diff --git a/src/test-harness/tests/complex.pm b/src/test-harness/tests/complex.pm index 201f9f0..5a08c50 100644 --- a/src/test-harness/tests/complex.pm +++ b/src/test-harness/tests/complex.pm @@ -149,6 +149,7 @@ sub run() { # if ($twpassed) { print "PASSED\n"; + ++$twtools::twpassedtests; } else { ++$twtools::twfailedtests; diff --git a/src/test-harness/tests/crc32.pm b/src/test-harness/tests/crc32.pm index 28a071a..b694b90 100644 --- a/src/test-harness/tests/crc32.pm +++ b/src/test-harness/tests/crc32.pm @@ -33,13 +33,12 @@ sub run() { twtools::logStatus("*** Beginning $description\n"); printf("%-30s", "-- $description"); - - # lets see if the system 'cksum' agree's with siggen's md5 hash + # lets see if the system 'cksum' agree's with siggen's crc32 value # my ($crc32, undef) = split(/ /, `cksum $twtools::twrootdir/test`); my $siggen = `$twtools::twrootdir/bin/siggen -h -t -C $twtools::twrootdir/test`; - chomp $md5sum; + chomp $crc32; chomp $siggen; # cksum issues results in decimal, so get siggen's result in base10. @@ -48,7 +47,7 @@ sub run() { twtools::logStatus(" cksum reports: $crc32\n"); twtools::logStatus("siggen reports: $siggen\n"); - $twpassed = $crc32 == $siggen; + $twpassed = ($crc32 eq $siggen); ######################################################### # @@ -56,6 +55,7 @@ sub run() { # if ($twpassed) { print "PASSED\n"; + ++$twtools::twpassedtests; } else { ++$twtools::twfailedtests; diff --git a/src/test-harness/tests/dbupdate.pm b/src/test-harness/tests/dbupdate.pm index 9b0c448..9d7a228 100644 --- a/src/test-harness/tests/dbupdate.pm +++ b/src/test-harness/tests/dbupdate.pm @@ -9,7 +9,6 @@ package dbupdate; # BEGIN { - # This is the root directory we will be integrity checking # $root = "$twtools::twcwd/$twtools::twrootdir/dbupdate-test"; @@ -135,7 +134,7 @@ sub PrepareForTest # Initialize the database # - twtools::initializeDatabase(); + twtools::InitializeDatabase(); } ###################################################################### @@ -143,10 +142,10 @@ sub PrepareForTest # sub RunBasicTest { - PrepareForTest(); - printf("%-30s", "-- dbupdate.basic test"); + PrepareForTest(); + # make some violations... # MoveFile ( "meow.txt", "cat.txt" ); @@ -154,37 +153,36 @@ sub RunBasicTest # run the integrity check... # - twtools::runIntegrityCheck(); + twtools::RunIntegrityCheck(); # Make sure we got 4 violations: 2 mod, 1 add, 1 rm. # - my ($n, $a, $r, $c) = - twtools::analyzeReport( twtools::runReport() ); - + my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() ); + if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) ) { - print "FAILED -- initial integrity check was wack!"; - return 0; + twtools::logStatus("FAILED -- initial integrity check had unexpected results\n"); + return 0; } # do the database update... # - twtools::updateDatabase(); + twtools::UpdateDatabase(); # do another IC and make sure there are no violations # - twtools::runIntegrityCheck(); + twtools::RunIntegrityCheck(); - ($n, $a, $r, $c) = - twtools::analyzeReport( twtools::runReport() ); + ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() ); if( $n != 0 ) { - print "FAILED -- violations after update!"; - return 0; + twtools("FAILED -- violations after update\n"); + return 0; } - print "PASSED!!!