2 files changed, 49 insertions, 1 deletions
diff --git a/lib/oeqa/runtime/cases/openscap.py b/lib/oeqa/runtime/cases/openscap.py
new file mode 100644
index 0000000..7012b6b
--- /dev/null
+++ b/lib/oeqa/runtime/cases/openscap.py
@@ -0,0 +1,48 @@
+# SPDX-License-Identifier: MIT
+#
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+class OpenscapTest(OERuntimeTestCase):
+    @OEHasPackage(["openscap"])
+    @OETestDepends(["ssh.SSHTest.test_ssh"])
+    def test_openscap_basic(self):
+        status, output = self.target.run("oscap -V")
+        msg = (
+            "`oscap -V` command does not work as expected. "
+            "Status and output:%s and %s" % (status, output)
+        )
+        self.assertEqual(status, 0, msg=msg)
+    @OEHasPackage(["openscap"])
+    @OEHasPackage(["scap-security-guide"])
+    @OETestDepends(["ssh.SSHTest.test_ssh"])
+    def test_openscap_scan(self):
+        SCAP_SOURCE = "/usr/share/xml/scap/ssg/content/ssg-openembedded-xccdf.xml"
+        CPE_DICT = "/usr/share/xml/scap/ssg/content/ssg-openembedded-cpe-dictionary.xml"
+        cmd = "oscap info --profiles %s" % SCAP_SOURCE
+        status, output = self.target.run(cmd)
+        msg = (
+            "oscap info` command does not work as expected.\n"
+            "Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output)
+        )
+        self.assertEqual(status, 0, msg=msg)
+        for p in output.split("\n"):
+            profile = p.split(":")[0]
+            cmd = "oscap xccdf eval --cpe %s --profile %s %s" % (
+                CPE_DICT,
+                profile,
+                SCAP_SOURCE,
+            )
+            status, output = self.target.run(cmd)
+            msg = (
+                "`oscap xccdf eval` does not work as expected.\n"
+                "Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output)
+            )
+            self.assertNotEqual(status, 1, msg=msg)
diff --git a/recipes-core/images/security-test-image.bb b/recipes-core/images/security-test-image.bb
index 81f69dd..e7e354e 100644
--- a/recipes-core/images/security-test-image.bb
+++ b/recipes-core/images/security-test-image.bb
@@ -12,7 +12,7 @@ IMAGE_INSTALL:append = "\
    ${@bb.utils.contains("BBFILE_COLLECTIONS", "integrity", "packagegroup-ima-evm-utils","", d)} \
 "
-TEST_SUITES = "ssh ping apparmor clamav samhain sssd checksec smack suricata aide firejail"
+TEST_SUITES = "ssh ping apparmor clamav openscap samhain sssd checksec smack suricata aide firejail"
 TEST_SUITES:append = " parsec tpm2 swtpm ima"
 INSTALL_CLAMAV_CVD = "1"

diff --git a/lib/oeqa/runtime/cases/openscap.py b/lib/oeqa/runtime/cases/openscap.py new file mode 100644 index 0000000..7012b6b --- /dev/null +++ b/lib/oeqa/runtime/cases/openscap.py
@@ -0,0 +1,48 @@
		1	# SPDX-License-Identifier: MIT
		2	#
		3
		4	from oeqa.runtime.case import OERuntimeTestCase
		5	from oeqa.core.decorator.depends import OETestDepends
		6	from oeqa.runtime.decorator.package import OEHasPackage
		7
		8
		9	class OpenscapTest(OERuntimeTestCase):
		10
		11	@OEHasPackage(["openscap"])
		12	@OETestDepends(["ssh.SSHTest.test_ssh"])
		13	def test_openscap_basic(self):
		14	status, output = self.target.run("oscap -V")
		15	msg = (
		16	"`oscap -V` command does not work as expected. "
		17	"Status and output:%s and %s" % (status, output)
		18	)
		19	self.assertEqual(status, 0, msg=msg)
		20
		21	@OEHasPackage(["openscap"])
		22	@OEHasPackage(["scap-security-guide"])
		23	@OETestDepends(["ssh.SSHTest.test_ssh"])
		24	def test_openscap_scan(self):
		25	SCAP_SOURCE = "/usr/share/xml/scap/ssg/content/ssg-openembedded-xccdf.xml"
		26	CPE_DICT = "/usr/share/xml/scap/ssg/content/ssg-openembedded-cpe-dictionary.xml"
		27
		28	cmd = "oscap info --profiles %s" % SCAP_SOURCE
		29	status, output = self.target.run(cmd)
		30	msg = (
		31	"oscap info` command does not work as expected.\n"
		32	"Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output)
		33	)
		34	self.assertEqual(status, 0, msg=msg)
		35
		36	for p in output.split("\n"):
		37	profile = p.split(":")[0]
		38	cmd = "oscap xccdf eval --cpe %s --profile %s %s" % (
		39	CPE_DICT,
		40	profile,
		41	SCAP_SOURCE,
		42	)
		43	status, output = self.target.run(cmd)
		44	msg = (
		45	"`oscap xccdf eval` does not work as expected.\n"
		46	"Command: %s\n" % cmd + "Status and output:%s and %s" % (status, output)
		47	)
		48	self.assertNotEqual(status, 1, msg=msg)


diff --git a/recipes-core/images/security-test-image.bb b/recipes-core/images/security-test-image.bb index 81f69dd..e7e354e 100644 --- a/recipes-core/images/security-test-image.bb +++ b/recipes-core/images/security-test-image.bb
@@ -12,7 +12,7 @@ IMAGE_INSTALL:append = "\
12	${@bb.utils.contains("BBFILE_COLLECTIONS", "integrity", "packagegroup-ima-evm-utils","", d)} \	12	${@bb.utils.contains("BBFILE_COLLECTIONS", "integrity", "packagegroup-ima-evm-utils","", d)} \
13	"	13	"
14		14
15	TEST_SUITES = "ssh ping apparmor clamav samhain sssd checksec smack suricata aide firejail"	15	TEST_SUITES = "ssh ping apparmor clamav openscap samhain sssd checksec smack suricata aide firejail"
16	TEST_SUITES:append = " parsec tpm2 swtpm ima"	16	TEST_SUITES:append = " parsec tpm2 swtpm ima"
17		17
18	INSTALL_CLAMAV_CVD = "1"	18	INSTALL_CLAMAV_CVD = "1"