Content Testing

The project has many tests that are run via ctest from cmake. The tests are defined in tests/CMakeLists.txt. All kinds tests ran with our ctest suite, including Python Unit tests, content validations, and if enabled Ansible syntax checks, among many others. For help on how to run the tests please review the test section from the Building ComplianceAsCode guide.

Python

`MyPy`

Some utility scripts in the project are type checked with mypy. If you are writing a new Python file in the project you should consider using MyPy. To add a script to be checked with mypy use the mypy_test macro in tests/CMakeLists.txt.

Unit Tests

The ctest tool is used to run unit tests for the ssg Python package that is in the repository. The ctest tool is not able to run unit tests with different versions of Python. To run only unit tests without any special steps beforehand with different Python versions for the ssg Python package, it is recommended to use tox.

The tox creates a virtual environment that handles all dependencies defined in the test requirement file and performs unit tests with multiple versions of Python. This way, you can test your changes with different versions of Python on your machine and don’t have to wait for the upstream CI to check them for you.

Execute Unit Tests via `ctest`

cd build
rm -rf *
cmake ..
ctest -R python-unit-ssg-module

Execute Unit Tests via `tox`

Installation of tox and more advanced usage is described in documentation.

You must be in the root directory of the project before running the tox command.

Runs tests with Python2.7, Python3.8, Python3.9 and Python3-latest on machine:

tox

With a specific Python version (replace XX with Python version):

tox -e pyXX

Other useful usage of Tox

Run Flake8:

tox -e flake8

Build Docs:

tox -e docs

SCAPVal

We use SCAPVal to valid our content. Since a separate download is required this test is disabled by default. A working Java installation is also required for SCAPVal to work. To enable this test pass following options to cmake:

-DENABLE_SCAPVAL13:BOOL=ON - This enables SCAPVal
-DSCAPVAL_PATH='/opt/scapval/SCAP-Content-Validation-Tool-1.3.5/scapval-1.3.5.jar' - This provides the path to the SCAPVal jar. You will need to replace /opt/scapval/SCAP-Content-Validation-Tool-1.3.5/scapval-1.3.5.jar with the actual path the SCAPVAL jar on your system.

SCAPVal can be run with ctest using the following command ctest -R 'scapval' --output-on-failure.

SRG and STIG Mapping

This test ensures that rules with stigid reference also have a srg reference. This test is an opt-in test per product, but ran by default. This uses the build datastreams so the project must be rebuilt in order for changes to be reflected in the results.

The macro stig_srg_mapping in tests/CMakeList.txt should be used when adding a product for this test.

This script uses tests/stig_srg_mapping.py to run the test.