Add new test-harness tests to exercise various IC mode options, plus tripwire help & version modes

2017-08-05 18:05:21 -07:00 · 2017-08-05 18:05:21 -07:00 · f02e2c10b5
parent db60f15f23
commit f02e2c10b5
3 changed files with 484 additions and 5 deletions
--- a/src/test-harness/tests/integritycheck.pm
+++ b/src/test-harness/tests/integritycheck.pm
@ -0,0 +1,357 @@
+
+use twtools;
+
+package integritycheck;
+
+
+######################################################################
+# One time module initialization goes in here...
+#
+BEGIN 
+{
+    $description = "integrity check test";
+
+	# This is the root directory we will be integrity checking
+	#
+	$root = "$twtools::twcwd/$twtools::twrootdir/ic-test-a";
+	$root2 = "$twtools::twcwd/$twtools::twrootdir/ic-test-b";
+
+	# Here are the names of the report files this test will create
+	#
+	$report1 = "$twtools::twcwd/$twtools::twrootdir/report/ic-1.twr";
+
+	$report2 = "$twtools::twcwd/$twtools::twrootdir/report/dbupdate-2.twr";
+	$report3 = "$twtools::twcwd/$twtools::twrootdir/report/dbupdate-3.twr";
+	$report4 = "$twtools::twcwd/$twtools::twrootdir/report/dbupdate-4.twr";
+}
+
+######################################################################
+# PolicyFileString -- return the policy text as a string
+#
+sub PolicyFileString
+{
+	return <<POLICY_END;	
+    # Policy file generated by integrity checks test
+    #
+    (rulename="RuleA", severity=100)
+    {
+        $root -> \$(ReadOnly)+S; #read only plus SHA-1
+    }
+
+    (rulename="RuleB", severity=300)
+    {
+        $root2 -> \$(ReadOnly)+S; #read only plus SHA-1
+    }
+
+POLICY_END
+
+}
+
+######################################################################
+# CreateFile -- create a file with the specified contents
+#   
+# input:  path     -- path to the file; relative to $root
+#         contents -- string to put in the file
+#
+sub CreateFile
+{
+	my ($path, $contents) = @_;
+	
+	system( "echo $contents > $path" );
+
+	$? && die "Create file failed for $path\n";
+}
+
+######################################################################
+# RemoveFile -- removes the named file
+#   
+sub RemoveFile
+{
+	my ($path) = @_;
+	
+	if( -e "$path" )
+	{
+		system( "rm -f $path" );
+	}
+	
+	$? && die "Remove file failed for $root/$path\n";
+}
+
+
+######################################################################
+# CreateDir -- create a directory
+#
+sub CreateDir
+{
+	my($dir) = @_;
+
+	# NOTE: mkdir fails if it is already a directory!
+	#
+	if( ! -d "$dir" )
+	{
+		system( "rm -f $dir" );
+		system( "mkdir -p $dir" );
+	
+		$? && die "Mkdir failed for $root/$dir\n";
+	}
+}
+
+######################################################################
+# MoveFile -- move a file from one place to another
+#             NOTE: file names are relative to $root
+#   
+# input:  old_name -- name of file to move
+#         new_name -- where it should be moved to
+#
+sub MoveFile
+{
+	my($old, $new) = @_;
+	
+	system( "mv $old $new" );
+	$? && die "mv $old $new failed!\n";
+}
+
+######################################################################
+# PrintDatabase
+#
+sub PrintDatabase
+{
+	system( "$twtools::twrootdir/bin/twprint -m d -c $twtools::twrootdir/tw.cfg" );
+}
+
+######################################################################
+# PrintReport
+#
+sub PrintReport
+{
+	my ($report) = @_;
+	system( "$twtools::twrootdir/bin/twprint -m r -c $twtools::twrootdir/tw.cfg -r $report" );
+}
+
+######################################################################
+# PrepareForTest -- creates the files that each test will be 
+#                   integrity checking and initializes the database.
+#
+sub PrepareForTest
+{
+	# make sure we are cleaned up...
+	#
+	cleanup();
+
+	# Make the files we will be using...
+	#
+    CreateDir ( "$root");
+	CreateDir ( "$root/subdir" );
+	CreateFile( "$root/subdir/modify.txt", "hello world" );
+	CreateFile( "$root/copy-src.txt",     "asdf" );
+
+    CreateDir ( "$root2");
+	CreateFile( "$root2/deleteme.txt",     "goodbye cruel world" );
+
+	# Initialize the database
+	#
+	twtools::InitializeDatabase();
+}
+
+
+######################################################################
+#
+# Run the test.
+#
+sub run
+{
+    my $twpassed = 1;
+
+    twtools::logStatus("*** Beginning integrity check test\n");
+    printf("%-30s", "-- $description");
+
+	PrepareForTest();
+
+	# make some violations...
+	#
+	MoveFile  ( "$root/copy-src.txt", "$root/copy-dest.txt" );
+	CreateFile( "$root/subdir/modify.txt", "bark bark bark" );
+    RemoveFile( "$root2/deleteme.txt");
+
+    #######################################################
+	# First run a full IC
+	#
+	twtools::RunIntegrityCheck();
+
+	# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
+	#
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+	if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
+	{
+	    twtools::logStatus("Full IC failed: $n $a $r $c\n");
+	    $twpassed = 0;
+	}
+
+    # TODO: Make RunReport+AnalyzeReport play nice with signed report files
+    #######################################################
+    # Do it again, but sign it this time.
+    #
+    #twtools::RunIntegrityCheck({trailing-opts => "-E -P $twtools::twlocalpass"});
+
+    # Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
+    #
+    #my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+    #if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
+    #{
+    #    twtools::logStatus("Full IC with signing failed: $n $a $r $c\n");
+    #    $twpassed = 0;
+    #}
+
+    #######################################################
+    # Now run 'just' the FS section, aka the whole policy
+    #
+    twtools::RunIntegrityCheck(trailing-opts => "-x FS");
+
+	# Make sure we got 6 violations: 3 mod, 1 add, 2 rm.
+    #
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+	if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
+    {
+        twtools::logStatus("IC with FS section failed: $n $a $r $c\n");
+        $twpassed = 0;
+    }
+
+    #######################################################
+    # Now just run RuleA
+    #
+    twtools::RunIntegrityCheck({trailing-opts => "-R RuleA"});
+
+    # Make sure we got 4 violations this time: 2 mod, 1 add, 1 rm.
+    #
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+    if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) )
