colin
/
tripwire-open-source
mirror of https://github.com/Tripwire/tripwire-open-source.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes for the Perl acceptance test suite: Enhance reporting to show total/pass/fail/skip tests, fix DB Update tests that were failing silently, fix 'hash check' tests that were passing incorrectly even if md5sum wasn't present, add a sha1 hash test.

This commit is contained in:
Brian Cox 2017-04-23 22:52:32 -07:00
parent 47c9861baa
commit cdfb2096c5
12 changed files with 187 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/test-harness/tests/complex.pm
View File

@ -149,6 +149,7 @@ sub run() {
# #
if ($twpassed) { if ($twpassed) {
print "PASSED\n"; print "PASSED\n";
++$twtools::twpassedtests;
} }
else { else {
++$twtools::twfailedtests; ++$twtools::twfailedtests;

8
src/test-harness/tests/crc32.pm
View File

@ -33,13 +33,12 @@ sub run() {
twtools::logStatus("*** Beginning $description\n"); twtools::logStatus("*** Beginning $description\n");
printf("%-30s", "-- $description"); printf("%-30s", "-- $description");
# lets see if the system 'cksum' agree's with siggen's crc32 value
# lets see if the system 'cksum' agree's with siggen's md5 hash
# #
my ($crc32, undef) = split(/ /, `cksum $twtools::twrootdir/test`); my ($crc32, undef) = split(/ /, `cksum $twtools::twrootdir/test`);
my $siggen = `$twtools::twrootdir/bin/siggen -h -t -C $twtools::twrootdir/test`; my $siggen = `$twtools::twrootdir/bin/siggen -h -t -C $twtools::twrootdir/test`;
chomp $md5sum; chomp $crc32;
chomp $siggen; chomp $siggen;
# cksum issues results in decimal, so get siggen's result in base10. # cksum issues results in decimal, so get siggen's result in base10.
@ -48,7 +47,7 @@ sub run() {
twtools::logStatus(" cksum reports: $crc32\n"); twtools::logStatus(" cksum reports: $crc32\n");
twtools::logStatus("siggen reports: $siggen\n"); twtools::logStatus("siggen reports: $siggen\n");
$twpassed = $crc32 == $siggen; $twpassed = ($crc32 eq $siggen);
######################################################### #########################################################
# #
@ -56,6 +55,7 @@ sub run() {
# #
if ($twpassed) { if ($twpassed) {
print "PASSED\n"; print "PASSED\n";
++$twtools::twpassedtests;
} }
else { else {
++$twtools::twfailedtests; ++$twtools::twfailedtests;

