Skip to content

Commit

Permalink
[tests] Scrub tests
Browse files Browse the repository at this point in the history
Adding stageone and stagetwo tests for [system] plugin.

Also adding tag scrub for only testing scrub of sensitive data.

And updating README with how to call scrub and stagetwo tests.

Related: #3788
Related: #3789
Resolves: #3798

Signed-off-by: Jan Jansky <[email protected]>
  • Loading branch information
jjansky1 committed Oct 7, 2024
1 parent 96e4d79 commit 300ed50
Show file tree
Hide file tree
Showing 10 changed files with 191 additions and 9 deletions.
13 changes: 11 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,17 @@ against the `flake8` linter, the unit tests, and the stage one avocado test suit
$ flake8 sos
$ nosetests -v tests/unittests/
# as root
# PYTHONPATH=tests/ avocado run --test-runner=runner -t stageone tests/{cleaner,collect,report,vendor}_tests
# sudo PYTHONPATH=tests/ avocado run --test-runner=runner -t stageone tests/{cleaner,collect,report,vendor}_tests
```

For further test run stagetwo tests
```
# sudo PYTHONPATH=tests/ avocado run --test-runner=runner -t stagetwo tests/{cleaner,collect,report,vendor}_tests
```

If you want to check basic scrub tests
```
# sudo PYTHONPATH=tests/ avocado run --test-runner=runner -t scrub tests/{cleaner,collect,report,vendor}_tests
```

Note that the avocado test suite will generate and remove several reports over its
Expand Down
2 changes: 1 addition & 1 deletion tests/report_tests/plugin_tests/apt/apt.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ class AptConfScrubTest(StageTwoReportTest):
"""Ensure that sources.list and apt conf are picked up and properly
scrubbed
:avocado: tags=stagetwo
:avocado: tags=stagetwo,scrub
"""

sos_cmd = '-o apt'
Expand Down
2 changes: 1 addition & 1 deletion tests/report_tests/plugin_tests/curtin/curtin.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
class CurtinScrubbedTest(StageTwoReportTest):
"""Ensure that curtin conf is picked up and properly scrubbed
:avocado: tags=stagetwo
:avocado: tags=stagetwo,scrub
"""

sos_cmd = '-o curtin'
Expand Down
2 changes: 1 addition & 1 deletion tests/report_tests/plugin_tests/juju/juju.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
class JujuAgentConfScrubbedTest(StageTwoReportTest):
"""Ensure that agent conf is picked up and properly scrubbed
:avocado: tags=stagetwo
:avocado: tags=stagetwo,scrub
"""

sos_cmd = '-o juju'
Expand Down
2 changes: 1 addition & 1 deletion tests/report_tests/plugin_tests/networking/networking.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ class NetplanScrubTest(StageTwoReportTest):
ensure that netplan configuration is collected and then the wifi password
is scrubbed correctly
:avocado: tags=stagetwo
:avocado: tags=stagetwo,scrub
"""

sos_cmd = '-o networking'
Expand Down
4 changes: 2 additions & 2 deletions tests/report_tests/plugin_tests/sudo/sudo.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@


class SudoPluginTest(StageOneReportTest):
"""Basic sanity check to make sure ocmmon config files are collected
"""Basic sanity check to make sure common config files are collected
:avocado: tags=stageone
"""
Expand All @@ -25,7 +25,7 @@ def test_sudo_conf_collected(self):
class SudoLdapScrubbedTest(StageTwoReportTest):
"""Ensure that sudo conf is picked up and properly scrubbed
:avocado: tags=stagetwo
:avocado: tags=stagetwo,scrub
"""

sos_cmd = '-o sudo'
Expand Down
78 changes: 78 additions & 0 deletions tests/report_tests/plugin_tests/system.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.

from sos_tests import StageOneReportTest, StageTwoReportTest
import os


class SystemPluginTest(StageOneReportTest):
"""Basic sanity check to make sure common config files are collected
:avocado: tags=stageone
"""

sos_cmd = '-o system'

def test_system_files_collected(self):
self.assertFileGlobInArchive("/proc/sys")
if os.path.isdir("/etc/sysconfig"):
self.assertFileGlobInArchive("/etc/sysconfig")
self.assertFileGlobInArchive("/etc/default")
self.assertFileGlobInArchive("/etc/environment")

def test_system_files_forbidden(self):
self.assertFileGlobNotInArchive("/proc/sys/net/ipv4/route/flush")
self.assertFileGlobNotInArchive("/proc/sys/net/ipv6/route/flush")
self.assertFileGlobNotInArchive("/proc/sys/net/ipv6/neigh/" +
"*/retrans_time")
self.assertFileGlobNotInArchive("/proc/sys/net/ipv6/neigh/" +
"*/base_reachable_time")
self.assertFileGlobNotInArchive("/etc/default/grub.d/" +
"50-curtin-settings.cfg")

def test_system_cmd_collected(self):
self.assertFileGlobInArchive("ld.so_--help")
self.assertFileGlobInArchive("ld.so_--list-diagnostics")
self.assertFileGlobInArchive("ld.so_--list-tunables")


class SystemScrubTest(StageTwoReportTest):
"""Ensure that environment, default and sysconfig are picked up
and properly scrubbed
:avocado: tags=stagetwo,scrub
