diff --git a/test/functional/tests/security/test_compilation_flags.py b/test/functional/tests/security/test_compilation_flags.py index 87db959..aadf5b6 100644 --- a/test/functional/tests/security/test_compilation_flags.py +++ b/test/functional/tests/security/test_compilation_flags.py @@ -16,30 +16,47 @@ from test_utils.filesystem.fs_item import FsItem @pytest.mark.os_dependent def test_checksec(): """ - title: Checking defenses enabled compilation flags. - description: | - Check if Open CAS executable file was compiled with defenses enabled compilation flags. - pass_criteria: - - For casadm script returns: - RELRO STACK CANARY NX PIE RPATH RUNPATH FILE - Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH /sbin/casadm. + title: Checking defenses enabled compilation flags. + description: | + Check if Open CAS executable file was compiled with defenses enabled compilation flags. + pass_criteria: + - For casadm script returns: + RELRO STACK CANARY NX PIE RPATH RUNPATH FILE + Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH /sbin/casadm. """ + with TestRun.step("Prepare checksec script"): checksec_path = posixpath.join( - TestRun.usr.working_dir, - "test/functional/test-framework/scripts/checksec.sh" + TestRun.usr.working_dir, "test/functional/test-framework/scripts/checksec.sh" ) checksec = FsItem(checksec_path) checksec.chmod(Permissions.x, PermissionsUsers.u, PermissionSign.add) with TestRun.step("Check casadm compilation flags"): casadm_binary = "/sbin/casadm" - header_expected = ["RELRO", "STACK CANARY", "NX", "PIE", "RPATH", "RUNPATH", "FILE"] - binary_expected = ["Full RELRO", "Canary found", "NX enabled", "PIE enabled", "No RPATH", - "No RUNPATH", casadm_binary] + header_expected = [ + "RELRO", + "STACK CANARY", + "NX", + "PIE", + "RPATH", + "RUNPATH", + "FILE", + ] + binary_expected = [ + "Full RELRO", + "Canary found", + "NX enabled", + "PIE enabled", + "No RPATH", + "No RUNPATH", + casadm_binary, + ] result_lines = TestRun.executor.run_expect_success( - f'{checksec_path} --file {casadm_binary}').stdout.splitlines() + f"{checksec_path} --file {casadm_binary}" + ).stdout.splitlines() header_found = False + for line in result_lines: if not header_found: if line.startswith("RELRO"): @@ -47,17 +64,20 @@ def test_checksec(): header = line continue # remove formatting from output - result = re.sub(r'\x1B\[[0-9;]*m', '', line) + result = re.sub(r"\x1B\[[0-9;]*m", "", line) break - header = [i.strip() for i in header.split(" ") if i != ''] + header = [i.strip() for i in header.split(" ") if i != ""] + if header != header_expected: TestRun.LOGGER.error( - 'Incorrect header detected!\n' - f'Expected: {" ".join(header_expected)},\n' - f'Actual: {" ".join(header)}') - result = [i.strip() for i in result.split(" ") if i != ''] + "Incorrect header detected!\n" + f"Expected: {' '.join(header_expected)},\n" + f"Actual: {' '.join(header)}" + ) + result = [i.strip() for i in result.split(" ") if i != ""] if result != binary_expected: TestRun.LOGGER.error( - 'Incorrect compilation flags!\n' - f'Expected: {" ".join(binary_expected)},\n' - f'Actual: {" ".join(result)}') + "Incorrect compilation flags!\n" + f"Expected: {' '.join(binary_expected)},\n" + f"Actual: {' '.join(result)}" + )