111
src/test-harness/tests/dbupdate.pm
View File

@ -9,7 +9,6 @@ package dbupdate;
# #
BEGIN BEGIN
{ {
# This is the root directory we will be integrity checking # This is the root directory we will be integrity checking
# #
$root = "$twtools::twcwd/$twtools::twrootdir/dbupdate-test"; $root = "$twtools::twcwd/$twtools::twrootdir/dbupdate-test";
@ -135,7 +134,7 @@ sub PrepareForTest
# Initialize the database # Initialize the database
# #
twtools::initializeDatabase(); twtools::InitializeDatabase();
} }
###################################################################### ######################################################################
@ -143,10 +142,10 @@ sub PrepareForTest
# #
sub RunBasicTest sub RunBasicTest
{ {
PrepareForTest();
printf("%-30s", "-- dbupdate.basic test"); printf("%-30s", "-- dbupdate.basic test");
PrepareForTest();
# make some violations... # make some violations...
# #
MoveFile ( "meow.txt", "cat.txt" ); MoveFile ( "meow.txt", "cat.txt" );
@ -154,37 +153,36 @@ sub RunBasicTest
# run the integrity check... # run the integrity check...
# #
twtools::runIntegrityCheck(); twtools::RunIntegrityCheck();
# Make sure we got 4 violations: 2 mod, 1 add, 1 rm. # Make sure we got 4 violations: 2 mod, 1 add, 1 rm.
# #
my ($n, $a, $r, $c) = my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
twtools::analyzeReport( twtools::runReport() );
if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) ) if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) )
{ {
print "FAILED -- initial integrity check was wack!"; twtools::logStatus("FAILED -- initial integrity check had unexpected results\n");
return 0; return 0;
} }
# do the database update... # do the database update...
# #
twtools::updateDatabase(); twtools::UpdateDatabase();
# do another IC and make sure there are no violations # do another IC and make sure there are no violations
# #
twtools::runIntegrityCheck(); twtools::RunIntegrityCheck();
($n, $a, $r, $c) = ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
twtools::analyzeReport( twtools::runReport() );
if( $n != 0 ) if( $n != 0 )
{ {
print "FAILED -- violations after update!"; twtools("FAILED -- violations after update\n");
return 0; return 0;
} }
print "PASSED!!!\n"; ++$twtools::twpassedtests;
print "PASSED\n";
return 1; return 1;
} }
@ -193,77 +191,79 @@ sub RunBasicTest
# #
sub RunSecureModeTest sub RunSecureModeTest
{ {
PrepareForTest();
printf("%-30s", "-- dbupdate.secure-mode test"); printf("%-30s", "-- dbupdate.secure-mode test");
++$twtools::twskippedtests;
print "SKIPPED - this test needs further investigation\n";
return 1;
PrepareForTest();
# make a violation and generate a report # make a violation and generate a report
# #
CreateFile( "dog/bark.txt", "bark bark bark" ); CreateFile( "dog/bark.txt", "bark bark bark" );
twtools::runIntegrityCheck( { report => $report1 } ); twtools::RunIntegrityCheck( { report => $report1 } );
# change the same file in a slightly different way and generate # change the same file in a slightly different way and generate
# another report # another report
# #
CreateFile( "dog/bark.txt", "bark bark bark woof" ); CreateFile( "dog/bark.txt", "bark bark bark woof" );
twtools::runIntegrityCheck( { report => $report2 } ); twtools::RunIntegrityCheck( { report => $report2 } );
# Remove a file and generate a third report # Remove a file and generate a third report
# #
RemoveFile( "dog/bark.txt" ); RemoveFile( "dog/bark.txt" );
twtools::runIntegrityCheck( { report => $report3 } ); twtools::RunIntegrityCheck( { report => $report3 } );
# Add a file and generate the fourth report # Add a file and generate the fourth report
# #
CreateFile( "dog/cow.txt", "moo moo" ); CreateFile( "dog/cow.txt", "moo moo" );
twtools::runIntegrityCheck( { report => $report4 } ); twtools::RunIntegrityCheck( { report => $report4 } );
# Update the database with report 1. # Update the database with report 1.
# #
twtools::updateDatabase( { report => $report1 } ); twtools::UpdateDatabase( { report => $report1 } );
# Try to update the database with report 2 ... this should fail # Try to update the database with report 2 ... this should fail
# in secure-mode == high because the "old" values don't match. # in secure-mode == high because the "old" values don't match.
# #
if( twtools::updateDatabase( if( twtools::UpdateDatabase(
{ report => $report2, secure-mode => "high" } ) ) { report => $report2, secure-mode => "high" } ) )
{ {
print "FAILED ... Secure-mode high didn't catch a bad update!"; twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
return 0; return 0;
} }
# do a high severity update with report3 -- this should # do a high severity update with report3 -- this should
# succeed # succeed
# #
if( ! twtools::updateDatabase( if( ! twtools::UpdateDatabase(
{ report => $report3, secure-mode => "high" } ) ) { report => $report3, secure-mode => "high" } ) )
{ {
print "FAILED ... Update with report 3 failed!"; twtools::logStatus("FAILED ... Update with report 3 failed\n");
return 0; return 0;
} }
# Try 2 again ... now we are trying to update an object that # Try 2 again ... now we are trying to update an object that
# doesn't exist in the database at all. This should # doesn't exist in the database at all. This should
# succeed in low but fail in high. # succeed in low but fail in high.
# #
if( twtools::updateDatabase( if( twtools::UpdateDatabase(
{ report => $report2, secure-mode => "high" } ) ) { report => $report2, secure-mode => "high" } ) )
{ {
print "FAILED ... Update with report 2 after 3 succeeded in high mode!"; twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
return 0; return 0;
} }
if( ! twtools::updateDatabase( if( ! twtools::UpdateDatabase(
{ report => $report2, secure-mode => "low" } ) ) { report => $report2, secure-mode => "low" } ) )
{ {
print "FAILED ... Update with report 2 after 3 failed in low mode!"; twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");
return 0; return 0;
} }
++$twtools::twpassedtests;
print "PASSED\n";
print "PASSED!!!\n";
return 1; return 1;
} }
@ -275,9 +275,10 @@ sub RunSecureModeTest
sub initialize sub initialize
{ {
# Make the policy file # Make the policy file
# #
twtools::generatePolicyFile( PolicyFileString() ); twtools::GeneratePolicyFile( PolicyFileString() );
return 1;
} }
@ -287,8 +288,26 @@ sub initialize
# #
sub run sub run
{ {
RunBasicTest() || return; eval {
RunSecureModeTest() || return; RunBasicTest();
} or do {
my $e = $@;
twtools::logStatus("Exception in DBUpdate RunBasicTest: $e\n");
++$twtools::twfailedtests;
print "*FAILED*\n";
};
# bump the total test count since this file's a twofer
++$twtools::twtotaltests;
eval {
RunSecureModeTest();
} or do {
my $e = $@;
twtools::logStatus("Exception in DBUpdate RunSecureModeTest: $e\n");
++$twtools::twfailedtests;
print "*FAILED*\n";
};
} }
sub cleanup sub cleanup

