mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity
Files
master-next
meta-security/lib/oeqa/runtime/cases/openscap.py
Louis Rannou a043f0b8ed oeqa: openscap test 
Add basic openscap test. This looks for an existing profile and run a basic scan.

Openscap scans return 1 in case of failure, 0 in case of success and 2 when a
vulnerability has been found. As this does not aim to check openscap reports, 2 is
considered as a successful test.

Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
(added to test image)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2025-11-21 09:10:00 -05:00

49 lines
1.7 KiB
Python
Raw Permalink Blame History

# SPDX-License-Identifier: MIT
#
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
from oeqa.runtime.decorator.package import OEHasPackage
class OpenscapTest(OERuntimeTestCase):
@OEHasPackage(["openscap"])
@OETestDepends(["ssh.SSHTest.test_ssh"])
def test_openscap_basic(self):
status, output = self.target.run("oscap -V")
msg = (
"`oscap -V` command does not work as expected. "
"Status and output:%s and %s" % (status, output)
)
self.assertEqual(status, 0, msg=msg)
@OEHasPackage(["openscap"])
@OEHasPackage(["scap-security-guide"])
@OETestDepends(["ssh.SSHTest.test_ssh"])
def test_openscap_scan(self):
SCAP_SOURCE = "/usr/share/xml/scap/ssg/content/ssg-openembedded-xccdf.xml"
CPE_DICT = "/usr/share/xml/scap/ssg/content/ssg-openembedded-cpe-dictionary.xml"
cmd = "oscap info --profiles %s" % SCAP_SOURCE
status, output = self.target.run(cmd)
msg = (
"oscap info` command does not work as expected.\n"
"Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output)
)
self.assertEqual(status, 0, msg=msg)
for p in output.split("\n"):
profile = p.split(":")[0]
cmd = "oscap xccdf eval --cpe %s --profile %s %s" % (
CPE_DICT,
profile,
SCAP_SOURCE,
)
status, output = self.target.run(cmd)
msg = (
"`oscap xccdf eval` does not work as expected.\n"
"Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output)
)
self.assertNotEqual(status, 1, msg=msg)
Reference in New Issue View Git Blame Copy Permalink