Require SRG Reference for Rules with STIG Reference #11265
Conversation
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
tests/CMakeLists.txt
Outdated
| @@ -229,6 +229,15 @@ macro(ssg_refcheck_test PRODUCT PROFILE KEY) | |||
| set_tests_properties("refchecker-${PRODUCT}-${PROFILE}" PROPERTIES LABELS quick) | |||
| endmacro() | |||
|
|
|||
| macro(stig_srg_mapping PRODUCT) | |||
There was a problem hiding this comment.
I think it would be better to add "test" to the name of macro, that will help people who see the invocation of the macro to realize what the macro actually does just by seeing its name.
|
Code Climate has analyzed commit f9756ad and detected 1 issue on this pull request. Here's the issue category breakdown:
The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 58.8%. View more on Code Climate. |
There was a problem hiding this comment.
I have seen that the test runs and passes in the GitHub Actions jobs, eg. Build and Test on Fedora Latest.
Also, I tried to remove a SRG from a rule and run the test locally. I works as expected
jcerny@fedora ~/work/git/scap-security-guide/build (pr/11265) $ ctest --verbose -R stig-srg-mapping
UpdateCTestConfiguration from :/home/jcerny/work/git/scap-security-guide/build/DartConfiguration.tcl
UpdateCTestConfiguration from :/home/jcerny/work/git/scap-security-guide/build/DartConfiguration.tcl
Test project /home/jcerny/work/git/scap-security-guide/build
Constructing a list of tests
Done constructing a list of tests
Updating test list for fixtures
Added 0 tests to meet fixture requirements
Checking test dependency graph...
Checking test dependency graph end
test 32
Start 32: stig-srg-mapping-rhel9
32: Test command: /usr/bin/env "PYTHONPATH=/home/jcerny/work/git/scap-security-guide" "/home/jcerny/.pyenv/shims/python3" "/home/jcerny/work/git/scap-security-guide/tests/stig_srg_mapping.py" "--prefix" "SRG-OS" "--build-root" "/home/jcerny/work/git/scap-security-guide/build" "--root" "/home/jcerny/work/git/scap-security-guide" "rhel9"
32: Working Directory: /home/jcerny/work/git/scap-security-guide/build/tests
32: Test timeout computed to be: 10000000
32: Missing SRG in selinux_state
1/1 Test #32: stig-srg-mapping-rhel9 ...........***Failed 0.62 sec
0% tests passed, 1 tests failed out of 1
Label Time Summary:
quick = 0.62 sec*proc (1 test)
Total Test time (real) = 0.62 sec
The following tests FAILED:
32 - stig-srg-mapping-rhel9 (Failed)
Errors while running CTest
Output from these tests are in: /home/jcerny/work/git/scap-security-guide/build/Testing/Temporary/LastTest.log
Use "--rerun-failed --output-on-failure" to re-run the failed cases verbosely.
Great job!
Description:
This PR adds a new test that requires rules with a STIG ID for RHEL7-9 must also have an SRG ID.
Rationale:
Ensure that our rule references have the required information.
Review Hints:
Remove a
srgkey from your favorite rule, rebuild, run the tests and see the failure.