From 888437afc2f35972f11d65db7a253064c541ef5a Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Mon, 30 Oct 2023 18:26:43 +0100 Subject: [PATCH] fix tests --- internal/bundle/bundle_test.go | 20 ----- internal/bundle/fmt.go | 41 +++++----- internal/bundle/fmt_test.go | 15 ++-- policy/mquery_test.go | 29 ++++--- policy/policy_test.go | 25 ++---- policy/testdata/policybundle-deps.mql.yaml | 91 +++++++++------------- 6 files changed, 86 insertions(+), 135 deletions(-) diff --git a/internal/bundle/bundle_test.go b/internal/bundle/bundle_test.go index a09bc532..d018ea0f 100644 --- a/internal/bundle/bundle_test.go +++ b/internal/bundle/bundle_test.go @@ -29,26 +29,6 @@ func TestParser(t *testing.T) { }, baseline.Queries[0].Impact) } -func TestParser_DeprecatedV7(t *testing.T) { - raw, err := os.ReadFile("../../policy/deprecated_v7.mql.yaml") - require.NoError(t, err) - require.NotEmpty(t, raw) - - v8raw, err := DeprecatedV7_ToV8(raw) - require.NoError(t, err) - - baseline, err := ParseYaml(v8raw) - require.NoError(t, err) - assert.NotNil(t, baseline) - assert.Equal(t, 5, len(baseline.Queries)) - assert.Equal(t, &Impact{ - Value: &ImpactValue{ - Value: 30, - }, - FileContext: FileContext{27, 13}, - }, baseline.Queries[0].Impact) -} - func TestRemediationDecoding(t *testing.T) { t.Run("simple remediation text", func(t *testing.T) { desc := "remediation text" diff --git a/internal/bundle/fmt.go b/internal/bundle/fmt.go index 46d5d617..111c5af7 100644 --- a/internal/bundle/fmt.go +++ b/internal/bundle/fmt.go @@ -68,7 +68,6 @@ func sanitizeStringForYaml(s string) string { return strings.Join(lines, "\n") } -// Format formats the .mql.yaml bundle func FormatFile(filename string) error { log.Info().Str("file", filename).Msg("format file") data, err := os.ReadFile(filename) @@ -76,7 +75,25 @@ func FormatFile(filename string) error { return err } + data, err = FormatBundleData(data) + if err != nil { + return err + } + + err = os.WriteFile(filename, data, 0o644) + if err != nil { + return err + } + + return nil +} + +// Format formats the .mql.yaml bundle +func FormatBundleData(data []byte) ([]byte, error) { b, err := ParseYaml(data) + if err != nil { + return nil, err + } // to improve the formatting we need to remove the whitespace at the end of the lines for i := range b.Queries { @@ -108,25 +125,5 @@ func FormatFile(filename string) error { } } - data, err = Format(b) - if err != nil { - return err - } - - err = os.WriteFile(filename, data, 0o644) - if err != nil { - return err - } - - return nil -} - -func hasV7Structs(b *Bundle) bool { - for i := range b.Policies { - p := b.Policies[i] - if len(p.Specs) > 0 { - return true - } - } - return false + return Format(b) } diff --git a/internal/bundle/fmt_test.go b/internal/bundle/fmt_test.go index 935cfc20..07ce4fae 100644 --- a/internal/bundle/fmt_test.go +++ b/internal/bundle/fmt_test.go @@ -21,11 +21,10 @@ policies: key: value another-key: another-value name: SSH Server Policy - specs: - - asset_filter: - query: asset.family.contains('unix') - scoring_queries: - query1: + groups: + - filters: asset.family.contains('unix') + checks: + - uid: query1 version: "1.0.0" scoring_system: 2 queries: @@ -37,13 +36,13 @@ queries: Run the "mokutil --sb-state" command and check whether it prints "SecureBoot enabled" remediation: | Enable Secure Boot in your computer's firmware and use a Linux distribution supporting Secure Boot - query: | + mql: | command('mokutil --sb-state').stdout.downcase.contains('secureboot enabled') - severity: 100 + impact: 100 title: Ensure Secure Boot is enabled ` - formatted, err := DeprecatedV7_ToV8([]byte(data)) + formatted, err := FormatBundleData([]byte(data)) require.NoError(t, err) expected := `policies: diff --git a/policy/mquery_test.go