praudit(1): add tests

Submitted by: aniketp MFC after: 2 weeks X-MFC-With: 335287 Sponsored by: Google, Inc. (GSoC 2018) Differential Revision: https://reviews.freebsd.org/D15751
2018-06-17 17:31:16 +00:00 · 2018-06-17 17:31:16 +00:00 · 200e414717
commit 200e414717
parent e589bdeee2
14 changed files with 266 additions and 0 deletions
--- a/etc/mtree/BSD.tests.dist
+++ b/etc/mtree/BSD.tests.dist
@ -1028,6 +1028,8 @@
        ..
        nmtree
        ..
+        praudit
+        ..
        pw
        ..
        rpcbind
--- a/usr.sbin/praudit/Makefile
+++ b/usr.sbin/praudit/Makefile
@ -14,4 +14,7 @@ WARNS?=	3

 LIBADD=	bsm

+HAS_TESTS=
+SUBDIR.${MK_TESTS}+= tests
+
 .include <bsd.prog.mk>
--- a/usr.sbin/praudit/tests/Makefile
+++ b/usr.sbin/praudit/tests/Makefile
@ -0,0 +1,23 @@
+# $FreeBSD$
+
+PACKAGE=	tests
+
+TESTSDIR=	${TESTSBASE}/usr.sbin/praudit
+
+ATF_TESTS_SH=	praudit_test
+
+${PACKAGE}FILES+=			\
+		input/trail 		\
+		input/corrupted		\
+		input/del_comma 	\
+		input/del_underscore 	\
+		input/no_args 		\
+		input/numeric_form 	\
+		input/raw_form 		\
+		input/same_line 	\
+		input/short_form 	\
+		input/xml_form
+
+TEST_METADATA+= timeout="10"
+
+.include <bsd.test.mk>
--- a/usr.sbin/praudit/tests/input/corrupted
+++ b/usr.sbin/praudit/tests/input/corrupted
--- a/usr.sbin/praudit/tests/input/del_comma
+++ b/usr.sbin/praudit/tests/input/del_comma
@ -0,0 +1,7 @@
+header,113,11,socket(2),0,Mon Jun 11 10:18:45 2018, + 380 msec
+argument,1,0x1c,domain
+argument,2,0x2,type
+argument,3,0x0,protocol
+subject,root,root,wheel,root,0,7053,4724,37636,10.0.2.2
+return,success,3
+trailer,113
--- a/usr.sbin/praudit/tests/input/del_underscore
+++ b/usr.sbin/praudit/tests/input/del_underscore
@ -0,0 +1,7 @@
+header_113_11_socket(2)_0_Mon Jun 11 10:18:45 2018_ + 380 msec
+argument_1_0x1c_domain
+argument_2_0x2_type
+argument_3_0x0_protocol
+subject_root_root_wheel_root_0_7053_4724_37636_10.0.2.2
+return_success_3
+trailer_113
--- a/usr.sbin/praudit/tests/input/no_args
+++ b/usr.sbin/praudit/tests/input/no_args
@ -0,0 +1,7 @@
+header,113,11,socket(2),0,Mon Jun 11 10:18:45 2018, + 380 msec
+argument,1,0x1c,domain
+argument,2,0x2,type
+argument,3,0x0,protocol
+subject,root,root,wheel,root,0,7053,4724,37636,10.0.2.2
+return,success,3
+trailer,113
--- a/usr.sbin/praudit/tests/input/numeric_form
+++ b/usr.sbin/praudit/tests/input/numeric_form
@ -0,0 +1,7 @@
+header,113,11,socket(2),0,Mon Jun 11 10:18:45 2018, + 380 msec
+argument,1,0x1c,domain
+argument,2,0x2,type
+argument,3,0x0,protocol
+subject,root,root,wheel,root,0,7053,4724,37636,10.0.2.2
+return,success,3
+trailer,113
--- a/usr.sbin/praudit/tests/input/raw_form
+++ b/usr.sbin/praudit/tests/input/raw_form
@ -0,0 +1,7 @@
+20,113,11,183,0,1528712325,380
+45,1,0x1c,domain
+45,2,0x2,type
+45,3,0x0,protocol
+36,0,0,0,0,0,7053,4724,37636,10.0.2.2
+39,0,3
+19,113
--- a/usr.sbin/praudit/tests/input/same_line
+++ b/usr.sbin/praudit/tests/input/same_line
@ -0,0 +1 @@
+header,113,11,socket(2),0,Mon Jun 11 10:18:45 2018, + 380 msec,argument,1,0x1c,domain,argument,2,0x2,type,argument,3,0x0,protocol,subject,root,root,wheel,root,0,7053,4724,37636,10.0.2.2,return,success,3,trailer,113,
--- a/usr.sbin/praudit/tests/input/short_form
+++ b/usr.sbin/praudit/tests/input/short_form
@ -0,0 +1,7 @@
+header,113,11,AUE_SOCKET,0,Mon Jun 11 10:18:45 2018, + 380 msec
+argument,1,0x1c,domain
+argument,2,0x2,type
+argument,3,0x0,protocol
+subject,root,root,wheel,root,0,7053,4724,37636,10.0.2.2
+return,success,3
+trailer,113
--- a/usr.sbin/praudit/tests/input/trail
+++ b/usr.sbin/praudit/tests/input/trail
--- a/usr.sbin/praudit/tests/input/xml_form
+++ b/usr.sbin/praudit/tests/input/xml_form
@ -0,0 +1,12 @@
+<?xml version='1.0' ?>
+<audit>
+<record version="11" event="socket(2)" modifier="0" time="Mon Jun 11 10:18:45 2018" msec=" + 380 msec" >
+<argument arg-num="1" value="0x1c" desc="domain" />
+<argument arg-num="2" value="0x2" desc="type" />
+<argument arg-num="3" value="0x0" desc="protocol" />
+<subject audit-uid="root" uid="root" gid="wheel" ruid="root" rgid="0" pid="7053" sid="4724" tid="37636 10.0.2.2" />
+<return errval="success" retval="3" />
+</record>
