From 72f042644b75b577de74f351b913b5f2874f4677 Mon Sep 17 00:00:00 2001 From: Brian Cox Date: Wed, 9 Aug 2017 23:55:30 -0700 Subject: [PATCH] Add test-harness test for policy creation; among other things it tries the policy files in src/parser/testfiles, plus some other test cases. Updated one of the test files so user doesn't need to hand edit it before use. --- src/parser/testfiles/directives.txt | 22 ++-- src/test-harness/tests/createpolicy.pm | 156 +++++++++++++++++++++++++ src/test-harness/twtools.pm | 18 +++ 3 files changed, 185 insertions(+), 11 deletions(-) create mode 100644 src/test-harness/tests/createpolicy.pm diff --git a/src/parser/testfiles/directives.txt b/src/parser/testfiles/directives.txt index 47255b0..7e9446a 100644 --- a/src/parser/testfiles/directives.txt +++ b/src/parser/testfiles/directives.txt @@ -1,4 +1,4 @@ -# replace your_host with the name of your host. +# Exercises the ifhost conditional, assuming your host answers to 'localhost'. # parser will echo YES1 through YES9 # there's a problem with the parser if it echoes NO @@ -8,12 +8,12 @@ @@print +YES1 @@endif -@@ifhost bar || your_host||baz +@@ifhost bar || localhost||baz @@ifhost foo - @@ifhost your_host + @@ifhost localhost @@error +NO2; @@else @@error +NO3; @@ -35,9 +35,9 @@ - @@ifhost your_host + @@ifhost localhost - @@ifhost your_host + @@ifhost localhost @@print +YES4; @@else @@error +NO6; @@ -47,7 +47,7 @@ @@else - @@ifhost your_host + @@ifhost localhost @@error +NO7; @@else @@error +NO8; @@ -57,7 +57,7 @@ @@endif - @@ifhost your_host + @@ifhost localhost @@print +YES6; @@else @@error +NO10; @@ -70,11 +70,11 @@ @@endif - @@ifhost your_host || baz + @@ifhost localhost || baz @@print +YES8; @@endif - @@ifhost baz || your_host + @@ifhost baz || localhost @@print +YES9; @@endif @@ -87,7 +87,7 @@ @@ifhost foo - @@ifhost your_host + @@ifhost localhost @@error +NO13; @@else @@error +NO14; @@ -113,7 +113,7 @@ @@error +NO20; @@endif - @@ifhost your_host + @@ifhost localhost @@error +NO21; @@else @@error +NO22; diff --git a/src/test-harness/tests/createpolicy.pm b/src/test-harness/tests/createpolicy.pm new file mode 100644 index 0000000..6d40914 --- /dev/null +++ b/src/test-harness/tests/createpolicy.pm @@ -0,0 +1,156 @@ + +use twtools; + +package createpolicy; + + +###################################################################### +# One time module initialization goes in here... +# +BEGIN +{ + $description = "policy creation test"; + $testpolicydir = "$twtools::twrootdir/../../parser/testfiles"; +} + +###################################################################### +# various policies +# +sub basic_policy +{ + return < +S; +/bar -> \$(IgnoreNone); +!/baz; + +POLICY_END +} + +sub variable_policy +{ + return < \$(BAR); + +POLICY_END +} + +sub host_conditional_policy +{ + return < \$(IgnoreNone); +\@\@else +\@\@error failed +\@\@endif + +POLICY_END +} + + +###################################################################### +# +# Run the test. +# +sub run +{ + my $twpassed = 1; + + twtools::logStatus("*** Beginning policy creation test\n"); + printf("%-30s", "-- $description"); + + twtools::GeneratePolicyFile( basic_policy() ); + if ( $? != 0 ) { + twtools::logStatus("basic create-polfile failed, error = $?\n"); + $twpassed = 0; + } + + twtools::GeneratePolicyFile( variable_policy() ); + if ( $? != 0 ) { + twtools::logStatus("create-polfile with variables failed, error = $?\n"); + $twpassed = 0; + } + + twtools::GeneratePolicyFile( host_conditional_policy() ); + if ( $? != 0 ) { + twtools::logStatus("create-polfile with ifhost conditional failed, error = $?\n"); + $twpassed = 0; + } + + # Test with existing test case files in the src/policy/testfiles directory. + # + twtools::CreatePolicy({policy-text => "$testpolicydir/directives.txt"}); + if ( $? != 0 ) { + twtools::logStatus("create-polfile with directives.txt failed, error = $?\n"); + $twpassed = 0; + } + + twtools::CreatePolicy({policy-text => "$testpolicydir/pol.txt"}); + if ( $? != 0 ) { + twtools::logStatus("create-polfile with pol.txt failed, error = $?\n"); + $twpassed = 0; + } + + twtools::CreatePolicy({policy-text => "$testpolicydir/poleasy.txt"}); + if ( $? != 0 ) { + twtools::logStatus("create-polfile with poleasy.txt failed, error = $?\n"); + $twpassed = 0; + } + + twtools::CreatePolicy({policy-text => "$testpolicydir/polhard.txt"}); + if ( $? != 0 ) { + twtools::logStatus("create-polfile with polhard.txt failed, error = $?\n"); + $twpassed = 0; + } + + twtools::CreatePolicy({policy-text => "$testpolicydir/polruleattr.txt"}); + if ( $? != 0 ) { + twtools::logStatus("create-polfile with polruleattr.txt failed, error = $?\n"); + $twpassed = 0; + } + + + ######################################################### + # + # See if the tests all succeeded... + # + if ($twpassed) { + ++$twtools::twpassedtests; + print "PASSED\n"; + return 1; + } + else { + ++$twtools::twfailedtests; + print "*FAILED*\n"; + return 0; + } +} + + + +###################################################################### +# +# Initialize the test +# + +sub initialize +{ + return 1; +} + + +###################################################################### +# One time module cleanup goes in here... +# +END +{ +} + +1; + diff --git a/src/test-harness/twtools.pm b/src/test-harness/twtools.pm index 0ce7a90..b04c633 100644 --- a/src/test-harness/twtools.pm +++ b/src/test-harness/twtools.pm @@ -279,6 +279,24 @@ sub GeneratePolicyFile { } +###################################################################### +# Generate and sign the policy file... Note the contents +# of the policy file are passed in as '$twstr'. +# +sub CreatePolicy { + + my (%params) = %{$_[0]}; + + $params{policy-text} = "$twrootdir/$twpolicyloc" if( ! defined($params{policy-text}) ); + + print "generating policy file...\n" if $verbose; + + logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text}`); + + return ($? == 0); +} + + ###################################################################### # Run tripwire to initialize the database... #