Consider human-readable, re-usable assertions

[brucellino]

Hello !

Nice work on Secant ! I would like to make a suggestion to make it easier for people to check their applications before pushing to the AppDB. You could use TestInfra or even better InSpec.

For example implement the SSH assertion as follows :

With TestInfra (:snake:)

def ssh_password_test(host): 
  f = host.file('{{ sshd_config_path }}/{{ sshd_config }}`)

    assert sshd_config_file.exists
    assert not sshd_config_file.contains('PasswordAuthentication no')

Similarly with InSpec (:gem:)

title 'SSHD configuration'

# you add controls here
control 'ssh_config' do                        # A unique ID for this control
  impact 0.7                                # The criticality, if this control fails.
  title 'SSH password authentication'             # A human-readable title
  desc 'SSH server should be configured to not use password authentication'
  describe file('/etc/ssh') do                  # The actual test
    it { should be_directory }
  end
  
  describe file('/etc/ssh/sshd_config') do
    it { should be_file }
  end

  describe sshd_config('/etc/ssh/sshd_config') do
    its('PasswordAuthentication') { should be_in ["no", nil] }
  end
end

Would you be amenable to a PR ?