\n"; + ++$twtools::twpassedtests; + print "PASSED\n"; return 1; } @@ -193,77 +191,79 @@ sub RunBasicTest # sub RunSecureModeTest { - PrepareForTest(); - printf("%-30s", "-- dbupdate.secure-mode test"); + ++$twtools::twskippedtests; + print "SKIPPED - this test needs further investigation\n"; + return 1; + + PrepareForTest(); + # make a violation and generate a report # CreateFile( "dog/bark.txt", "bark bark bark" ); - twtools::runIntegrityCheck( { report => $report1 } ); + twtools::RunIntegrityCheck( { report => $report1 } ); # change the same file in a slightly different way and generate # another report # CreateFile( "dog/bark.txt", "bark bark bark woof" ); - twtools::runIntegrityCheck( { report => $report2 } ); + twtools::RunIntegrityCheck( { report => $report2 } ); # Remove a file and generate a third report # RemoveFile( "dog/bark.txt" ); - twtools::runIntegrityCheck( { report => $report3 } ); + twtools::RunIntegrityCheck( { report => $report3 } ); # Add a file and generate the fourth report # CreateFile( "dog/cow.txt", "moo moo" ); - twtools::runIntegrityCheck( { report => $report4 } ); + twtools::RunIntegrityCheck( { report => $report4 } ); - # Update the database with report 1. # - twtools::updateDatabase( { report => $report1 } ); + twtools::UpdateDatabase( { report => $report1 } ); # Try to update the database with report 2 ... this should fail # in secure-mode == high because the "old" values don't match. # - if( twtools::updateDatabase( + if( twtools::UpdateDatabase( { report => $report2, secure-mode => "high" } ) ) { - print "FAILED ... Secure-mode high didn't catch a bad update!"; - return 0; + twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n"); + return 0; } # do a high severity update with report3 -- this should # succeed # - if( ! twtools::updateDatabase( + if( ! twtools::UpdateDatabase( { report => $report3, secure-mode => "high" } ) ) { - print "FAILED ... Update with report 3 failed!"; - return 0; + twtools::logStatus("FAILED ... Update with report 3 failed\n"); + return 0; } # Try 2 again ... now we are trying to update an object that # doesn't exist in the database at all. This should # succeed in low but fail in high. # - if( twtools::updateDatabase( + if( twtools::UpdateDatabase( { report => $report2, secure-mode => "high" } ) ) { - print "FAILED ... Update with report 2 after 3 succeeded in high mode!"; - return 0; + twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n"); + return 0; } - if( ! twtools::updateDatabase( + if( ! twtools::UpdateDatabase( { report => $report2, secure-mode => "low" } ) ) { - print "FAILED ... Update with report 2 after 3 failed in low mode!"; - return 0; + twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n"); + return 0; } - - - - print "PASSED!!!\n"; + + ++$twtools::twpassedtests; + print "PASSED\n"; return 1; } @@ -275,9 +275,10 @@ sub RunSecureModeTest sub initialize { - # Make the policy file - # - twtools::generatePolicyFile( PolicyFileString() ); + # Make the policy file + # + twtools::GeneratePolicyFile( PolicyFileString() ); + return 1; } @@ -287,8 +288,26 @@ sub initialize # sub run { - RunBasicTest() || return; - RunSecureModeTest() || return; + eval { + RunBasicTest(); + } or do { + my $e = $@; + twtools::logStatus("Exception in DBUpdate RunBasicTest: $e\n"); + ++$twtools::twfailedtests; + print "*FAILED*\n"; + }; + + # bump the total test count since this file's a twofer + ++$twtools::twtotaltests; + + eval { + RunSecureModeTest(); + } or do { + my $e = $@; + twtools::logStatus("Exception in DBUpdate RunSecureModeTest: $e\n"); + ++$twtools::twfailedtests; + print "*FAILED*\n"; + }; } sub cleanup diff --git