Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update OVAL check in accounts_password_last_change_is_in_past #12177

Merged
merged 2 commits into from
Jul 17, 2024
Merged

Update OVAL check in accounts_password_last_change_is_in_past #12177

merged 2 commits into from
Jul 17, 2024

Conversation

marcusburghardt
Copy link
Member

Description:

Previously, this test was using a hard-coded value to compare the timestamp of password last change field.
This approach works fine in most cases but proved not robust enough when passwords were changed long time ago. The new approach uses the current timestamp instead of a hard-coded value for a more flexible and robust test.

Rationale:

Review Hints:

Essentially only the variable_state object was updated to use a new local variable instead of a hard-coded value.
The ids of some other objects were renamed for better alignment between objects ids, without technical changes in logic.

There is no remediation for this rule, so automatus tests should be enough. e.g.:

./build_product rhel9
./tests/automatus.py rule --libvirt qemu:///session rhel9 --datastream build/ssg-rhel9-ds.xml --dontclean --remediate-using bash accounts_password_last_change_is_in_past

@marcusburghardt
Improve the OVAL logic in accounts_password_last_change_is_in_past
779d450 
Previously, this test was using a hard-coded value to compare the
timestamp of password last change field. This approach works fine in most
cases but proved not robust enough when passwords were changed long time
ago. The new approach uses the current timestamp instead of a hard-coded
value for a more flexible and robust test. Essentially only the
variable_state object was updated, but the ids of some other objects
were renamed for better alignment between objects ids.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Create test scenario for passwords not recently changed
14cf142 
This test scenario is not so realistic but is important to test the OVAL
logic used in this rule, which was previously using a hard-coded value
to compare the timestamps.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt marcusburghardt added bugfix Fixes to reported bugs. OVAL OVAL update. Related to the systems assessments. labels Jul 17, 2024
@marcusburghardt marcusburghardt added this to the 0.1.74 milestone Jul 17, 2024
@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@marcusburghardt marcusburghardt requested a review from a team July 17, 2024 13:34
@github-actions GitHub Actions
Copy link

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12177
This image was built from commit: 14cf142

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12177

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12177 make deploy-local

@codeclimate CodeClimate
Copy link

codeclimate bot commented Jul 17, 2024

Code Climate has analyzed commit 14cf142 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.4% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 self-assigned this Jul 17, 2024
@Mab879
Copy link
Member

Mab879 commented Jul 17, 2024

/packit retest-failed

@Mab879 Mab879 merged commit 87a5295 into ComplianceAsCode:master Jul 17, 2024
93 of 95 checks passed
@marcusburghardt marcusburghardt deleted the pass_change_in_past branch July 18, 2024 07:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
bugfix Fixes to reported bugs. OVAL OVAL update. Related to the systems assessments.
Projects
None yet
Milestone
0.1.74
Development

Successfully merging this pull request may close these issues.
2 participants
@marcusburghardt @Mab879