diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-30 18:59:35 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-30 18:59:35 +0300 |
| commit | 4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 (patch) | |
| tree | 282f5a4e9e3530ada04d00bda3e8ac118cf70bbd /include/tests_squid | |
| parent | 5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 (diff) | |
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests
Diffstat (limited to 'include/tests_squid')
| -rw-r--r-- | include/tests_squid | 46 |
1 files changed, 22 insertions, 24 deletions
diff --git a/include/tests_squid b/include/tests_squid index 6d36baa3..a86e083d 100644 --- a/include/tests_squid +++ b/include/tests_squid @@ -201,63 +201,62 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3620 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid access control lists" if [ ${SKIPTEST} -eq 0 ]; then - N=0 + COUNT=0 LogText "Test: checking ACLs" FIND=$(${GREPBINARY} "^acl " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g') if [ "${FIND}" = "" ]; then LogText "Result: No ACLs found" Display --indent 6 --text "- Checking Access Control Lists" --result "${STATUS_NONE}" --color RED else - for I in ${FIND}; do - N=$((N + 1)) - I=$(echo ${I} | ${SEDBINARY} 's/!space!/ /g') - LogText "Found ACL: ${I}" - #Report "squid_acl=${I}" + for ITEM in ${FIND}; do + COUNT=$((COUNT + 1)) + ITEM=$(echo ${ITEM} | ${SEDBINARY} 's/!space!/ /g') + LogText "Found ACL: ${ITEM}" + #Report "squid_acl=${ITEM}" # TODO done - LogText "Result: Found ${N} ACLs" - Display --indent 6 --text "- Checking Access Control Lists" --result "${N} ACLs FOUND" --color GREEN + LogText "Result: Found ${COUNT} ACLs" + Display --indent 6 --text "- Checking Access Control Lists" --result "${COUNT} ACLs FOUND" --color GREEN fi fi # ################################################################################# # - # Test : SQD-3624 [T] + # Test : SQD-3624 # Description : Check unsecure ports in Safe_ports list if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid safe ports" if [ ${SKIPTEST} -eq 0 ]; then - N=0 LogText "Test: checking ACL Safe_ports http_access option" FIND=$(${GREPBINARY} "^http_access" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} "Safe_ports") - if [ -z "${FIND}" ]; then + if IsEmpty "${FIND}"; then LogText "Result: no Safe_ports found" Display --indent 6 --text "- Checking ACL 'Safe_ports' http_access option" --result "${STATUS_NOT_FOUND}" --color YELLOW ReportSuggestion ${TEST_NO} "Check if Squid has been configured to restrict access to all safe ports" else LogText "Result: checking ACL safe ports" FIND2=$(${GREPBINARY} "^acl Safe_ports port" ${SQUID_DAEMON_CONFIG} | ${AWKBINARY} '{ print $4 }') - if [ -z "${FIND2}" ]; then + if IsEmpty "${FIND2}"; then Display --indent 6 --text "- Checking ACL 'Safe_ports' ports" --result "NONE FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Check if Squid has been configured for which ports it can allow outgoing traffic (Safe_ports)" AddHP 0 1 else LogText "Result: Safe_ports found" - for I in ${FIND}; do - LogText "Found safe port: ${I}" + for ITEM in ${FIND}; do + LogText "Found safe port: ${ITEM}" done Display --indent 6 --text "- Checking ACL 'Safe_ports' ports" --result "${STATUS_FOUND}" --color GREEN AddHP 1 1 fi - #SQUID_DAEMON_UNSAFE_PORTS_LIST - for I in ${SQUID_DAEMON_UNSAFE_PORTS_LIST}; do - LogText "Test: Checking port ${I} in Safe_ports list" - FIND2=$(${GREPBINARY} -w "^acl Safe_ports port ${I}" ${SQUID_DAEMON_CONFIG}) - if [ -z "${FIND2}" ]; then - Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})" --result "${STATUS_NOT_FOUND}" --color GREEN + + for ITEM in ${SQUID_DAEMON_UNSAFE_PORTS_LIST}; do + LogText "Test: Checking port ${ITEM} in Safe_ports list" + FIND2=$(${GREPBINARY} -w "^acl Safe_ports port ${ITEM}" ${SQUID_DAEMON_CONFIG}) + if IsEmpty "${FIND2}"; then + Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${ITEM})" --result "${STATUS_NOT_FOUND}" --color GREEN AddHP 1 1 else - Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})" --result "${STATUS_FOUND}" --color RED - ReportWarning ${TEST_NO} "Squid configuration possibly allows relaying traffic via configured Safe_port ${I}" + Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${ITEM})" --result "${STATUS_FOUND}" --color RED + ReportWarning ${TEST_NO} "Squid configuration possibly allows relaying traffic via configured Safe_port ${ITEM}" AddHP 0 1 fi done @@ -277,10 +276,9 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! -z "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3630 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid reply_body_max_size option" if [ ${SKIPTEST} -eq 0 ]; then - N=0 LogText "Test: checking option reply_body_max_size" FIND=$(${GREPBINARY} "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g') - if [ -z "${FIND}" ]; then + if IsEmpty "${FIND}"; then LogText "Result: option reply_body_max_size not configured" Display --indent 6 --text "- Checking option: reply_body_max_size" --result "${STATUS_NONE}" --color RED AddHP 1 2 |