Fix dbupdate secure-mode test, add a case for updating db twice w/ same report, clean up twtools methods a bit more.

2017-08-23 17:58:12 -07:00 · 2017-08-23 17:58:12 -07:00 · fafa681bce
parent 01e25eb493
commit fafa681bce
2 changed files with 140 additions and 114 deletions
--- a/src/test-harness/tests/dbupdate.pm
+++ b/src/test-harness/tests/dbupdate.pm
@ -143,48 +143,52 @@ sub PrepareForTest
 sub RunBasicTest
 {
    twtools::logStatus("*** Beginning dbupdate.basic test\n");
-	printf("%-30s", "-- dbupdate.basic test");
+    printf("%-30s", "-- dbupdate.basic test");
-	PrepareForTest();
+    PrepareForTest();
-	# make some violations...
+    # make some violations...
-	#
+    #
-	MoveFile  ( "meow.txt", "cat.txt" );
+    MoveFile  ( "meow.txt", "cat.txt" );
-	CreateFile( "dog/bark.txt", "bark bark bark" );
+    CreateFile( "dog/bark.txt", "bark bark bark" );
-	# run the integrity check...
+    # run the integrity check...
-	#
+    #
-	twtools::RunIntegrityCheck();
+    twtools::RunIntegrityCheck();
-	# Make sure we got 4 violations: 2 mod, 1 add, 1 rm.
+    # Make sure we got 4 violations: 2 mod, 1 add, 1 rm.
-	#
+    #
-        my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+    my ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
-	if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) )
+    if( ($n != 4) || ($a != 1) || ($r != 1) || ($c != 2) )
-	{
+    {
-	    twtools::logStatus("FAILED -- initial integrity check had unexpected results\n");
+        twtools::logStatus("FAILED -- initial integrity check had unexpected results\n");
-	    return 0;
+        return 0;
-	}
+    }
-	# do the database update...
+    # do the database update...
-	#
+    #
-	twtools::UpdateDatabase();
+    if (0 != twtools::UpdateDatabase())
    {
        twtools::logStatus("FAILED -- db update did not succeed\n");
        return 0;
    }
-	# do another IC and make sure there are no violations
+    # do another IC and make sure there are no violations
-	#
+    #
-	twtools::RunIntegrityCheck();
+    twtools::RunIntegrityCheck();
-	($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
+    ($n, $a, $r, $c) = twtools::AnalyzeReport( twtools::RunReport() );
-	if( $n != 0 )
+    if( $n != 0 )
-	{
+    {
-	    twtools::logStatus("FAILED -- violations after update\n");
+        twtools::logStatus("FAILED -- violations after update\n");
-	    return 0;
+        return 0;
-	}
+    }
-	++$twtools::twpassedtests;
+    ++$twtools::twpassedtests;
-	print "PASSED\n";
+    print "PASSED\n";
-	return 1;
+    return 1;
 }
 ######################################################################
@ -192,81 +196,87 @@ sub RunBasicTest
 #
 sub RunSecureModeTest
 {
-        twtools::logStatus("*** Beginning dbupdate.secure-mode test\n");
+    twtools::logStatus("*** Beginning dbupdate.secure-mode test\n");
-	printf("%-30s", "-- dbupdate.secure-mode test");
+    printf("%-30s", "-- dbupdate.secure-mode test");
-	++$twtools::twskippedtests;
+    PrepareForTest();
 	print "SKIPPED - this test needs further investigation\n";
 	return 1;
-	PrepareForTest();
+    # make a violation and generate a report
    #
    CreateFile( "dog/bark.txt", "bark bark bark" );
    twtools::RunIntegrityCheck( { report => $report1 } );
-	# make a violation and generate a report
+    # change the same file in a slightly different way and generate
-	#
+    # another report
-	CreateFile( "dog/bark.txt", "bark bark bark" );
+    #
-	twtools::RunIntegrityCheck( { report => $report1 } );
+    CreateFile( "dog/bark.txt", "bark bark bark woof" );
    twtools::RunIntegrityCheck( { report => $report2 } );
-	# change the same file in a slightly different way and generate
+    # Remove a file and generate a third report
-	# another report
+    #
-	#
+    RemoveFile( "dog/bark.txt" );
-	CreateFile( "dog/bark.txt", "bark bark bark woof" );
+    twtools::RunIntegrityCheck( { report => $report3 } );
 	twtools::RunIntegrityCheck( { report => $report2 } );
-	# Remove a file and generate a third report
+    # Add a file and generate the fourth report
-	#
+    #
-	RemoveFile( "dog/bark.txt" );
+    CreateFile( "dog/cow.txt", "moo moo" );
-	twtools::RunIntegrityCheck( { report => $report3 } );
+    twtools::RunIntegrityCheck( { report => $report4 } );
-	# Add a file and generate the fourth report
+    # Update the database with report 1.
-	#
+    #
-	CreateFile( "dog/cow.txt", "moo moo" );
+    twtools::UpdateDatabase( { report => $report1 } );
 	twtools::RunIntegrityCheck( { report => $report4 } );
-	# Update the database with report 1.
+    # Try to update the database with report 1 again ... this should fail
-	#
+    # in secure-mode == high because the db can't accept same changes again.
