def test_valid_command(self):
"""
test for CVE-2020-28243
"""
create_file = os.path.join(RUNTIME_VARS.TMP, "created_file")
patch_kernel = patch(
"salt.modules.restartcheck._kernel_versions_redhat",
return_value=["3.10.0-1127.el7.x86_64"],
)
services = {
"NetworkManager": {"ExecMainPID": 123},
"auditd": {"ExecMainPID": 456},
"crond": {"ExecMainPID": 789},
}
patch_salt = patch.dict(
restartcheck.__salt__,
{
"cmd.run": MagicMock(
return_value="Linux localhost.localdomain 3.10.0-1127.el7.x86_64"
),
"service.get_running": MagicMock(return_value=list(services.keys())),
"service.show": MagicMock(side_effect=list(services.values())),
"pkg.owner": MagicMock(return_value=""),
"service.available": MagicMock(return_value=True),
},
)
patch_deleted = patch(
"salt.modules.restartcheck._deleted_files",
MagicMock(
return_value=[
(";touch {};".format(create_file), 123, "/root/ (deleted)")
]
),
)
patch_readlink = patch(
"os.readlink", return_value="/root/;touch {};".format(create_file)
)
check_error = True
if salt.utils.path.which("repoquery"):
check_error = False
patch_grains = patch.dict(restartcheck.__grains__, {"os_family": "RedHat"})
with patch_kernel, patch_salt, patch_deleted, patch_readlink, patch_grains:
if check_error:
with self.assertRaises(FileNotFoundError):
restartcheck.restartcheck()
else:
ret = restartcheck.restartcheck()
self.assertIn(
"Found 1 processes using old versions of upgraded files", ret
)
self.assertFalse(os.path.exists(create_file))
def test_when_nilinuxrt_and_not_kernel_modules_changed_or_sysapi_files_changed_and_reboot_required_witnessed_then_reboot_should_be_required(
):
expected_result = "System restart required.\n\n"
restart_required = True
current_kernel = "fnord"
patch_grains = patch.dict(restartcheck.__grains__,
{"os_family": "NILinuxRT"})
patch_kernel_versions = patch(
"salt.modules.restartcheck._kernel_versions_nilrt",
autospec=True,
return_value=[current_kernel],
)
patch_salt = patch.dict(
restartcheck.__salt__,
{
"cmd.run":
create_autospec(cmdmod.run, return_value=current_kernel),
"system.get_reboot_required_witnessed":
create_autospec(
system.get_reboot_required_witnessed,
return_value=restart_required,
),
"service.get_running":
create_autospec(service.get_running, return_value=[]),
},
)
patch_kernel_mod_changed = patch(
"salt.modules.restartcheck._kernel_modules_changed_nilrt",
autospec=True,
return_value=False,
)
patch_sysapi_changed = patch(
"salt.modules.restartcheck._sysapi_changed_nilrt",
autospec=True,
return_value=False,
)
patch_del_files = patch(
"salt.modules.restartcheck._deleted_files",
autospec=True,
return_value=[],
)
with patch_grains, patch_kernel_versions, patch_salt, patch_sysapi_changed, patch_kernel_mod_changed, patch_del_files:
actual_result = restartcheck.restartcheck()
assert actual_result == expected_result
def test_valid_command_b(self):
"""
test for CVE-2020-28243
"""
create_file = os.path.join(RUNTIME_VARS.TMP, "created_file")
patch_kernel = patch(
"salt.modules.restartcheck._kernel_versions_redhat",
return_value=["3.10.0-1127.el7.x86_64"],
)
services = {
"NetworkManager": {
"ExecMainPID": 123
},
"auditd": {
"ExecMainPID": 456
},
"crond": {
"ExecMainPID": 789
},
}
patch_salt = patch.dict(
restartcheck.__salt__,
{
"cmd.run":
MagicMock(
return_value=
"Linux localhost.localdomain 3.10.0-1127.el7.x86_64"),
"service.get_running":
MagicMock(return_value=list(services.keys())),
"service.show":
MagicMock(side_effect=list(services.values())),
"pkg.owner":
MagicMock(return_value=""),
"service.available":
MagicMock(return_value=True),
},
)
patch_deleted = patch(
"salt.modules.restartcheck._deleted_files",
MagicMock(return_value=[("--admindir tmp dpkg", 123,
"/root/ (deleted)")]),
)
patch_readlink = patch("os.readlink",
return_value="--admindir tmp dpkg")
popen_mock = MagicMock()
popen_mock.return_value.stdout.readline.side_effect = [
"/usr/bin\n", ""
]
patch_popen = patch("subprocess.Popen", popen_mock)
patch_grains = patch.dict(restartcheck.__grains__,
{"os_family": "RedHat"})
with patch_kernel, patch_salt, patch_deleted, patch_readlink, patch_grains, patch_popen:
ret = restartcheck.restartcheck()
self.assertIn(
"Found 1 processes using old versions of upgraded files", ret)
args, kwargs = popen_mock.call_args
assert args[0] == ["repoquery", "-l", "--admindir tmp dpkg"]