1
src/test-harness/tests/dirs.pm
View File

@ -137,6 +137,7 @@ sub run() {
# See if the tests all succeeded... # See if the tests all succeeded...
# #
if ($twpassed) { if ($twpassed) {
++$twtools::twpassedtests;
print "PASSED\n"; print "PASSED\n";
} }
else { else {

1
src/test-harness/tests/hashes.pm
View File

@ -125,6 +125,7 @@ sub run() {
# See if the tests all succeeded... # See if the tests all succeeded...
# #
if ($twpassed) { if ($twpassed) {
++$twtools::twpassedtests;
print "PASSED\n"; print "PASSED\n";
} }
else { else {

1
src/test-harness/tests/inoderef.pm
View File

@ -106,6 +106,7 @@ sub run() {
# See if the tests all succeeded... # See if the tests all succeeded...
# #
if ($twpassed) { if ($twpassed) {
++$twtools::twpassedtests;
print "PASSED\n"; print "PASSED\n";
} }
else { else {

15
src/test-harness/tests/md5sum.pm
View File

@ -37,21 +37,34 @@ sub run() {
# lets see if the system 'md5sum' agree's with siggen's md5 hash # lets see if the system 'md5sum' agree's with siggen's md5 hash
# #
my ($md5sum, undef) = split(/ /, `md5sum $twtools::twrootdir/test`); my ($md5sum, undef) = split(/ /, `md5sum $twtools::twrootdir/test`);
if ($mf5sum eq "") {
twtools::logStatus("md5sum not found, trying openssl instead\n");
(undef, $md5sum) = split(/=/, `openssl md5 $twtools::twrootdir/test`);
}
if ($md5sum eq "") {
++$twtools::twskippedtests;
print "SKIPPED\n";
return;
}
my $siggen = `$twtools::twrootdir/bin/siggen -h -t -M $twtools::twrootdir/test`; my $siggen = `$twtools::twrootdir/bin/siggen -h -t -M $twtools::twrootdir/test`;
chomp $md5sum; chomp $md5sum;
chomp $siggen; chomp $siggen;
$md5sum =~ s/^\s+|\s+$//g;
$siggen =~ s/^\s+|\s+$//g;
twtools::logStatus("md5sum reports: $md5sum\n"); twtools::logStatus("md5sum reports: $md5sum\n");
twtools::logStatus("siggen reports: $siggen\n"); twtools::logStatus("siggen reports: $siggen\n");
$twpassed = $md5sum == $siggen; $twpassed = ($md5sum eq $siggen);
######################################################### #########################################################
# #
# See if the tests all succeeded... # See if the tests all succeeded...
# #
if ($twpassed) { if ($twpassed) {
++$twtools::twpassedtests;
print "PASSED\n"; print "PASSED\n";
} }
else { else {

1
src/test-harness/tests/readonly.pm
View File

@ -101,6 +101,7 @@ sub run() {
# See if the tests all succeeded... # See if the tests all succeeded...
# #
if ($twpassed) { if ($twpassed) {
++$twtools::twpassedtests;
print "PASSED\n"; print "PASSED\n";
return 0; return 0;
} }

