File: validate_automatus_metadata.py

package info (click to toggle)
scap-security-guide 0.1.76-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 110,644 kB
  • sloc: xml: 241,883; sh: 73,777; python: 32,527; makefile: 27
file content (84 lines) | stat: -rwxr-xr-x 2,696 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
#!/usr/bin/python3

import argparse
import os
import glob
import sys

import ssg.constants

SSG_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), ".."))
VALID_FIELDS = ['check', 'packages', 'platform', 'profiles', 'remediation', 'templates',
                'variables']
VALID_STATES = ['pass', 'fail', 'notapplicable']

VALID_PLATFORMS = (list(ssg.constants.FULL_NAME_TO_PRODUCT_MAPPING.keys())
                   + list(ssg.constants.MULTI_PLATFORM_MAPPING.keys())
                   + ['multi_platform_all'])


def _parse_args() -> argparse.Namespace:
    parser = argparse.ArgumentParser()
    parser.add_argument("-r", "--root", required=False, default=SSG_ROOT,
                        help="Root directory of the project")
    return parser.parse_args()


def get_files(root: str):
    result = glob.glob("linux_os/**/tests/*.sh", recursive=True, root_dir=root)
    return result


def _test_filename_valid(test_file: str) -> bool:
    filename = os.path.basename(test_file)
    end_state = filename.split('.')
    if len(end_state) == 3 and end_state[1] not in VALID_STATES:
        print(f"Invalid expected state '{end_state[1]}' in {test_file}", file=sys.stderr)
        return False
    return True


def _validate_platform(param_value, test_file):
    for platform in param_value.split(","):
        if platform.strip() not in VALID_PLATFORMS:
            print(f"Invalid platform '{platform}' in {test_file}", file=sys.stderr)
            return False
    return True


def _has_invalid_param(root: str, test_file: str) -> bool:
    full_path = os.path.join(root, test_file)
    has_no_errors = True
    with open(full_path, "r") as f:
        for line in f:
            if not line.startswith("#"):
                break
            line = line.removeprefix('#')
            line = line.strip()
            parts = line.split('=')
            if len(parts) != 2:
                continue
            param_name = parts[0].strip()
            param_value = parts[1].strip()
            if param_name == 'platform':
                has_no_errors = _validate_platform(param_value, test_file)
            if param_name not in VALID_FIELDS:
                print(f"Invalid field '{param_name}' in {test_file}", file=sys.stderr)
                has_no_errors = False
    return has_no_errors


def main() -> int:
    args = _parse_args()
    test_files = get_files(args.root)
    return_value = 0
    for test_file in test_files:
        if not _test_filename_valid(test_file):
            return_value = 1
        if not _has_invalid_param(args.root, test_file):
            return_value = 1
    return return_value


if __name__ == "__main__":
    raise SystemExit(main())