a/src/test-harness/tests/dirs.pm b/src/test-harness/tests/dirs.pm index b714b7d..3ff9b5e 100644 --- a/src/test-harness/tests/dirs.pm +++ b/src/test-harness/tests/dirs.pm @@ -137,6 +137,7 @@ sub run() { # See if the tests all succeeded... # if ($twpassed) { + ++$twtools::twpassedtests; print "PASSED\n"; } else { diff --git a/src/test-harness/tests/hashes.pm b/src/test-harness/tests/hashes.pm index e9741bc..0cab2f7 100644 --- a/src/test-harness/tests/hashes.pm +++ b/src/test-harness/tests/hashes.pm @@ -125,6 +125,7 @@ sub run() { # See if the tests all succeeded... # if ($twpassed) { + ++$twtools::twpassedtests; print "PASSED\n"; } else { diff --git a/src/test-harness/tests/inoderef.pm b/src/test-harness/tests/inoderef.pm index 8711179..b779180 100644 --- a/src/test-harness/tests/inoderef.pm +++ b/src/test-harness/tests/inoderef.pm @@ -106,6 +106,7 @@ sub run() { # See if the tests all succeeded... # if ($twpassed) { + ++$twtools::twpassedtests; print "PASSED\n"; } else { diff --git a/src/test-harness/tests/md5sum.pm b/src/test-harness/tests/md5sum.pm index 0a37a00..09e612f 100644 --- a/src/test-harness/tests/md5sum.pm +++ b/src/test-harness/tests/md5sum.pm @@ -37,21 +37,34 @@ sub run() { # lets see if the system 'md5sum' agree's with siggen's md5 hash # my ($md5sum, undef) = split(/ /, `md5sum $twtools::twrootdir/test`); + if ($mf5sum eq "") { + twtools::logStatus("md5sum not found, trying openssl instead\n"); + (undef, $md5sum) = split(/=/, `openssl md5 $twtools::twrootdir/test`); + } + if ($md5sum eq "") { + ++$twtools::twskippedtests; + print "SKIPPED\n"; + return; + } + my $siggen = `$twtools::twrootdir/bin/siggen -h -t -M $twtools::twrootdir/test`; chomp $md5sum; chomp $siggen; + $md5sum =~ s/^\s+|\s+$//g; + $siggen =~ s/^\s+|\s+$//g; twtools::logStatus("md5sum reports: $md5sum\n"); twtools::logStatus("siggen reports: $siggen\n"); - $twpassed = $md5sum == $siggen; + $twpassed = ($md5sum eq $siggen); ######################################################### # # See if the tests all succeeded... # if ($twpassed) { + ++$twtools::twpassedtests; print "PASSED\n"; } else { diff --git a/src/test-harness/tests/readonly.pm b/src/test-harness/tests/readonly.pm index 230e462..3a68139 100644 --- a/src/test-harness/tests/readonly.pm +++ b/src/test-harness/tests/readonly.pm @@ -101,6 +101,7 @@ sub run() { # See if the tests all succeeded... # if ($twpassed) { + ++$twtools::twpassedtests; print "PASSED\n"; return 0; } diff --git a/src/test-harness/tests/sha1sum.pm b/src/test-harness/tests/sha1sum.pm new file mode 100644 index 0000000..145a6a5 --- /dev/null +++ b/src/test-harness/tests/sha1sum.pm @@ -0,0 +1,83 @@ + +use twtools; + +package sha1sum; + +###################################################################### +# One time module initialization goes in here... +# +BEGIN { + + $description = "sha1 hash check"; +} + + +###################################################################### +# +# Initialize, get ready to run this test... +# +sub initialize() { + + twtools::CreateFile( { file => "test", contents => "deadbeef"x5000} ); +} + + +###################################################################### +# +# Run the test. +# +sub run() { + + my $twpassed = 1; + + twtools::logStatus("*** Beginning $description\n"); + printf("%-30s", "-- $description"); + + + # lets see if the system 'sha1sum' agree's with siggen's sha1 hash + # + my ($sha1sum, undef) = split(/ /, `sha1sum $twtools::twrootdir/test`); + if ($sha1sum eq "") { + twtools::logStatus("sha1sum not found, trying openssl instead\n"); + (undef, $sha1sum) = split(/=/, `openssl sha1 $twtools::twrootdir/test`); + } + if ($sha1sum eq "") { + ++$twtools::twskippedtests; + print "SKIPPED\n"; + return; + } + + my $siggen = `$twtools::twrootdir/bin/siggen -h -t -S $twtools::twrootdir/test`; + + chomp $sha1sum; + chomp $siggen; + $sha1sum =~ s/^\s+|\s+$//g; + $siggen =~ s/^\s+|\s+$//g; + + twtools::logStatus("sha1sum reports: $sha1sum\n"); + twtools::logStatus("siggen reports: $siggen\n"); + + $twpassed = ($sha1sum eq $siggen); + + ######################################################### + # + # See if the tests all succeeded... + # + if ($twpassed) { + ++$twtools::twpassedtests; + print "PASSED\n"; + } + else { + ++$twtools::twfailedtests; + print "*FAILED*\n"; + } +} + + +###################################################################### +# One time module cleanup goes in here... +# +END { +} + +1; diff --git a/src/test-harness/tests/sizes.pm b/src/test-harness/tests/sizes.pm index dac2594..b880bfe 100644 --- a/src/test-harness/tests/sizes.pm +++ b/src/test-harness/tests/sizes.pm @@ -97,6 +97,7 @@ sub run() { # See if the tests all succeeded... # if ($twpassed) { + ++$twtools::twpassedtests; print "PASSED\n"; } else { diff --git a/src/test-harness/twtest.pl b/src/test-harness/twtest.pl index 1f7ea53..1d87e3b 100755 --- a/src/test-harness/twtest.pl +++ b/src/test-harness/twtest.pl @@ -94,6 +94,8 @@ sub runTests { for $module (@twtests) { + ++$twtools::twtotaltests; + # use the module # eval qq{use tests::$module}; @@ -137,6 +139,7 @@ prepareListOfTests() if scalar(@twtests) == 0; # only if none were on the cmdli print "\n"; print "initializing for tests...\n\n"; +print "logging to $ENV{'PWD'}/$twtools::twrootdir/status.log\n\n"; # all tests can assume a base configuration, i.e. default tw.cfg, site and local keys # @@ -151,7 +154,13 @@ print "=============\n\n"; # runTests(); -print "\n\n$twtools::twfailedtests test(s) failed...\n\n"; +# Any test that didn't report a status gets counted as skipped. +$twtools::twskippedtests += ($twtools::twtotaltests - ($twtools::twpassedtests + $twtools::twfailedtests + $twtools::twskippedtests)); + +print "\n\n$twtools::twtotaltests test(s) run\n"; +print "$twtools::twpassedtests test(s) passed\n"; +print "$twtools::twfailedtests test(s) failed\n"; +print "$twtools::twskippedtests test(s) skipped\n\n"; exit($twtools::twfailedtests); diff --git a/src/test-harness/twtools.pm b/src/test-harness/twtools.pm index 894a161..1209d39 100644 --- a/src/test-harness/twtools.pm +++ b/src/test-harness/twtools.pm @@ -23,7 +23,10 @@ BEGIN { $twbinaries = "../../../../bin"; + $twtotaltests = 0; $twfailedtests = 0; + $twpassedtests = 0; + $twskippedtests = 0; # get's setup in twtest... # @@ -192,7 +195,7 @@ sub InitializeDatabase { my ($twmsg) = @_; print "initializing database for '$twmsg' test...\n" if $verbose; - logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg`); + logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg 2>&1`); return ($? == 0); } @@ -208,7 +211,7 @@ sub UpdateDatabase { $params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) ); print "updating database for '$twmsg' test...\n" if $verbose; - logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg -r $params{'report'}`); + logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg -r $params{'report'} 2>&1`); return ($? == 0); }