Test severity of all capabilities

... to ensure that they are all listed in severity.db
2025-08-31 14:25:52 +00:00 · 2023-10-29 22:05:30 +01:00
parent d38c7b22ce
commit f17bd59904
1 changed files with 12 additions and 0 deletions
--- a/utils/test/test-capability.py
+++ b/utils/test/test-capability.py
@@ -468,6 +468,18 @@ class CapabiliySeverityTest(AATest):
        rank = obj.severity(sev_db)
        self.assertEqual(rank, expected)

+    def test_all_caps(self):
+        ''' make sure all capabilities have a severity defined '''
+
+        sev_db = severity.Severity('../severity.db', 'unknown')
+
+        for cap in capability_keywords:
+            obj = CapabilityRule(cap)
+            rank = obj.severity(sev_db)
+            # capabilities have a severity of 7..10, with the exception of 0 for the unused CAP_NET_BROADCAST
+            # (might need adjustment if a new capability gets a different severity assigned)
+            self.assertTrue(rank in [0, 7, 8, 9, 10], 'unexpected severity for capability %s: %s' % (cap, rank))
+

 class CapabilityLogprofHeaderTest(AATest):
    tests = (