+    {
+        twtools::logStatus("IC of Rule A failed: $n $a $r $c\n");
+        $twpassed = 0;
+    }
+
+    #######################################################
+    # Now run severity level 300, meaning RuleB
+    #
+    twtools::RunIntegrityCheck({trailing-opts => "-l 300"});
+
+    # Make sure we got 2 violations this time: 1 mod, 0 add, 1 rm.
+    #
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+    if( ($n != 2) || ($a != 0) || ($r != 1) || ($c != 1) )
+    {
+        twtools::logStatus("IC of severity 300+ failed: $n $a $r $c\n");
+        $twpassed = 0;
+    }
+
+    #######################################################
+    # Now run against one object, modify.txt
+    #
+    twtools::RunIntegrityCheck({trailing-opts => "$root/subdir/modify.txt"});
+
+    # Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
+    #
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+    if( ($n != 1) || ($a != 0) || ($r != 0) || ($c != 1) )
+    {
+        twtools::logStatus("IC of single object modify.txt failed: $n $a $r $c\n");
+        $twpassed = 0;
+    }
+
+
+    #######################################################
+    # Now run an interactive IC with cat as a fake editor, so DB gets auto updated.
+    #
+    twtools::RunIntegrityCheck({trailing-opts => "-I -V cat -P $twtools::twlocalpass"});
+
+    # Make sure we got 1 violation this time: 1 mod, 0 add, 0 rm.
+    #
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+	if( ($n != 6) || ($a != 1) || ($r != 2) || ($c != 3) )
+    {
+        twtools::logStatus("Interactive IC failed: $n $a $r $c\n");
+        $twpassed = 0;
+    }
+
+    #######################################################
+    # Finally run another full IC to verify db was updated
+    #  + also exercise the verbose & hex output options since we don't elsewhere.
+    #
+    twtools::RunIntegrityCheck({trailing-opts => "-v -h"});
+
+    # Make sure we got no violations this time
+    #
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+
+    if( ($n != 0) || ($a != 0) || ($r != 0) || ($c != 0) )
+    {
+        twtools::logStatus("IC after interactive IC failed: $n $a $r $c\n");
+        $twpassed = 0;
+    }
+
+    #########################################################
+    #
+    # See if the tests all succeeded...
+    #
+    if ($twpassed) {
+        ++$twtools::twpassedtests;
+        print "PASSED\n";
+        return 1;
+    }
+    else {
+        ++$twtools::twfailedtests;
+        print "*FAILED*\n";
+        return 0;
+    }
+}
+
+
+
+######################################################################
+#
+# Initialize the test
+#
+
+sub initialize 
+{
+    # Make the policy file
+    #
+    twtools::GeneratePolicyFile( PolicyFileString() );
+    return 1;
+}
+
+
+sub cleanup
+{
+	# remove all of the files we were integrity checking...
+	#
+	system( "rm -rf $root/*" );
+	system( "rm -rf $root2/*" );
+	$? && print "WARNING: IC cleanup failed.\n";
+
+	# remove the report files we created...
+	#
+	system( "rm -f $report1" ) if (-e $report1);
+	system( "rm -r $report2" ) if (-e $report2);
+	system( "rm -r $report3" ) if (-e $report3);
+	system( "rm -r $report4" ) if (-e $report4);
+
+}
+
+
+######################################################################
+# One time module cleanup goes in here...
+#
+END 
+{
+}
+
+1;
+
--- a/src/test-harness/tests/tripwire.pm
+++ b/src/test-harness/tests/tripwire.pm
@ -0,0 +1,124 @@
+
+use twtools;
+
+package tripwire;
+
+######################################################################
+# One time module initialization goes in here...
+#
+BEGIN {
+    $description = "tripwire options test";
+}
+
+######################################################################
+#
+# Initialize, get ready to run this test...
+#
+sub initialize() {
+    
+}
+
+
+######################################################################
+#
+# Run the test.
+#
+sub run() {
+
+    my $twpassed = 1;
+
+    twtools::logStatus("*** Beginning $description\n");
+    printf("%-30s", "-- $description");
+
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire`);
+    if ( $? != 2048 ) {
+      twtools::logStatus("no-args tripwire failed, error = $?\n");
+      $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire --version`);
+    if ( $? != 0 ) {
+        twtools::logStatus("tripwire --version failed\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire --help`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire --help failed\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire --help all`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire --help all failed\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire --help i c`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire --help i c failed\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire --asdf 2>&1`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire --asdf failed\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire --asdf --help 2>&1`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire --asdf --help\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire -m 2>&1`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire -m\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire -m Z 2>&1`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire -m Z failed\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire -m -m 2>&1`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire -m -m failed\n");
+        $twpassed = 0;
+    }
+
+    twtools::logStatus(`$twtools::twrootdir/bin/tripwire -m i -c nope.cfg 2>&1`);
+    if ( $? != 2048 ) {
+        twtools::logStatus("tripwire -m -i -c nope.cfg\n");
+        $twpassed = 0;
+    }
+
+    #########################################################
+    #
+    # See if the tests all succeeded...
+    #
+    if ($twpassed) {
+      ++$twtools::twpassedtests;
+      print "PASSED\n";
+      return 1;
+    }
+    else {
+      ++$twtools::twfailedtests;
+      print "*FAILED*\n";
+      return 0;
+    }
+}
+
+
+
+######################################################################
+# One time module cleanup goes in here...
+#
+END {
+}
+
+1;
--- a/src/test-harness/twtools.pm
+++ b/src/test-harness/twtools.pm
@ -333,9 +333,9 @@ sub RunReport {

