diff --git a/lib/oeqa/runtime/cases/openscap.py b/lib/oeqa/runtime/cases/openscap.py new file mode 100644 index 0000000..7012b6b --- /dev/null +++ b/lib/oeqa/runtime/cases/openscap.py @@ -0,0 +1,48 @@ +# SPDX-License-Identifier: MIT +# + +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.depends import OETestDepends +from oeqa.runtime.decorator.package import OEHasPackage + + +class OpenscapTest(OERuntimeTestCase): + + @OEHasPackage(["openscap"]) + @OETestDepends(["ssh.SSHTest.test_ssh"]) + def test_openscap_basic(self): + status, output = self.target.run("oscap -V") + msg = ( + "`oscap -V` command does not work as expected. " + "Status and output:%s and %s" % (status, output) + ) + self.assertEqual(status, 0, msg=msg) + + @OEHasPackage(["openscap"]) + @OEHasPackage(["scap-security-guide"]) + @OETestDepends(["ssh.SSHTest.test_ssh"]) + def test_openscap_scan(self): + SCAP_SOURCE = "/usr/share/xml/scap/ssg/content/ssg-openembedded-xccdf.xml" + CPE_DICT = "/usr/share/xml/scap/ssg/content/ssg-openembedded-cpe-dictionary.xml" + + cmd = "oscap info --profiles %s" % SCAP_SOURCE + status, output = self.target.run(cmd) + msg = ( + "oscap info` command does not work as expected.\n" + "Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output) + ) + self.assertEqual(status, 0, msg=msg) + + for p in output.split("\n"): + profile = p.split(":")[0] + cmd = "oscap xccdf eval --cpe %s --profile %s %s" % ( + CPE_DICT, + profile, + SCAP_SOURCE, + ) + status, output = self.target.run(cmd) + msg = ( + "`oscap xccdf eval` does not work as expected.\n" + "Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output) + ) + self.assertNotEqual(status, 1, msg=msg) diff --git a/recipes-core/images/security-test-image.bb b/recipes-core/images/security-test-image.bb index 81f69dd..e7e354e 100644 --- a/recipes-core/images/security-test-image.bb +++ b/recipes-core/images/security-test-image.bb @@ -12,7 +12,7 @@ IMAGE_INSTALL:append = "\ ${@bb.utils.contains("BBFILE_COLLECTIONS", "integrity", "packagegroup-ima-evm-utils","", d)} \ " -TEST_SUITES = "ssh ping apparmor clamav samhain sssd checksec smack suricata aide firejail" +TEST_SUITES = "ssh ping apparmor clamav openscap samhain sssd checksec smack suricata aide firejail" TEST_SUITES:append = " parsec tpm2 swtpm ima" INSTALL_CLAMAV_CVD = "1"