+<?xml version='1.0' ?>
+<audit>
+</audit>
--- a/usr.sbin/praudit/tests/praudit_test.sh
+++ b/usr.sbin/praudit/tests/praudit_test.sh
@ -0,0 +1,183 @@
+#
+# Copyright (c) 2018 Aniket Pandey
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+
+atf_test_case praudit_delim_comma
+praudit_delim_comma_head()
+{
+	atf_set "descr" "Verify that comma delimiter is present with -d ',' cmd"
+}
+
+praudit_delim_comma_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/del_comma \
+		praudit -d "," $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_delim_underscore
+praudit_delim_underscore_head()
+{
+	atf_set "descr" "Verify that underscore delimiter is present with -d _"
+}
+
+praudit_delim_underscore_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/del_underscore \
+		praudit -d "_" $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_no_args
+praudit_no_args_head()
+{
+	atf_set "descr" "Verify that praudit outputs default form without " \
+			"any arguments"
+}
+
+praudit_no_args_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/no_args \
+		praudit $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_numeric_form
+praudit_numeric_form_head()
+{
+	atf_set "descr" "Verify that praudit outputs the numeric form " \
+			"with -n flag"
+}
+
+praudit_numeric_form_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/numeric_form \
+		praudit -n $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_raw_form
+praudit_raw_form_head()
+{
+	atf_set "descr" "Verify that praudit outputs the raw form with -r flag"
+}
+
+praudit_raw_form_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/raw_form \
+		praudit -r $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_same_line
+praudit_same_line_head()
+{
+	atf_set "descr" "Verify that praudit outputs the trail in the same " \
+			"line  with -l flag"
+}
+
+praudit_same_line_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/same_line \
+		praudit -l $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_short_form
+praudit_short_form_head()
+{
+	atf_set "descr" "Verify that praudit outputs the short form " \
+			"with -s flag"
+}
+
+praudit_short_form_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/short_form \
+		praudit -s $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_xml_form
+praudit_xml_form_head()
+{
+	atf_set "descr" "Verify that praudit outputs the XML file with -x flag"
+}
+
+praudit_xml_form_body()
+{
+	atf_check -o file:$(atf_get_srcdir)/xml_form \
+		praudit -x $(atf_get_srcdir)/trail
+}
+
+
+atf_test_case praudit_sync_to_next_record
+praudit_sync_to_next_record_head()
+{
+	atf_set "descr" "Verify that praudit(1) outputs the last few audit " \
+			"records when the initial part of the trail is " \
+			"corrputed."
+}
+
+praudit_sync_to_next_record_body()
+{
+	# The 'corrupted' binary file contains some redundant
+	# binary symbols before the actual audit record.
+	# Since 'praudit -p' syncs to the next legitimate record,
+	# it would skip the corrupted part and print the desired
+	# audit record to STDOUT.
+	atf_check -o file:$(atf_get_srcdir)/no_args \
+		praudit -p $(atf_get_srcdir)/corrupted
+}
+
+
+atf_test_case praudit_raw_short_exclusive
+praudit_raw_short_exclusive_head()
+{
+	atf_set "descr" "Verify that praudit outputs usage message on stderr " \
+			"when both raw and short options are specified"
+}
+
+praudit_raw_short_exclusive_body()
+{
+	atf_check -s exit:1 -e match:"usage: praudit" \
+		praudit -rs $(atf_get_srcdir)/trail
+}
+
+
+atf_init_test_cases()
+{
+	atf_add_test_case praudit_delim_comma
+	atf_add_test_case praudit_delim_underscore
+	atf_add_test_case praudit_no_args
+	atf_add_test_case praudit_numeric_form
+	atf_add_test_case praudit_raw_form
+	atf_add_test_case praudit_same_line
+	atf_add_test_case praudit_short_form
+	atf_add_test_case praudit_xml_form
+	atf_add_test_case praudit_sync_to_next_record
+	atf_add_test_case praudit_raw_short_exclusive
+}
				`@ -0,0 +1 @@`
				`header,113,11,socket(2),0,Mon Jun 11 10:18:45 2018, + 380 msec,argument,1,0x1c,domain,argument,2,0x2,type,argument,3,0x0,protocol,subject,root,root,wheel,root,0,7053,4724,37636,10.0.2.2,return,success,3,trailer,113,`