[tests] Scrub tests

Adding stageone and stagetwo tests for [system] plugin.

Also adding tag scrub for only testing scrub of sensitive data.

And updating README with how to call scrub and stagetwo tests.

Related: sosreport#3788
Related: sosreport#3789
Resolves: sosreport#3798

Signed-off-by: Jan Jansky <[email protected]>

README.md

@@ -60,8 +60,17 @@ against the `flake8` linter, the unit tests, and the stage one avocado test suit
 $ flake8 sos
 $ nosetests -v tests/unittests/
 
-# as root
-# PYTHONPATH=tests/ avocado run --test-runner=runner -t stageone tests/{cleaner,collect,report,vendor}_tests
+# sudo PYTHONPATH=tests/ avocado run --test-runner=runner -t stageone tests/{cleaner,collect,report,vendor}_tests
+```
+
+For further test run stagetwo tests
+```
+# sudo PYTHONPATH=tests/ avocado run --test-runner=runner -t stagetwo tests/{cleaner,collect,report,vendor}_tests
+```
+
+If you want to check basic scrub tests
+```
+# sudo PYTHONPATH=tests/ avocado run --test-runner=runner -t scrub tests/{cleaner,collect,report,vendor}_tests
 ```
 
 Note that the avocado test suite will generate and remove several reports over its

tests/report_tests/plugin_tests/apt/apt.py

@@ -15,7 +15,7 @@ class AptConfScrubTest(StageTwoReportTest):
     """Ensure that sources.list and apt conf are picked up and properly
     scrubbed
 
-    :avocado: tags=stagetwo
+    :avocado: tags=stagetwo,scrub
     """
 
     sos_cmd = '-o apt'

tests/report_tests/plugin_tests/curtin/curtin.py

@@ -12,7 +12,7 @@
 class CurtinScrubbedTest(StageTwoReportTest):
     """Ensure that curtin conf is picked up and properly scrubbed
 
-    :avocado: tags=stagetwo
+    :avocado: tags=stagetwo,scrub
     """
 
     sos_cmd = '-o curtin'

tests/report_tests/plugin_tests/juju/juju.py

@@ -12,7 +12,7 @@
 class JujuAgentConfScrubbedTest(StageTwoReportTest):
     """Ensure that agent conf is picked up and properly scrubbed
 
-    :avocado: tags=stagetwo
+    :avocado: tags=stagetwo,scrub
     """
 
     sos_cmd = '-o juju'

tests/report_tests/plugin_tests/networking/networking.py

@@ -46,7 +46,7 @@ class NetplanScrubTest(StageTwoReportTest):
     ensure that netplan configuration is collected and then the wifi password
     is scrubbed correctly
 
-    :avocado: tags=stagetwo
+    :avocado: tags=stagetwo,scrub
     """
 
     sos_cmd = '-o networking'

tests/report_tests/plugin_tests/sudo/sudo.py

@@ -10,7 +10,7 @@
 
 
 class SudoPluginTest(StageOneReportTest):
-    """Basic sanity check to make sure ocmmon config files are collected
+    """Basic sanity check to make sure common config files are collected
 
     :avocado: tags=stageone
     """
@@ -25,7 +25,7 @@ def test_sudo_conf_collected(self):
 class SudoLdapScrubbedTest(StageTwoReportTest):
     """Ensure that sudo conf is picked up and properly scrubbed
 
-    :avocado: tags=stagetwo
+    :avocado: tags=stagetwo,scrub
     """
 
     sos_cmd = '-o sudo'

tests/report_tests/plugin_tests/system.py

@@ -0,0 +1,70 @@
+# This file is part of the sos project: https://github.com/sosreport/sos
+#
+# This copyrighted material is made available to anyone wishing to use,
+# modify, copy, or redistribute it subject to the terms and conditions of
+# version 2 of the GNU General Public License.
+#
+# See the LICENSE file in the source distribution for further information.
+
+from sos_tests import StageOneReportTest, StageTwoReportTest
+
+
+class SystemPluginTest(StageOneReportTest):
+    """Basic sanity check to make sure common config files are collected
+
+    :avocado: tags=stageone
+    """
+
+    sos_cmd = '-o system'
+
+    def test_system_files_collected(self):
+        self.assertFileCollected("/proc/sys")
+        self.assertFileCollected("/etc/sysconfig")
+        self.assertFileCollected("/etc/default")
+        self.assertFileCollected("/etc/environment")
+
+    def test_system_files_forbidden(self):
+        self.assertFileNotCollected("/proc/sys/net/ipv4/route/flush")
+        self.assertFileNotCollected("/proc/sys/net/ipv6/route/flush")
+        self.assertFileNotCollected("/proc/sys/net/ipv6/neigh/*/retrans_time")
+        self.assertFileNotCollected("/proc/sys/net/ipv6/neigh/*/" +
+                                    "base_reachable_time")
+        self.assertFileNotCollected("/etc/default/grub.d/" +
+                                    "50-curtin-settings.cfg")
+
+    def test_system_cmd_collected(self):
+        self.assertFileCollected("ld.so_--help")
+        self.assertFileCollected("ld.so_--list-diagnostics")
+        self.assertFileCollected("ld.so_--list-tunables")
+
+
+class SystemScrubTest(StageTwoReportTest):
+    """Ensure that environment, default and sysconfig are picked up
+    and properly scrubbed
+
+    :avocado: tags=stagetwo,scrub
+    """
+    sos_cmd = '-o system'
+    files = [
+        ('../../../tests/test_data/system_test_data', '/etc/environment'),
+        ('../../../tests/test_data/system_test_data', '/etc/default/proxy'),
