From b6ade8b653a44400a6c509a726e23c98317e40ab Mon Sep 17 00:00:00 2001
From: DANIEL STOICA <daniel.stoica@enea.com>
Date: Tue, 7 Apr 2020 16:19:27 +0300
Subject: [PATCH] Change the criticality of OS security test

JIRA: VAL-102

Added a checker for the lynis and vuls tests reports, if
vulnerabilities are detected the tests fail with non-critical tag

Signed-off-by: DANIEL STOICA <daniel.stoica@enea.com>
Change-Id: I8399379aa60696cf6ce4c2aee1c2dcfb5f965fbc
---
 tests/os/lynis/lynis.robot | 3 +++
 tests/os/vuls/vuls.robot   | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/os/lynis/lynis.robot b/tests/os/lynis/lynis.robot
index 7d88c0f..de05d8d 100644
--- a/tests/os/lynis/lynis.robot
+++ b/tests/os/lynis/lynis.robot
@@ -40,6 +40,9 @@ Run Lynis Audit System
     Append To File  ${log}  ${stdout}${\n}
     Should Be Equal As Integers  ${rc}	0
 
+    ${status} =  Evaluate  "Great, no warnings" in """${stdout}"""
+    Run Keyword If  '${status}' == 'False'  FAIL  Warnings discovered
+    ...                     non-critical
 
 *** Keywords ***
 Open Connection And Log In
diff --git a/tests/os/vuls/vuls.robot b/tests/os/vuls/vuls.robot
index 3b3a901..d79fab9 100644
--- a/tests/os/vuls/vuls.robot
+++ b/tests/os/vuls/vuls.robot
@@ -46,6 +46,10 @@ Run Vuls test
 
     Run Keyword IF  '${os}' == 'ubuntu'  Run vuls for ubuntu  ELSE IF  '${os}' == 'centos'  Run vuls for centos  ELSE  FAIL  Distro '${os}' not supported
 
+    ${status} =  Evaluate  "Total: 0" in """${LOG}"""
+    Run Keyword If  '${status}' == 'False'  FAIL  Vulnerabilities discovered
+    ...                     non-critical
+
 *** Keywords ***
 Run vuls for ubuntu
     ${os_version} =  SSHLibrary.Execute Command  source /etc/os-release && echo $VERSION_ID | cut -d '.' -f1
@@ -53,12 +57,14 @@ Run vuls for ubuntu
     ${rc}  ${output} =  Run And Return Rc And Output  vuls report -config ${CURDIR}/config.toml -cvedb-sqlite3-path=${CURDIR}/cve.sqlite3 -ovaldb-sqlite3-path=${CURDIR}/oval_ubuntu_${os_version}.sqlite3
     Should Be Equal As Integers  ${rc}  0
     Append To File  ${LOG_PATH}/vuls.log  ${output}${\n}
+    Set Global Variable  ${LOG}  ${output}
 
 Run vuls for centos
     ${rc}  ${output} =  Run And Return Rc And Output  vuls report -config ${CURDIR}/config.toml -cvedb-sqlite3-path=${CURDIR}/cve.sqlite3 -ovaldb-sqlite3-path=${CURDIR}/oval_centos.sqlite3 -gostdb-sqlite3-path=${CURDIR}/gost_centos.sqlite3
     Should Be Equal As Integers  ${rc}  0
     Append To File  ${LOG_PATH}/vuls.log  ${output}${\n}
+    Set Global Variable  ${LOG}  ${output}
 
 Open Connection And Log In
     Open Connection  ${HOST}
-    Login With Public Key  ${USERNAME}  ${SSH_KEYFILE}
\ No newline at end of file
+    Login With Public Key  ${USERNAME}  ${SSH_KEYFILE}
-- 
2.16.6