-	twtools::UpdateDatabase( { report => $report1 } );
+    #
    if( 0 == twtools::UpdateDatabase(
    { report => $report1, secure-mode => "high" } ) )
    {
        twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
        return 0;
    }
-	# Try to update the database with report 2 ... this should fail
+    # Try to update the database with report 2 ... this should fail
-	# in secure-mode == high because the "old" values don't match.
+    # in secure-mode == high because the "old" values don't match.
-	#
+    #
-	if( twtools::UpdateDatabase(
+    if( 0 == twtools::UpdateDatabase(
-		{ report => $report2, secure-mode => "high" } ) )
+        { report => $report2, secure-mode => "high" } ) )
-	{
+    {
-	    twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
+        twtools::logStatus("FAILED ... Secure-mode high didn't catch a bad update\n");
-	    return 0;
+        return 0;
-	}
+    }
-	# do a high severity update with report3 -- this should 
+    # do a high severity update with report3 -- this should 
-	# succeed 
+    # succeed 
-	#
+    #
-	if( ! twtools::UpdateDatabase(
+    if(  0 != twtools::UpdateDatabase(
-		{ report => $report3, secure-mode => "high" } ) )
+        { report => $report3, secure-mode => "high" } ) )
-	{
+    {
-	    twtools::logStatus("FAILED ... Update with report 3 failed\n");
+        twtools::logStatus("FAILED ... Update with report 3 failed\n");
-	    return 0;
+        return 0;
-	}
+    }
-	# Try 2 again ... now we are trying to update an object that
+    # Try 2 again ... now we are trying to update an object that
-	# doesn't exist in the database at all. This should
+    # doesn't exist in the database at all. This should
-	# succeed in low but fail in high.
+    # succeed in low but fail in high.
-	#
+    #
-	if( twtools::UpdateDatabase(
+    if( 0 == twtools::UpdateDatabase(
-		{ report => $report2, secure-mode => "high" } ) )
+        { report => $report2, secure-mode => "high" } ) )
-	{
+    {
-	    twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
+        twtools::logStatus("FAILED ... Update with report 2 after 3 succeeded in high mode\n");
-	    return 0;
+        return 0;
-	}
+    }
-	if( ! twtools::UpdateDatabase(
+    if( 0 != twtools::UpdateDatabase(
-		{ report => $report2, secure-mode => "low" } ) )
+        { report => $report2, secure-mode => "low" } ) )
-	{
+    {
-	    twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");
+        twtools::logStatus("FAILED ... Update with report 2 after 3 failed in low mode\n");
-	    return 0;
+        return 0;
-	}
+    }
-	++$twtools::twpassedtests;
+    ++$twtools::twpassedtests;
-	print "PASSED\n";
+    print "PASSED\n";
-	return 1;
+    return 1;
 }
--- a/src/test-harness/twtools.pm
+++ b/src/test-harness/twtools.pm
@ -273,9 +273,13 @@ sub GeneratePolicyFile {
    print "generating policy file...\n" if $verbose;
-    logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`);
+    my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $twrootdir/$twpolicyloc 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
@ -291,9 +295,13 @@ sub CreatePolicy {
    print "generating policy file...\n" if $verbose;
-    logStatus(`$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`);
+    my (@out) = `$twrootdir/bin/twadmin -m P -c $twrootdir/$twcfgloc -Q $twsitepass -p $twrootdir/$twpolfileloc $params{policy-text} 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
@ -305,9 +313,13 @@ sub InitializeDatabase {
    my ($twmsg) = @_;
    print "initializing database for '$twmsg' test...\n" if $verbose;
-    logStatus(`$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`);
+    my (@out) = `$twrootdir/bin/tripwire -m i -P $twsitepass -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
@ -317,13 +329,17 @@ sub InitializeDatabase {
 sub UpdateDatabase {
    my (%params) = %{$_[0]};
-    $params{'report'}      = $reportloc if( ! defined($params{'report'}) );
+    $params{report}      = $reportloc if( ! defined($params{report}) );
-    $params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
+    $params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
    print "updating database for '$twmsg' test...\n" if $verbose;
-    logStatus(`$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{'report'} 2>&1`);
+    my (@out) = `$twrootdir/bin/tripwire -m u -a -P $twsitepass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc -r $params{report} 2>&1`;
-    return ($? == 0);
+    my ($result) = ${^CHILD_ERROR_NATIVE};
    logStatus(@out);
    return $result;
 }
 ######################################################################
@ -332,10 +348,10 @@ sub UpdateDatabase {
 sub UpdatePolicy {
    my (%params) = %{$_[0]};
-    $params{'secure-mode'} = "low" if( ! defined($params{'secure-mode'}) );
+    $params{secure-mode} = "low" if( ! defined($params{secure-mode}) );
    print "updating policy for '$twmsg' test...\n" if $verbose;
-    logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{'secure-mode'} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
+    logStatus(`$twrootdir/bin/tripwire -m p -P $twsitepass -Q $twlocalpass -Z $params{secure-mode} -p $twrootdir/$twpolfileloc -c $twrootdir/$twcfgloc $twrootdir/$twpolicyloc 2>&1`);
    return ($? == 0);
 }