action #47279
Updated by whdu about 5 years ago
There are some chec_var condition code in load_security_tests in lib/main_comman.pm
...
elsif (check_var("SECURITY_TEST", "core")) {
load_security_tests_core;
}
elsif (check_var("SECURITY_TEST", "web")) {
load_security_tests_web;
}
elsif (check_var("SECURITY_TEST", "misc")) {
load_security_tests_misc;
}
elsif (check_var("SECURITY_TEST", "crypt")) {
load_security_tests_crypt;
}
...
In fact, they are all cryptographic/FIPS FIPS relevant testings which should be distinguished with other security test. I propose to change with:
...
elsif (check_var("SECURITY_TEST", "crypto_core")) "fips_core")) {
load_security_tests_crypto_core; load_security_tests_fips_core;
}
elsif (check_var("SECURITY_TEST", "crypto_web")) "fips_web")) {
load_security_tests_crypto_web; load_security_tests_fips_web;
}
elsif (check_var("SECURITY_TEST", "crypto_misc")) "fips_misc")) {
load_security_tests_crypto_misc; load_security_tests_fips_misc;
}
elsif (check_var("SECURITY_TEST", "crypto_tool")) "fips_crypt")) {
load_security_tests_crypto_crypt; load_security_tests_fips_crypt;
}
...
The call function name should also be changed accordingly, as well as the variables in testsuites.
We don't use fips in the name because to avoid confusing since openSUSE does NOT have FIPS mode. Some tests are valid only for FIPS Regression testing. Use "FIPS_ENABLED" to control whether to run these "FIPS only" cases.