b/policy/mquery_test.go index 1fec616d..a8823545 100644 --- a/policy/mquery_test.go +++ b/policy/mquery_test.go @@ -4,25 +4,29 @@ package policy import ( + "go.mondoo.com/cnquery/v9/explorer" + "go.mondoo.com/cnquery/v9/providers-sdk/v1/testutils" "testing" "github.com/stretchr/testify/assert" ) func TestMquery_Whitespaces(t *testing.T) { - mq := DeprecatedV7_Mquery{ - Query: " mondoo { version \n} \t\n ", + coreSchema := testutils.MustLoadSchema(testutils.SchemaProvider{Provider: "core"}) + + mq := &explorer.Mquery{ + Mql: " mondoo { version \n} \t\n ", } - mqexpect := DeprecatedV7_Mquery{ - Query: "mondoo { version \n}", + mqexpect := &explorer.Mquery{ + Mql: "mondoo { version \n}", } - bundle, err := mq.RefreshChecksumAndType(nil) + bundle, err := mq.RefreshChecksumAndType(nil, nil, coreSchema) assert.NoError(t, err) assert.NotNil(t, bundle) - bundle, err = mqexpect.RefreshChecksumAndType(nil) + bundle, err = mqexpect.RefreshChecksumAndType(nil, nil, coreSchema) assert.NoError(t, err) assert.NotNil(t, bundle) @@ -30,18 +34,19 @@ func TestMquery_Whitespaces(t *testing.T) { } func TestMquery_CodeIDs(t *testing.T) { - mqAssetFilter := DeprecatedV7_Mquery{ - Query: "mondoo { version \n}", + coreSchema := testutils.MustLoadSchema(testutils.SchemaProvider{Provider: "core"}) + mqAssetFilter := &explorer.Mquery{ + Mql: "mondoo { version \n}", } - mqReg := DeprecatedV7_Mquery{ - Query: "mondoo { version \n}", + mqReg := &explorer.Mquery{ + Mql: "mondoo { version \n}", } - _, err := mqAssetFilter.RefreshAsAssetFilter("//some.mrn") + _, err := mqAssetFilter.RefreshAsFilter("//some.mrn", coreSchema) assert.NoError(t, err) - _, err = mqReg.RefreshChecksumAndType(nil) + _, err = mqReg.RefreshChecksumAndType(nil, nil, coreSchema) assert.NoError(t, err) assert.Equal(t, mqReg.CodeId, mqAssetFilter.CodeId) diff --git a/policy/policy_test.go b/policy/policy_test.go index 10a49ae1..62704258 100644 --- a/policy/policy_test.go +++ b/policy/policy_test.go @@ -83,7 +83,6 @@ func TestPolicyGroupCategory(t *testing.T) { func TestPolicyChecksums(t *testing.T) { files := []string{ "../examples/example.mql.yaml", - "./deprecated_v7.mql.yaml", } for _, file := range files { @@ -129,11 +128,7 @@ func TestPolicyChecksums(t *testing.T) { p.Version = "1.2.3" }, "group date changed": func(p *policy.Policy) { - if p.Groups == nil { - p.Specs[0].Created = 12345 - } else { - p.Groups[0].Created = 12345 - } + p.Groups[0].Created = 12345 }, } @@ -173,19 +168,11 @@ func TestPolicyChecksums(t *testing.T) { executionTests := map[string]func(){ "query spec set": func() { - if p.Groups == nil { - p.Specs[0].ScoringQueries = map[string]*policy.DeprecatedV7_ScoringSpec{ - "//local.cnspec.io/run/local-execution/queries/sshd-01": { - ScoringSystem: explorer.ScoringSystem_WORST, - }, - } - } else { - p.Groups[0].Checks[1] = &explorer.Mquery{ - Mrn: "//local.cnspec.io/run/local-execution/queries/sshd-01", - Impact: &explorer.Impact{ - Scoring: explorer.ScoringSystem_WORST, - }, - } + p.Groups[0].Checks[1] = &explorer.Mquery{ + Mrn: "//local.cnspec.io/run/local-execution/queries/sshd-01", + Impact: &explorer.Impact{ + Scoring: explorer.ScoringSystem_WORST, + }, } }, "query changed": func() { diff --git a/policy/testdata/policybundle-deps.mql.yaml b/policy/testdata/policybundle-deps.mql.yaml index f00b4361..70f36b47 100644 --- a/policy/testdata/policybundle-deps.mql.yaml +++ b/policy/testdata/policybundle-deps.mql.yaml @@ -1,57 +1,40 @@ owner_mrn: //captain.api.mondoo.app/spaces/adoring-moore-542492 policies: -- mrn: //assets.api.mondoo.app/spaces/adoring-moore-542492/assets/1dKBiOi5lkI2ov48plcowIy8WEl - version: 1.0.0 - asset_filters: - platform.name == "debian": - query: platform.name == "debian" - specs: - - policies: - //captain.api.mondoo.app/spaces/adoring-moore-542492: null -- mrn: //captain.api.mondoo.app/spaces/adoring-moore-542492 - owner_mrn: //captain.api.mondoo.app/spaces/adoring-moore-542492 - version: 1.0.0 - asset_filters: - platform.name == "debian": - query: platform.name == "debian" - specs: - - policies: - //policy.api.mondoo.app/policies/debian-10-level-1-server: null - scoring_queries: - //policy.api.mondoo.app/queries/1.6.1-xd-nx-support-enabled: - action: 2 - id: //policy.api.mondoo.app/queries/1.6.1-xd-nx-support-enabled -- mrn: //policy.api.mondoo.app/policies/debian-10-level-1-server - owner_mrn: //policy.api.mondoo.app - name: Debian Linux 10 Benchmark Level 1 - Server Profile - version: 1.0.0 - is_public: true - asset_filters: - platform.name == "debian": - query: platform.name == "debian" - specs: - - asset_filter: - query: platform.name == "debian" - scoring_queries: - //policy.api.mondoo.app/queries/1.1.1.1-mounting-freevxfs-filesystems-disabled: - id: //policy.api.mondoo.app/queries/1.1.1.1-mounting-freevxfs-filesystems-disabled - //policy.api.mondoo.app/queries/1.1.1.2-mounting-jffs2-filesystems-disabled: - id: //policy.api.mondoo.app/queries/1.1.1.2-mounting-jffs2-filesystems-disabled - //policy.api.mondoo.app/queries/1.1.1.3-mounting-hfs-filesystems-disabled: - id: //policy.api.mondoo.app/queries/1.1.1.3-mounting-hfs-filesystems-disabled + - mrn: //assets.api.mondoo.app/spaces/adoring-moore-542492/assets/1dKBiOi5lkI2ov48plcowIy8WEl + version: 1.0.0 + license: unspecified + groups: + - policies: + - mrn: //captain.api.mondoo.app/spaces/adoring-moore-542492 + - owner_mrn: //captain.api.mondoo.app/spaces/adoring-moore-542492 + mrn: //captain.api.mondoo.app/spaces/adoring-moore-542492 + version: 1.0.0 + license: unspecified + groups: + - policies: + - mrn: //policy.api.mondoo.app/policies/debian-10-level-1-server + checks: + - mrn: //policy.api.mondoo.app/queries/1.6.1-xd-nx-support-enabled + action: 2 + - computed_filters: platform.name == "debian" + owner_mrn: //policy.api.mondoo.app + mrn: //policy.api.mondoo.app/policies/debian-10-level-1-server + name: Debian Linux 10 Benchmark Level 1 - Server Profile + version: 1.0.0 + license: unspecified + groups: + - filters: platform.name == "debian" + checks: + - mrn: //policy.api.mondoo.app/queries/1.1.1.1-mounting-freevxfs-filesystems-disabled + - mrn: //policy.api.mondoo.app/queries/1.1.1.2-mounting-jffs2-filesystems-disabled + - mrn: //policy.api.mondoo.app/queries/1.1.1.3-mounting-hfs-filesystems-disabled queries: -- checksum: fBXqmapUNqQ= - mrn: //policy.api.mondoo.app/queries/1.1.1.1-mounting-freevxfs-filesystems-disabled - query: kernel.module("freevxfs").loaded == false - title: Ensure mounting of freevxfs filesystems is disabled - type: "\x04" -- checksum: GMagrYUwv1Q= - mrn: //policy.api.mondoo.app/queries/1.1.1.2-mounting-jffs2-filesystems-disabled - query: kernel.module("jffs2").loaded == false - title: Ensure mounting of jffs2 filesystems is disabled - type: "\x04" -- checksum: hW3ShMH1Gg8= - mrn: //policy.api.mondoo.app/queries/1.1.1.3-mounting-hfs-filesystems-disabled - query: kernel.module("hfs").loaded == false - title: Ensure mounting of hfs filesystems is disabled - type: "\x04" + - mrn: //policy.api.mondoo.app/queries/1.1.1.1-mounting-freevxfs-filesystems-disabled + title: Ensure mounting of freevxfs filesystems is disabled + mql: kernel.module("freevxfs").loaded == false + - mrn: //policy.api.mondoo.app/queries/1.1.1.2-mounting-jffs2-filesystems-disabled + title: Ensure mounting of jffs2 filesystems is disabled + mql: kernel.module("jffs2").loaded == false + - mrn: //policy.api.mondoo.app/queries/1.1.1.3-mounting-hfs-filesystems-disabled + title: Ensure mounting of hfs filesystems is disabled + mql: kernel.module("hfs").loaded == false