDOWN, path='/sys/devices/system/cpu/vulnerabilities/meltdown'))
assert spectre.value == INPUT_MELTDOWN
assert spectre.file_name == 'meltdown'
def test_cpu_vulns_spectre_v1():
spectre = CpuVulns(context_wrap(INPUT_SPECTRE_V1, path='/sys/devices/system/cpu/vulnerabilities/spectre_v1'))
assert spectre.value == INPUT_SPECTRE_V1
assert spectre.file_name == 'spectre_v1'
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
""".strip()
INPUT_MDS = """
Vulnerable: Clear CPU buffers attempted, no microcode; SMT vulnerable
""".strip()
INPUT0 = context_wrap(INPUT_MELTDOWN, path='')
INPUT1 = context_wrap(INPUT_MELTDOWN, path='/sys/devices/system/cpu/vulnerabilities/meltdown')
INPUT2 = context_wrap(INPUT_SPECTRE_V1, path='/sys/devices/system/cpu/vulnerabilities/spectre_v1')
INPUT3 = context_wrap(INPUT_SPECTRE_V2, path='/sys/devices/system/cpu/vulnerabilities/spectre_v2')
INPUT4 = context_wrap(INPUT_SPEC_STORE_BYPASS, path='/sys/devices/system/cpu/vulnerabilities/spec_store_bypass')
INPUT5 = context_wrap(INPUT_SMT, path='/sys/devices/system/cpu/vulnerabilities/l1tf')
INPUT6 = context_wrap(INPUT_MDS, path='/sys/devices/system/cpu/vulnerabilities/mds')
parser0 = CpuVulns(INPUT0)
parser1 = CpuVulns(INPUT1)
parser2 = CpuVulns(INPUT2)
parser3 = CpuVulns(INPUT3)
parser4 = CpuVulns(INPUT4)
parser5 = CpuVulns(INPUT5)
parser6 = CpuVulns(INPUT6)
def test_values_comb_meltdown():
obj = CpuVulnsAll([parser1, parser2, parser3])
assert 'meltdown' in obj
assert obj == {'meltdown': 'Mitigation: PTI', 'spectre_v1': 'Mitigation: Load fences', 'spectre_v2': 'Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling'}
def test_values_comb_spectre_v1():