RHEL Security Vulnerability Test (#270)

* check for security vulnerabilities on rhel * import * check host is red hat * filepath join * imports
2019-02-04 10:25:55 +00:00
parent df6ce917c2
commit 43676049b7
2 changed files with 47 additions and 2 deletions
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -8,6 +8,12 @@ You need to ensure you have the following tools installed:
 * [dep](https://github.com/golang/dep) (official Go dependency management tool) - needed to prepare for running the tests
 * [Helm](https://helm.sh) - only needed for running the Kubernetes tests

+### Prerequisites for testing a RedHat image
+If you want to test a container image with Red Hat Enterprise Linux as the base OS, then you need to use a host server with Red Hat Enterprise Linux.  You must also have the following tools installed:
+
+* [Yum](http://yum.baseurl.org/) (available in `rhel-7-server-extras`)
+* [Buildah](https://buildah.io) (available in `rhel-7-server-extras`)
+
 ## Running the tests
 There are two main sets of tests:

--- a/test/docker/docker_api_test.go
+++ b/test/docker/docker_api_test.go
@@ -34,6 +34,8 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/nat"
+
+	"github.com/ibm-messaging/mq-container/internal/command"
 )

 func TestLicenseNotSet(t *testing.T) {
@@ -106,9 +108,9 @@ func goldenPath(t *testing.T, metric bool) {
 	stopContainer(t, cli, id)
 }

-// TestSecurityVulnerabilities checks for any vulnerabilities in the image, as reported
+// TestSecurityVulnerabilitiesUbuntu checks for any vulnerabilities in the image, as reported
 // by Ubuntu
-func TestSecurityVulnerabilities(t *testing.T) {
+func TestSecurityVulnerabilitiesUbuntu(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
@@ -135,6 +137,43 @@ func TestSecurityVulnerabilities(t *testing.T) {
 	}
 }

+// TestSecurityVulnerabilitiesRedHat checks for any vulnerabilities in the image, as reported
+// by Red Hat
+func TestSecurityVulnerabilitiesRedHat(t *testing.T) {
+	t.Parallel()
+	cli, err := client.NewEnvClient()
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, ret, _ := command.Run("bash", "-c", "test -f /etc/redhat-release")
+	if ret != 0 {
+		t.Skip("Skipping test because host is not RedHat-based")
+	}
+	rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -f /etc/redhat-release")
+	if rc != 0 {
+		t.Skip("Skipping test because container is not RedHat-based")
+	}
+	id, _, err := command.Run("buildah", "from", imageName())
+	if err != nil {
+		t.Fatal(err)
+	}
+	id = strings.TrimSpace(id)
+	defer command.Run("buildah", "rm", id)
+	mnt, _, err := command.Run("buildah", "mount", id)
+	if err != nil {
+		t.Fatal(err)
+	}
+	mnt = strings.TrimSpace(mnt)
+	_, _, err = command.Run("bash", "-c", "cp /etc/yum.repos.d/* "+ filepath.Join(mnt, "/etc/yum.repos.d/"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	out, ret, _ := command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec")
+	if ret != 1{
+		t.Errorf("Expected no vulnerabilities, found the following:\n%v", out)
+	}
+}
+
 func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) {
 	search := "QMNAME(" + expectedName + ")"
 	cli, err := client.NewEnvClient()