"""
sos_cmd = '-o system'
files = [
('../../../tests/test_data/system_test_data', '/etc/environment'),
('../../../tests/test_data/system_test_data', '/etc/default/proxy'),
('../../../tests/test_data/system_test_data', '/etc/default/proxy1'),
('../../../tests/test_data/system_test_data', '/etc/sysconfig/proxy'),
('../../../tests/test_data/system_test_data', '/etc/sysconfig/proxy1'),
]
secrets_list = [
'foouser',
'somesecretpassword'
]

def test_system_files_collected(self):
for file in self.files:
if "sysconfig" in file[1] and \
not os.path.isdir("/etc/sysconfig"):
continue
self.assertFileGlobInArchive(file[1])

def test_system_scrub(self):
for file in self.files:
for secret in self.secrets_list:
if "sysconfig" in file[1] and \
not os.path.isdir("/etc/sysconfig"):
continue
self.assertFileNotHasContent(file[1], secret)

# vim: set et ts=4 sw=4 :
91 changes: 91 additions & 0 deletions tests/report_tests/plugin_tests/systemd.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.

from sos_tests import StageOneReportTest, StageTwoReportTest


class SystemdPluginTest(StageOneReportTest):
"""Basic sanity check to make sure common config files are collected
:avocado: tags=stageone
"""

sos_cmd = '-o systemd'

def test_systemd_files_collected(self):
self.assertFileGlobInArchive("/etc/systemd")
self.assertFileGlobInArchive("/lib/systemd/system")
self.assertFileGlobInArchive("/lib/systemd/user")
self.assertFileGlobInArchive("/etc/vconsole.conf")
self.assertFileGlobInArchive("/run/systemd/generator*")
self.assertFileGlobInArchive("/run/systemd/seats")
self.assertFileGlobInArchive("/run/systemd/sessions")
self.assertFileGlobInArchive("/run/systemd/system")
self.assertFileGlobInArchive("/run/systemd/users")
self.assertFileGlobInArchive("/etc/modules-load.d/*.conf")
self.assertFileGlobInArchive("/etc/yum/protected.d/systemd.conf")
self.assertFileGlobInArchive("/etc/tmpfiles.d/*.conf")
self.assertFileGlobInArchive("/run/tmpfiles.d/*.conf")
self.assertFileGlobInArchive("/usr/lib/tmpfiles.d/*.conf")

def test_systemd_files_forbidden(self):
self.assertFileGlobNotInArchive("/dev/null")

def test_systemd_cmd_collected(self):
self.assertFileGlobInArchive("journalctl_--list-boots")
self.assertFileGlobInArchive("ls_-alZR_.lib.systemd")
self.assertFileGlobInArchive("resolvectl_statistics")
self.assertFileGlobInArchive("resolvectl_status")
self.assertFileGlobInArchive("systemctl_list-dependencies")
self.assertFileGlobInArchive("systemctl_list-jobs")
self.assertFileGlobInArchive("systemctl_list-machines")
self.assertFileGlobInArchive("systemctl_list-timers_--all")
self.assertFileGlobInArchive("systemctl_list-unit-files")
self.assertFileGlobInArchive("systemctl_list-units")
self.assertFileGlobInArchive("systemctl_list-units_--all")
self.assertFileGlobInArchive("systemctl_list-units_--failed")
self.assertFileGlobInArchive("systemctl_show_--all")
self.assertFileGlobInArchive("systemctl_show-environment")
self.assertFileGlobInArchive("systemctl_show_service_--all")
self.assertFileGlobInArchive("systemctl_status_--all")
self.assertFileGlobInArchive("systemd-analyze")
self.assertFileGlobInArchive("systemd-analyze_blame")
self.assertFileGlobInArchive("systemd-analyze_dump")
self.assertFileGlobInArchive("systemd-analyze_plot.svg")
self.assertFileGlobInArchive("systemd-delta")
self.assertFileGlobInArchive("systemd-inhibit_--list")
self.assertFileGlobInArchive("timedatectl")


class SystemdScrubTest(StageTwoReportTest):
"""Ensure that system files are picked up
and properly scrubbed
:avocado: tags=stagetwo,scrub
"""
sos_cmd = '-o systemd'
files = [
('../../../tests/test_data/system_test_data', '/etc/systemd/system'),
('../../../tests/test_data/system_test_data', '/lib/systemd/system'),
('../../../tests/test_data/system_test_data', '/run/systemd/system'),
]
secrets_list = [
'foouser',
'somesecretpassword'
]

def test_systemd_files_collected(self):
for file in self.files:
self.assertFileGlobInArchive(file[1])

def test_systemd_scrub(self):
for file in self.files:
for secret in self.secrets_list:
self.assertFileNotHasContent(file[1], secret)

# vim: set et ts=4 sw=4 :
2 changes: 1 addition & 1 deletion tests/sos_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -809,7 +809,7 @@ class StageTwoReportTest(BaseSoSReportTest):
tests/test_data/fake_plugins
:avocado: disable
:avocado: tags=stagetwo,foreman2
:avocado: tags=stagetwo,scrub,foreman2
"""

sos_cmd = ''
Expand Down
4 changes: 4 additions & 0 deletions tests/test_data/system_test_data
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
HTTP_PROXY=http://foouser:somesecretpassword@proxyurl:8080
HTTPS_PROXY=https://foouser:somesecretpassword@proxyurl:8080
http_proxy=http://foouser:somesecretpassword@proxyurl:8080
https_proxy=https://foouser:somesecretpassword@proxyurl:8080

0 comments on commit 300ed50

Please sign in to comment.