83
src/test-harness/tests/sha1sum.pm Normal file
View File

@ -0,0 +1,83 @@
use twtools;
package sha1sum;
######################################################################
# One time module initialization goes in here...
#
BEGIN {
$description = "sha1 hash check";
}
######################################################################
#
# Initialize, get ready to run this test...
#
sub initialize() {
twtools::CreateFile( { file => "test", contents => "deadbeef"x5000} );
}
######################################################################
#
# Run the test.
#
sub run() {
my $twpassed = 1;
twtools::logStatus("*** Beginning $description\n");
printf("%-30s", "-- $description");
# lets see if the system 'sha1sum' agree's with siggen's sha1 hash
#
my ($sha1sum, undef) = split(/ /, `sha1sum $twtools::twrootdir/test`);
if ($sha1sum eq "") {
twtools::logStatus("sha1sum not found, trying openssl instead\n");
(undef, $sha1sum) = split(/=/, `openssl sha1 $twtools::twrootdir/test`);
}
if ($sha1sum eq "") {
++$twtools::twskippedtests;
print "SKIPPED\n";
return;
}
my $siggen = `$twtools::twrootdir/bin/siggen -h -t -S $twtools::twrootdir/test`;
chomp $sha1sum;
chomp $siggen;
$sha1sum =~ s/^\s+|\s+$//g;
$siggen =~ s/^\s+|\s+$//g;
twtools::logStatus("sha1sum reports: $sha1sum\n");
twtools::logStatus("siggen reports: $siggen\n");
$twpassed = ($sha1sum eq $siggen);
#########################################################
#
# See if the tests all succeeded...
#
if ($twpassed) {
++$twtools::twpassedtests;
print "PASSED\n";
}
else {
++$twtools::twfailedtests;
print "*FAILED*\n";
}
}
######################################################################
# One time module cleanup goes in here...
#
END {
}
1;

1
src/test-harness/tests/sizes.pm
View File

@ -97,6 +97,7 @@ sub run() {
# See if the tests all succeeded... # See if the tests all succeeded...
# #
if ($twpassed) { if ($twpassed) {
++$twtools::twpassedtests;
print "PASSED\n"; print "PASSED\n";
} }
else { else {

11
src/test-harness/twtest.pl
View File

@ -94,6 +94,8 @@ sub runTests {
for $module (@twtests) { for $module (@twtests) {
++$twtools::twtotaltests;
# use the module # use the module
# #
eval qq{use tests::$module}; eval qq{use tests::$module};
@ -137,6 +139,7 @@ prepareListOfTests() if scalar(@twtests) == 0; # only if none were on the cmdli
print "\n"; print "\n";
print "initializing for tests...\n\n"; print "initializing for tests...\n\n";
print "logging to $ENV{'PWD'}/$twtools::twrootdir/status.log\n\n";
# all tests can assume a base configuration, i.e. default tw.cfg, site and local keys # all tests can assume a base configuration, i.e. default tw.cfg, site and local keys
# #
@ -151,7 +154,13 @@ print "=============\n\n";
# #
runTests(); runTests();
print "\n\n$twtools::twfailedtests test(s) failed...\n\n"; # Any test that didn't report a status gets counted as skipped.
$twtools::twskippedtests += ($twtools::twtotaltests - ($twtools::twpassedtests + $twtools::twfailedtests + $twtools::twskippedtests));
print "\n\n$twtools::twtotaltests test(s) run\n";
print "$twtools::twpassedtests test(s) passed\n";
print "$twtools::twfailedtests test(s) failed\n";
print "$twtools::twskippedtests test(s) skipped\n\n";
exit($twtools::twfailedtests); exit($twtools::twfailedtests);

7
src/test-harness/twtools.pm
View File

@ -23,7 +23,10 @@ BEGIN {
$twbinaries = "../../../../bin"; $twbinaries = "../../../../bin";
$twtotaltests = 0;
$twfailedtests = 0; $twfailedtests = 0;
$twpassedtests = 0;
$twskippedtests = 0;
# get's setup in twtest... # get's setup in twtest...
# #
@ -192,7 +195,7 @@ sub InitializeDatabase {
my ($twmsg) = @_; my ($twmsg) = @_;
print "initializing database for '$twmsg' test...\n" if $verbose; print "initializing database for '$twmsg' test...\n" if $verbose;
logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg`); logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg 2>&1`);
return ($? == 0); return ($? == 0);
} }
@ -208,7 +211,7 @@ sub UpdateDatabase {
$params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) ); $params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
print "updating database for '$twmsg' test...\n" if $verbose; print "updating database for '$twmsg' test...\n" if $verbose;
logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg -r $params{'report'}`); logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/policy/tw.pol -c $twrootdir/tw.cfg -r $params{'report'} 2>&1`);
return ($? == 0); return ($? == 0);
} }