Fix not-applicable tests in template pam_account_password_faillock #13329
+8
−6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tests in this template use the macro `tests_init_faillock_vars` to define individual test parameters and values based on the required state (correct, strict, lenient_high, lenient_low). Two test scenarios, which should be not-applicable, were not properly implemented and resulted in error: - lenient_high + no upper boundary - lenient_low + no lower boundary This fix inserts an additional `# platform = Not Applicable` to the top of the test script for those cases. Fixes issue ComplianceAsCode#13319
|
Hi @mpurg. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Code Climate has analyzed commit 991b8a0 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 61.9% (0.0% change). View more on Code Climate. |
jan-cerny
approved these changes
Apr 16, 2025
There was a problem hiding this comment.
I have run test scenarios for rule accounts_passwords_pam_faillock_deny that uses this template on a RHEL 9 VM back end
jcerny@fedora:~/work/git/scap-security-guide (pr/13329)$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 accounts_passwords_pam_faillock_deny
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2025-04-16-1036/test_suite.log
WARNING - Script 'ubuntu_empty_faillock_conf.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_wrong_value.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_correct_pamd.pass.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_missing_pamd.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'pam_faillock_stricter_pam_files.pass.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'ubuntu_commented_values.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'pam_faillock_lenient_low_pam_files.fail.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'ubuntu_correct.pass.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_lenient_low.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'pam_faillock_lenient_high_pam_files.fail.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'ubuntu_correct_stricter.pass.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_lenient_high.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'pam_faillock_expected_pam_files.pass.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'pam_faillock_multiple_pam_unix_pam_files.fail.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'ubuntu_multiple_pam_unix.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
INFO - xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
INFO - Script pam_faillock_disabled.fail.sh using profile (all) OK
INFO - Script pam_faillock_lenient_high_faillock_conf.fail.sh using profile (all) OK
INFO - Script conflicting_settings_authselect.fail.sh using profile (all) OK
INFO - Script pam_faillock_lenient_low_faillock_conf.fail.sh using profile (all) OK
INFO - Script pam_faillock_multiple_pam_unix_faillock_conf.fail.sh using profile (all) OK
INFO - Script pam_faillock_stricter_faillock_conf.pass.sh using profile (all) OK
INFO - Script pam_faillock_expected_faillock_conf.pass.sh using profile (all) OK
INFO - Script pam_faillock_conflicting_settings.fail.sh using profile (all) OK
INFO - Script pam_faillock_not_required_pam_files.fail.sh using profile (all) OK
jcerny@fedora:~/work/git/scap-security-guide (pr/13329)$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 --remediate-using ansible accounts_passwords_pam_faillock_deny
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2025-04-16-1038/test_suite.log
WARNING - Script 'ubuntu_correct.pass.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'pam_faillock_lenient_high_pam_files.fail.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'ubuntu_wrong_value.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'pam_faillock_multiple_pam_unix_pam_files.fail.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'pam_faillock_stricter_pam_files.pass.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'ubuntu_missing_pamd.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_correct_pamd.pass.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'pam_faillock_expected_pam_files.pass.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'pam_faillock_lenient_low_pam_files.fail.sh' is not applicable on 'rhel9' target because its platform is 'Oracle Linux 7,multi_platform_fedora'
WARNING - Script 'ubuntu_correct_stricter.pass.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_empty_faillock_conf.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_commented_values.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_multiple_pam_unix.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_lenient_low.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
WARNING - Script 'ubuntu_lenient_high.fail.sh' is not applicable on 'rhel9' target because its platform is 'multi_platform_ubuntu'
INFO - xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
INFO - Script conflicting_settings_authselect.fail.sh using profile (all) OK
INFO - Script pam_faillock_not_required_pam_files.fail.sh using profile (all) OK
INFO - Script pam_faillock_lenient_low_faillock_conf.fail.sh using profile (all) OK
INFO - Script pam_faillock_stricter_faillock_conf.pass.sh using profile (all) OK
INFO - Script pam_faillock_lenient_high_faillock_conf.fail.sh using profile (all) OK
INFO - Script pam_faillock_conflicting_settings.fail.sh using profile (all) OK
INFO - Script pam_faillock_multiple_pam_unix_faillock_conf.fail.sh using profile (all) OK
INFO - Script pam_faillock_expected_faillock_conf.pass.sh using profile (all) OK
INFO - Script pam_faillock_disabled.fail.sh using profile (all) OK
|
@jan-cerny fyi, the I pasted results from the fixed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Tests in template
pam_account_password_faillockuse the macrotests_init_faillock_varsto define individual test parameters and values based on the required state (correct, strict, lenient_high, lenient_low).Two test scenarios, which should result in not-applicable, were not properly implemented and resulted in error:
This fix inserts an additional
# platform = Not Applicableto the top of the test script for those cases.Rationale: