-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathtests_integration.bats
executable file
·105 lines (87 loc) · 2.86 KB
/
tests_integration.bats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/env bats
export RHEL7="3.10.0-520.10.2.el7.x86_64"
export FEDORA="4.9.14-200.fc25.x86_64"
export SCRIPT_NAME=$( grep -E '^\. .*\.sh$' test_harness | sed -r 's/^\. (.*)$/\1/g' )
@test "Integration -- Fedora" {
uname() {
echo "$FEDORA"
}
rpm() {
echo "sudo-1.9.2-1.fc33.x86_64"
}
export -f uname
export -f rpm
run ./"${SCRIPT_NAME}"
(( status == 1 ))
[[ "$output" == *"This script is meant to be used only on RHEL 6-8."* ]]
[[ "$output" != *"Detected 'sudo' package:"* ]]
[[ "$output" != *"This sudo version is vulnerable."* ]]
[[ "$output" != *"This sudo version is not vulnerable."* ]]
}
@test "Integration -- RHEL7 - vuln ver installed" {
uname() {
echo "$RHEL7"
}
rpm() {
echo "sudo-1.8.6p7-23.el7_3.x86_64"
}
export -f uname
export -f rpm
run ./"${SCRIPT_NAME}" -n
(( status == 1 ))
[[ "$output" == *"Detected 'sudo' package: sudo-1.8.6p7-23.el7_3.x86_64"* ]]
[[ "$output" == *"This sudo version is vulnerable."* ]]
[[ "$output" != *"This sudo version is not vulnerable."* ]]
}
@test "Integration -- RHEL7 - broken rpmdb, multiple vuln vers installed" {
uname() {
echo "$RHEL7"
}
rpm() {
echo "sudo-1.8.23-4.el7_7.2.x86_64"
echo "sudo-1.8.23-9.el7.x86_64"
echo "sudo-1.8.23-10.el7.x86_64"
echo "sudo-1.8.23-999.el7.x86_64"
}
export -f uname
export -f rpm
run ./"${SCRIPT_NAME}" -n
(( status == 1 ))
[[ "$output" == *"Detected 'sudo' package: sudo-1.8.23-4.el7_7.2.x86_64"* ]]
# NOTE: Also displays the other versions. This being a broken state of the rpmdb,
# there's no sure way for the script to detect which version is actually installed,
# so this behavior is acceptable. See https://access.redhat.com/solutions/3924551
# for more information.
[[ "$output" == *"This sudo version is vulnerable."* ]]
[[ "$output" != *"This sudo version is not vulnerable."* ]]
}
@test "Integration -- RHEL7 - sudo not installed" {
uname() {
echo "$RHEL7"
}
rpm() {
echo "baz-1.8.6p7-23.el7_3.x86_64"
}
export -f uname
export -f rpm
run ./"${SCRIPT_NAME}" -n
(( status == 0 ))
[[ "$output" != *"Detected 'sudo' package: sudo-1.8.6p7-23.el7_3.x86_64"* ]]
[[ "$output" != *"This sudo version is vulnerable."* ]]
[[ "$output" == *"This sudo version is not vulnerable."* ]]
}
@test "Integration -- RHEL7 - nonvuln ver installed" {
uname() {
echo "$RHEL7"
}
rpm() {
echo "sudo-1.8.6p7-999.el7_3.x86_64"
}
export -f uname
export -f rpm
run ./"${SCRIPT_NAME}" -n
(( status == 0 ))
[[ "$output" == *"Detected 'sudo' package: sudo-1.8.6p7-999.el7_3.x86_64"* ]]
[[ "$output" != *"This sudo version is vulnerable."* ]]
[[ "$output" == *"This sudo version is not vulnerable."* ]]
}