debian-cis/tests/lib.sh
Charles Herlin e8ae07c2e8 IMP: new tag in file to tell that the script should pass shellcheck
The `# run-shellchek` tag must be placed in the first 10 lines of the
file
2019-01-24 11:11:08 +01:00

93 lines
2.5 KiB
Bash

# shellcheck shell=bash
# run-shellcheck
###########################################
# Assertion functions for funcional tests #
###########################################
# sugar to add a decription of the test suite
# describe <STRING>
describe() {
# shellcheck disable=2154
printf "\033[36mxxx %s::%s \033[0m\n" "$name" "$*"
}
# Register an assertion on an audit before running it
# May be used several times
# See below assertion functions
# register_test <TEST_STRING>
register_test() {
export numtest=0
if [[ "notempty" == "${REGISTERED_TESTS[*]:+notempty}" ]]; then
numtest=${#REGISTERED_TESTS[@]}
fi
REGISTERED_TESTS[numtest]="$*"
}
# retvalshouldbe checks that the audit return value equals the one passed as parameter
# retvalshoudbe <NUMBER>
retvalshouldbe()
{
# shellcheck disable=2154
retfile=$outdir/${usecase_name}.retval
shouldbe=$1
got=$(< "$retfile")
if [ "$got" = "$shouldbe" ] ; then
ok "RETURN VALUE" "($shouldbe)"
else
if [ 0 -eq "$dismiss_count" ]; then
nbfailedret=$(( nbfailedret + 1 ))
listfailedret="$listfailedret $usecase_name"
fi
fail "RETURN VALUE" "(got $got instead of $shouldbe)"
fi
}
# contain looks for a string in audit logfile
# contain [REGEX] <STRING|regexSTRING>
contain()
{
local specialoption=''
if [ "$1" != "REGEX" ] ; then
specialoption='-F'
else
specialoption='-E'
shift
fi
file=$outdir/${usecase_name}.log
pattern=$*
if grep -q $specialoption -- "$pattern" "$file"; then
ok "MUST CONTAIN" "($pattern)"
else
if [ 0 -eq "$dismiss_count" ]; then
nbfailedgrep=$(( nbfailedgrep + 1 ))
listfailedgrep="$listfailedgrep $usecase_name"
fi
fail "MUST CONTAIN" "($pattern)"
fi
}
# test is expected to fail (for instance on blank system)
# then the test wont be taken into account for test suite success
dismiss_count_for_test() {
dismiss_count=1
}
# Run the audit script in both root and sudo mode and plays assertion tests and
# sudo/root consistency tests
# run <USECASE> <AUDIT_SCRIPT>
run() {
usecase=$1
shift
usecase_name_root=$(make_usecase_name "$usecase" "root")
_run "$usecase_name_root" "$@"
play_registered_tests "$usecase_name_root"
usecase_name_sudo=$(make_usecase_name "$usecase" "sudo")
_run "$usecase_name_sudo" "sudo -u secaudit" "$@" "--sudo"
play_registered_tests "$usecase_name_sudo"
play_consistency_tests
clear_registered_tests
}