    $params{report} = $reportloc if( ! defined($params{report}) );
    $params{report-level} = 0 if( ! defined($params{report-level}) );
-    #$params{report-object-list} = "" if( ! defined($params{report-object-list}) );

    my (@out) =  `$twrootdir/bin/twprint -m r -c $twrootdir/$twcfgloc -t $params{report-level} -r $params{report} 2>&1`;
+
    logStatus(@out);

    return @out;
@ -380,9 +380,10 @@ sub RunIntegrityCheck {

    my (%params) = %{$_[0]};
 	$params{report} = $reportloc if( ! defined($params{report}) );
+	$params{trailing-opts} = "" if( ! defined($params{trailing-opts}) );

    print("running integrity check for test '$twmsg'...\n") if $verbose;
-    logStatus(`$twrootdir/bin/tripwire -m c -r $params{report} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`);
+    logStatus(`$twrootdir/bin/tripwire -m c -r $params{report} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $params{trailing-opts} 2>&1`);

    return ($? & 8);
 }
@ -400,14 +401,11 @@ sub AnalyzeReport {
    #
    my (undef, $twstatus) = @_;

-#    print "*** $twstatus\n";
-
    # split the report summary line into it's fields
    #
    my (undef, undef, undef, $violations, $severity, $added, $removed, $changed) =
        split(/ /, $twstatus);

-
    # Split out the count for each type of
    # violation.
    #