+        ('../../../tests/test_data/system_test_data', '/etc/default/proxy1'),
+        ('../../../tests/test_data/system_test_data', '/etc/sysconfig/proxy'),
+        ('../../../tests/test_data/system_test_data', '/etc/sysconfig/proxy1'),
+    ]
+    secrets_list = [
+        'foouser',
+        'somesecretpassword'
+    ]
+
+    def test_system_files_collected(self):
+        for file in self.files:
+            self.assertFileCollected(file[1])
+
+    def test_system_scrub(self):
+        for file in self.files:
+            for secret in self.secrets_list:
+                self.assertFileNotHasContent(file[1], secret)
+        self.end_of_test_case = True
+
+# vim: set et ts=4 sw=4 :

tests/report_tests/plugin_tests/systemd.py

@@ -0,0 +1,92 @@
+# This file is part of the sos project: https://github.com/sosreport/sos
+#
+# This copyrighted material is made available to anyone wishing to use,
+# modify, copy, or redistribute it subject to the terms and conditions of
+# version 2 of the GNU General Public License.
+#
+# See the LICENSE file in the source distribution for further information.
+
+from sos_tests import StageOneReportTest, StageTwoReportTest
+
+
+class SystemdPluginTest(StageOneReportTest):
+    """Basic sanity check to make sure common config files are collected
+
+    :avocado: tags=stageone
+    """
+
+    sos_cmd = '-o systemd'
+
+    def test_systemd_files_collected(self):
+        self.assertFileCollected("/etc/systemd")
+        self.assertFileCollected("/lib/systemd/system")
+        self.assertFileCollected("/lib/systemd/user")
+        self.assertFileCollected("/etc/vconsole.conf")
+        self.assertFileCollected("/run/systemd/generator*")
+        self.assertFileCollected("/run/systemd/seats")
+        self.assertFileCollected("/run/systemd/sessions")
+        self.assertFileCollected("/run/systemd/system")
+        self.assertFileCollected("/run/systemd/users")
+        self.assertFileCollected("/etc/modules-load.d/*.conf")
+        self.assertFileCollected("/etc/yum/protected.d/systemd.conf")
+        self.assertFileCollected("/etc/tmpfiles.d/*.conf")
+        self.assertFileCollected("/run/tmpfiles.d/*.conf")
+        self.assertFileCollected("/usr/lib/tmpfiles.d/*.conf")
+
+    def test_systemd_files_forbidden(self):
+        self.assertFileNotCollected("/dev/null")
+
+    def test_systemd_cmd_collected(self):
+        self.assertFileCollected("journalctl_--list-boots")
+        self.assertFileCollected("ls_-alZR_.lib.systemd")
+        self.assertFileCollected("resolvectl_statistics")
+        self.assertFileCollected("resolvectl_status")
+        self.assertFileCollected("systemctl_list-dependencies")
+        self.assertFileCollected("systemctl_list-jobs")
+        self.assertFileCollected("systemctl_list-machines")
+        self.assertFileCollected("systemctl_list-timers_--all")
+        self.assertFileCollected("systemctl_list-unit-files")
+        self.assertFileCollected("systemctl_list-units")
+        self.assertFileCollected("systemctl_list-units_--all")
+        self.assertFileCollected("systemctl_list-units_--failed")
+        self.assertFileCollected("systemctl_show_--all")
+        self.assertFileCollected("systemctl_show-environment")
+        self.assertFileCollected("systemctl_show_service_--all")
+        self.assertFileCollected("systemctl_status_--all")
+        self.assertFileCollected("systemd-analyze")
+        self.assertFileCollected("systemd-analyze_blame")
+        self.assertFileCollected("systemd-analyze_dump")
+        self.assertFileCollected("systemd-analyze_plot.svg")
+        self.assertFileCollected("systemd-delta")
+        self.assertFileCollected("systemd-inhibit_--list")
+        self.assertFileCollected("timedatectl")
+
+
+class SystemdScrubTest(StageTwoReportTest):
+    """Ensure that environment, default and sysconfig are picked up
+    and properly scrubbed
+
+    :avocado: tags=stagetwo,scrub
+    """
+    sos_cmd = '-o systemd'
+    files = [
+        ('../../../tests/test_data/system_test_data', '/etc/systemd/system'),
+        ('../../../tests/test_data/system_test_data', '/lib/systemd/system'),
+        ('../../../tests/test_data/system_test_data', '/run/systemd/system'),
+    ]
+    secrets_list = [
+        'foouser',
+        'somesecretpassword'
+    ]
+
+    def test_systemd_files_collected(self):
+        for file in self.files:
+            self.assertFileCollected(file[1])
+
+    def test_systemd_scrub(self):
+        for file in self.files:
+            for secret in self.secrets_list:
+                self.assertFileNotHasContent(file[1], secret)
+        self.end_of_test_case = True
+
+# vim: set et ts=4 sw=4 :

tests/test_data/system_test_data

@@ -0,0 +1,4 @@
+HTTP_PROXY=http://foouser:somesecretpassword@proxyurl:8080
+HTTPS_PROXY=https://foouser:somesecretpassword@proxyurl:8080
+http_proxy=http://foouser:somesecretpassword@proxyurl:8080
+https_proxy=https://foouser:somesecretpassword@proxyurl:8080