search

SilleBille / pki

Dogtag PKI Issues should be reported to the Dogtag PKI Pagure Issues site
https://pagure.io/dogtagpki/issues
GNU General Public License v2.0
1 stars 1 forks source link

pki should not starts up for incorrect Audit event filter format. #421

Closed SilleBille closed 4 years ago

SilleBille commented 5 years ago

This issue was migrated from Pagure Issue #2928.Originally filed by mharmsen on 2018-02-07

This is a negative test for audit event filter.

When an incorrect format is applied for audit event filter, pki should fail to start.

Steps to Reproduce:

1.configure CS.cfg as below
Adding extra closing bracket at the end.
log.instance.SignedAudit.filters.CERT_REQUEST_PROCESSED=(InfoName=cancelReason))
2. restart the instance
3. generate a cert request
pki -d /opt/nssdb -c Secret123 -h pki1.example.com -p 20080 client-cert-request uid=testuser
4. cancel the request
pki -d /opt/nssdb -c Secret123 -h pki1.example.com -p 20080 -n "PKI CA Administrator for Example.Org" ca-cert-request-review 41 --action cancel
5. check the audit log

Actual results:

this some how acts as not filter and events do not appear with InfoName=cancelReason

Expected results:

PKI should not have started at all.
SilleBille commented 5 years ago

Posted by mharmsen on 2018-04-10:

Per 10.5.x/10.6 Triage: 10.6

edewata: negative case