def assertValidCheckFile(self, path): """Tests whether a check definition has a valid configuration.""" # Figure out the relative path of the check files. prefix = os.path.commonprefix(config.CONFIG["Checks.config_dir"]) relpath = os.path.relpath(path, prefix) # If the config can't load fail immediately. try: configs = checks.LoadConfigsFromFile(path) except yaml.error.YAMLError as e: self.fail("File %s could not be parsed: %s\n" % (relpath, e)) # Otherwise, check all the configs and pass/fail at the end. errors = collections.OrderedDict() for check_id, check_spec in iteritems(configs): check_errors = self.GetCheckErrors(check_spec) if check_errors: msg = errors.setdefault(relpath, ["check_id: %s" % check_id]) msg.append(check_errors) if errors: message = "" for k, v in iteritems(errors): message += "File %s errors:\n" % k message += " %s\n" % v[0] for err in v[1]: message += " %s\n" % err self.fail(message)
def testLoadToDict(self): result = checks.LoadConfigsFromFile(os.path.join(CHECKS_DIR, "sshd.yaml")) self.assertItemsEqual(["SSHD-CHECK", "SSHD-PERMS"], result) # Start with basic check attributes. result_check = result["SSHD-CHECK"] self.assertEqual("SSHD-CHECK", result_check["check_id"]) self.assertEqual("NONE", result_check["match"]) # Now dive into the method. result_method = result_check["method"][0] self.assertEqual({"os": ["Linux", "Darwin"]}, result_method["target"]) self.assertEqual(["ANY"], result_method["match"]) expect_hint = { "problem": "Sshd allows protocol 1.", "format": "Configured protocols: {config.protocol}" } self.assertDictEqual(expect_hint, result_method["hint"]) # Now dive into the probe. result_probe = result_method["probe"][0] self.assertEqual("SshdConfigFile", result_probe["artifact"]) self.assertEqual(["ANY"], result_probe["match"]) # Now dive into the filters. expect_filters = { "type": "ObjectFilter", "expression": "config.protocol contains 1" } result_filters = result_probe["filters"][0] self.assertDictEqual(expect_filters, result_filters) # Make sure any specified probe context is set. result_check = result["SSHD-PERMS"] probe = result_check["method"][0]["probe"][0] result_context = str(probe["result_context"]) self.assertItemsEqual("RAW", result_context)
def _LoadCheck(self, cfg_file, check_id): configs = checks.LoadConfigsFromFile(os.path.join(CHECKS_DIR, cfg_file)) cfg = configs.get(check_id) return checks.Check(**cfg)